Weekly News Roundup: September 5, 2017
Juniper Networks to Acquire “Anti-SIEM” Company Cyphort
Last Thursday, Juniper Networks announced its intention to acquire Cyphort, a company that bills itself as an “anti-SIEM [security information and event management]” company. According to Juniper Networks, “Cyphort equips large and midsize enterprises with security analytics for advanced threat defense. The acquisition will strengthen the capabilities of Juniper Sky Advanced Threat Prevention (ATP), giving security practitioners a consistent feature set for both on-premises and cloud solutions.” Juniper Networks plans to complete the acquisition within the next 30 days.
InfoSec Company Forcepoint Acquires Security Analytics Company RedOwl
On August 28, information security company Forcepoint announced the acquisition of security analytics company RedOwl. According to Forcepoint, “RedOwl brings a sophisticated analytics platform to Forcepoint’s human-centric cybersecurity system and will be integrated across the company’s portfolio, as well as with customers’ existing technologies (e.g., SIEM).” RedOwl’s technology and employees will be subsumed into Forcepoint.
Lawmakers Challenge Efficacy of Credit Monitoring as Response to Data Breaches
A group of Democratic lawmakers (including Frank Pallone, Jr. (D-N.J.), Diana DeGette (D-Colo.), and Jan Schakowsky (D-Ill.)) recently challenged the efficacy of agencies offering credit monitoring to data breach victims. As an example of their concerns, credit monitoring may last a year but the effects of a data breach may last longer than a year. According to Government Executive, “[The lawmakers] requested GAO examine how effective current strategies work for various types of breaches, the extent of the protection each one offers, and the factors agencies weigh in choosing a response to a breach. Lawmakers also would like GAO to see if there are better solutions not currently being offered.”
Deloitte and MAPI Report Indicates Many Manufacturing Execs Don’t Feel Protected Against Cyberthreats
A recent report from Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI) titled “Cyber Risk in Advanced Manufacturing” indicates that “only 52 percent of executives surveyed are either very confident or extremely confident their organization’s assets are protected from external threats.” Additional insights from the report include:
- “…nearly 40% of surveyed manufacturing companies were affected by cyber incidents last year, and 38% of those impacted indicated cyber breaches resulted in damages in excess of $1 million.”
- “…in the past 12 months, the highest number of incidents originated within the organization (46%), while 39% came from external sources, and 15% originated from vendors and business partners.”
- “Top threats arising from within the organization include phishing/pharming (32%), direct abuse of information technology systems (25%), errors/omissions (26%) and use of mobile devices (24%).”
- “…36% of manufacturing executives said that IP tops the list of data protection concerns, followed by consumer data (32%) and accidental disclosure of personal information (29%).”
Federal Government Clamping Down on Cybersecurity Vendors
If you’re a cybersecurity vendor wanting to do business with the federal government, recent signals indicate harsher vetting processes are on the horizon. Federal News Radio reports that the Department of Homeland Security (DHS) is “adding more rigor to vendor supply chains for a governmentwide cybersecurity initiative.” The publication interviewed Kevin Cox of DHS who said that a tougher questionnaire would address a product’s manufacturing origin, supply chain, and chain of transfer. These stricter rules come on the heels of concerns about Kaspersky Lab—now in the sights of the US Senate. According to ABC News, “The Senate is looking to mandate a full, government-wide ban on the use of all products made by one of the world's most respected cybersecurity firms, Moscow-based Kaspersky Lab, according to congressional sources.”