IBM opens new Cambridge, MA security headquarters with massive cyber range

It was a big day for IBM today as it opened its shiny new security headquarters in Kendall Square in Cambridge, MA, complete with what the company is calling the first commercial cyber range.

A cyber range is a network security testing environment, and is typically run by the military or military contractors. This one, dubbed X-Force Command, however, is much more than a couple of terminals in a lab. It is a massive setup with seats for 36 operators. It features audio, video and a simulated Fortune 500 company operation with the goal of giving the user a realistically simulated cyber crisis.

It includes nearly a petabyte of data running in a data center underneath the cyber range, and includes all the kinds of operations that you would have running in a typical enterprise, such as email servers, supply chain software, employees using the internet and so forth.

The idea behind the cyber range is to simulate an actual cyber event to show security personnel, C-suite executives or anyone just how prepared (or more likely unprepared) they are to deal with a massive breach.

We are putting you into a simulator that is so realistic that your pulse will race, and you will be stressed, and you will learn how to make critical decisions in a crisis, Caleb Barlow, vice president of security at IBM explained.

The cyber range is part of a broader security strategy by the company. Over the last couple of years, it has purchased at least seven security properties,including Resilient Systems earlier this year, which helps companies prepare for a cyber attack before they happen.

We are putting you into a simulator that is so realistic that your pulse will race, and you will be stressed, and you will learn how to make critical decisions in a crisis.

— Caleb Barlow, IBM VP of Security

While Barlow said the cyber range wasnt being positioned as a sales tool, so much as an awareness-raising device, it is designed to show people in stark terms what happens during a breach, and how they might react after an incident especially if they are unprepared.

The simulation can help you understand the different aspects of breach response, such as how quickly you report the event to regulators and government officials, what happens if the breach leaks to the press (as often happens) and how to deal with all of this with the company in crisis mode. Obviously, if you have thought this through beforehand, and have a plan in place, a playbook if you will, you are going to be in a better position than trying to react to all of the different pressure points in the heat of the moment.

Its not a coincidence of course that this is all the kind of stuff Resilient has built into its solutions. In addition, it wouldnt be IBM without a consulting piece, and they have built a team of consultants to help customers prepare for an attack and deal with the aftermath.

Wendi Whitmore was brought on board seven months ago to run the IBM X-Force IRIS Team, a group of consultants picked for their expertise in cybersecurity. Whitmore herself has almost 15 years of cyber experience, including stints with the Air Force, Mandiant and CrowdStrike.

She says the goal of her team is to help companies deal with massive breaches after they occur, but they also want to work with companies on how to prevent them. While she acknowledges blocking smaller breaches is probably not possible, she believes that, with proper preparation, a company can prevent a massive company-wide, Sony-style breach and that is what her team is trying to do.

The company seems fixated on this idea of helping companies to prepare for breaches. It has devoted $200 million this calendar year to its security operation, which has included opening the new security headquarters and building the cyber range. To date, the security division has 8,000 employees worldwide and generates $2 billion worth of business. The company wouldnt reveal how many would be housed in the Cambridge office, but said much of the security executive team would be based there.

Read more: https://techcrunch.com/2016/11/16/ibm-opens-new-cambridge-ma-security-headquarters-with-massive-cyber-range/

Dropbox Business updates focus on increasing enterprise security credibility

Dropbox is getting much more serious about its Dropbox Business product, and today it announced a partnership with security vendor Symantec as part of a broader update to its business products designed to make it more attractive to larger businesses.

Rob Baesman, Dropboxs head of product for pro, business and enterprise versions, says the idea behind the admin tool update is to provide a measure of control, while allowing companies to mix in some of the security tools theyre already using, all with the same ease of use that Dropbox users are used to getting from the consumer tools.

When Dropbox launched its business versionin 2014, it had 275 million consumer users. Today it has 500 million users, of which 200,000 are business customers. It was precisely that consumer popularity that Dropbox was hoping to exploit when it launched the business product but it faced an inherent quandary.

Most IT departments saw the consumer Dropbox product as a problem when it came to security. They didnt appreciate employees using their privateaccounts to share company business. Employees, on the other hand, were just looking for a quick way to access their files when they werent in the office. Hard to blame them for wanting to find easier ways to get their work done in an increasingly mobile world.

Dropbox saw a business opportunity and launched Dropbox Business. Todays announcement represents a further maturing of that product and an attempt to use partnerships and more advanced administrative features to make the product more attractive to IT and to give them the tools to control and manage Dropbox usage in the company.

Today Dropbox has more than 30 security partnerships across areas such as data loss prevention (DLP), enterprise mobility management (EMM), identity and access management, data migration, eDiscovery and analytics. It chose to shine a spotlight on its partnership with Symantec, even including Symantec Vice President of Business Development Peter Doggart on the pre-brief.

The Symantec partnership is designed to show enterprise customers that they can use Dropbox Business safely, while maintaining the same kind of controls ina cloud software packagethat theyve traditionally had with on-prem software. For those customers who have spent many years using DLP on prem, they can with a simple switch, apply all those same policies for Dropbox. That is the power of integrations on both sides, Doggart explained.

In addition, Dropbox has beefed up its own network admin controls to have tighter control over the company network and better differentiate between Dropbox business traffic and Dropbox personal traffic. Some customers dont want their employees mixing the two, and the new tools should give them a better grip on that.

All of this and more, has been designed to make the product more attractive to IT. While 200,000 might sound like a big number when it comes to business customers, compared to the 500 million consumer ones, its a drop in the bucket, and announcements like todays are part of an ongoing effortto continue to build their business presence.

Read more: https://techcrunch.com/2016/11/16/dropboxs-latest-announcement-about-building-enterprise-security-credibility/

The Daily Show Torches General Flynn, Trumps Racist National Security Adviser

The man who is about to handle the nations intelligence is prone to retweeting conspiracy theories, sharing anti-Semitic messages, and good old-fashioned Islamophobia. “>

It was, by all accounts, a rocky start for Trevor Noah at The Daily Show. The fresh-faced, relatively unknown South African comedian had been given the unenviable task of succeeding one of the great modern-day bullshit-callers in Jon Stewarta job that half of Hollywood, from Amy Schumer to Chris Rock, turned down. And not only was Noah acclimating himself to a new culture, but he was also thrown directly into the fire, with his first stint as host occurring on Sept. 28, 2015, mere months after reality-show provocateur Donald Trump had declared his presidential candidacy with a racist anti-Mexican speech.

A little over a year later, Noah has finally hit his groove. His live Election Night broadcast exhibited genuine despair, capturing the mood of much of the nation, while his sharp deconstruction of Trumps Twitter habits brought clarity to chaos. And on Wednesday, the bourgeoning political satirist demonstrated a knack for interviewing, going toe-to-toe with right-wing ranter Tomi Lahrenthoroughly embarrassing her in the process.

Recently, The Daily Show has aired a series called Profiles in Tremendousness, where Noah and his gang of reporter-comedians break down President-elect Trumps frightening Cabinet picks. On Thursday, they aimed their ire at the elaborately coiffed billionaires choice for national security adviser: General Michael T. Flynn.

For the uninitiated, the national security adviser is: A person who basically synthesizes information from the State Department, the Defense Department, and the intelligence agencies, and clarifies it for the presidents consumption. Basically, the gig is National Security Brita Filter: You distill and purify everything that comes through you, and you probably wont be replaced for six years, joked Noah.

On paper, General Flynn appears a likely choice for the post. Hes received numerous awards for his military service, including the Bronze Star and the Legion of Merit, and recently served as the director of the Defense Intelligence Agency. Unfortunately, he was fired from that post by President Obama after just two years for alleged incompetence.

In an email hacked off the computer of Colin Powell and subsequently released online, the retired four-star general claimed to have been told by Marine Lt. Gen. Vincent Stewart, the current DIA director, that: Flynn got fired as head of DIA. His replacement is a black Marine 3-star. I asked why Flynn got fired. Abusive with staff, didnt listen, worked against policy, bad management, etc. He has been and was right-wing nutty every [sic] since. (Flynn is a registered Democrat.)

Theres more. General Flynn runs a company called Flynn Intel Group, which has been accused of lobbying for the Erdogan regime in Turkey, and just last year, he was paid a handsome sum to attend and deliver a speech at a lavish dinner in Moscow for RT, Russias propaganda network, where he was seated right next to Vladimir Putin. Also, according to The New York Times, he was known around the Pentagon for what were referred to as Flynn Facts: hyperbolic statements not grounded in reality. Also, hes been accused on numerous occasions of leaking classified informationincluding to Pakistan.

First of all, he leaked classified information, said Noah on The Daily Show. He was also one of the people going lock her up, but I mean, thats done now. Secondly, to be described as hyperbolic statements that were not grounded in reality, I wonder: what does Donald Trump see in this man?

Flynn Facts greatest hits include:

1) Sharia law is spreading in the United States. (False.)

2) Iran killed more Americans than al Qaeda. (False.)

And Noahs favorite:

3) Three-quarters of all new cellphones were bought by Africans. (Incredibly false.)

Hes like a less reliable, more xenophobic Snapple cap, joked Noah, before throwing the reins over to The Daily Shows Senior National Security Correspondent Hasan Minhaj.

Minhaj then focused on another troubling habit of General Flynns: retweeting completely baseless conspiracy theories. The fiery general even once retweeted an anti-Semitic user who wrote, Not anymore, Jews.


You know, the anti-Semitism isnt even the scariest partits the fact that the presidents No. 1 intelligence guy also retweets conspiracy theories, he added. This guy is going to walk into the Oval Office: Mr. President, we know whos behind the shooting. Its Tupac! Hes still alive!

Theres also General Flynns unbridled Islamophobiaa matter of great concern to Minhaj, who is a Muslim American of Indian descent.

The Daily Show then aired footage of a speech that General Flynn delivered on Aug. 10, in which he stated, Islam is a political ideology. It definitely hides behind thisthis notion of it being a religion its like cancer.

Damn, sighed Minhaj. Ive been alive for 31 years and nobody told me I had cancer?

Read more: http://www.thedailybeast.com/articles/2016/12/02/the-daily-show-torches-general-flynn-trump-s-racist-national-security-advisor.html

Kendall Jenner Takes Extra Security To Paris After Kim Kardashian Robbery

Main

Kim Kardashian’s little sister engaged some serious private security for her recent trip to Paris. Is this the new normal for visitors to the troubled French capital? “>

Few would blame a blinged-up Kardashian sister for avoiding Paris altogether after Kim Kardashian was the victim of a harrowing multimillion-dollar jewel heist in the troubled city in October. Kim was robbed, bound, gagged, and dumped in a marble bathtub while fearing she was going to be raped or murdered.

But KendallJenner, 21, is made of sterner stuff and walked in the Victorias Secret Fashion Show in Paris this week.

Security at the VS show is traditionally very tight, and this years event was no exception. Last years terror attacks in the capital are still visceral memories.

If Jenner wanted extra precautions in Paris, she is far from alone in that desire; The Daily Beast recently reported that business is booming for close protection services in the city with increasing numbers of rich tourists and business travelers using private bodyguard firms.

Numerous wealthy visitors have been targeted by criminal gangs in the French capital in recent months; one recent high-profile attack targeted the Indian actress Mallika Sherawat, who was attacked by three masked men who sprayed her and her partner with tear gas.

The men ran off before stealing anything, for reasons unknown, but there is little doubt that the attack was an attempted robbery.

Saudi princesses, Emirati singers, and wealthy Chinese tourists have all also been targeted while visiting the French capital.

Given her sisters horrific experience and the prevailing climate it was reasonable enough for Kendall to arrive at the afterparty with private security, even though the police were there, as a source told Page Six.

In other respects, however, Page Six reports the evening was business as usual for Kendall: One reporter asked her a question and she literally ignored her. She just kept looking at pictures of herself on her phone.

Plus a change, eh?

Read more: http://www.thedailybeast.com/articles/2016/12/02/kendall-jenner-takes-extra-security-to-paris-after-kim-kardashian-robbery.html

This security camera was infected by malware 98 seconds after it was plugged in

Heres an object lesson on the poor state of the so-called Internet of Things: Robert Stephens plugged a Wi-Fi-connected security camera into his network and it was compromised in 98 seconds.

Stephens, a tech industry veteran, wasnt so naive as to do this without protecting himself. It was walled off from the rest of the network and rate-limited so it couldnt participate in any DDoS attacks.

He monitored its traffic carefully, expecting to see as others have attempts to take over the device. But even the most jaded among us probably wouldnt have guessed it would take less than two minutes.

Ninety-eight seconds after it jumped on the Wi-Fi, the camera was attacked by a Mirai-like worm that knew the default login and password. The worm (its advance agent, really) checked the specs of its new home and then downloaded the rest of itself onto the device and, had Stephens not locked it down beforehand, would then be ready to participate in all manner of online shenanigans.

The camera, a cheap off-brand one from a company that sells smartwatches for $12, isnt exactly best-in-class. This type of thing could be fixed with a firmware update or, in some cases, by simply changing the default password, but not everyone knows to do that, and even the most tech-savvy people might not get that done in two minutes.

Better-quality devices will almost certainly be better protected against this kind of thing, and may for example block all incoming traffic until theyre paired with another device and set up manually. Still, this is a good reminder that it really is a jungle out there.

Read more: https://techcrunch.com/2016/11/18/this-security-camera-was-infected-by-malware-in-98-seconds-after-it-was-plugged-in/