Для тех кто любит ИБ новости в аудио-формате, пока стоишь в пробке, или видеть того кто рассказывает новости рекомендуем еженедельный дайджест - выпуск новостей с основными значимыми новостями в мире информационной безопасности https://youtu.be/uT9XYwLD2m4
YouTube
CISO news 1: снова мобильные уязвимости, соцсети vs. Apple, безопасность цепочки поставок
Вам были бы интересны новости в канале про критические уязвимости в широкораспространненых продуктах (например Exim, iOS, Exchange) и больше технических гайдов (например по настройке конкретных средств).
Anonymous Poll
63%
1. Да.
24%
2. Нет.
14%
3. Все равно.
ISACA’s Medical Device Discovery Appraisal Program (MDDAP) helps device manufacturers go beyond compliance and toward continuous improvement. See the benefits of participation at the FDA/Xavier MedCon Conference
https://www.isaca.org/enterprise/medical-device-discovery-appraisal-program
https://www.isaca.org/enterprise/medical-device-discovery-appraisal-program
ISACA
Medical Device Discovery Appraisal Program (MDDAP) | ISACA
The Medical Device Discovery Appraisal Program (MDDAP) helps medical device manufacturers better understand, measure, and improve their capabilities.
Smart cities are a tempting target for cyberattacks, so it's time to secure them now | ZDNet
To help guide local authorities and protect infrastructure, organisations and people from the threat of cyberattacks that could target smart cities, the NCSC has published a series of principles that should be adhered to in order to provide these networks with the highest possible level of cybersecurity.
https://www.zdnet.com/article/smart-cities-are-a-tempting-target-for-cyberattacks-so-its-time-to-secure-them-now/
To help guide local authorities and protect infrastructure, organisations and people from the threat of cyberattacks that could target smart cities, the NCSC has published a series of principles that should be adhered to in order to provide these networks with the highest possible level of cybersecurity.
https://www.zdnet.com/article/smart-cities-are-a-tempting-target-for-cyberattacks-so-its-time-to-secure-them-now/
ZDNET
Smart cities are a tempting target for cyberattacks, so it's time to secure them now
National Cyber Security Centre guidance asks local authories to think about cybersecurity sooner rather than later to stop essential services being disrupted by malicious hackers.
Новый отчёт Gartner по средствам защиты конечных точек.
https://www.gartner.com/doc/reprints?id=1-2435Z2CX&ct=200903&st=sb
https://www.gartner.com/doc/reprints?id=1-2435Z2CX&ct=200903&st=sb
" Market Overview
Ransomware is currently the biggest risk for all organizations. Recent changes in ransomware include the expansion of affiliate programs, data theft and doxing threats, and the expansion of human-operated ransomware; all of which elevate the business impact of ransomware infections. Some EPP solutions are offering cyber insurance policies for ransomware to demonstrate confidence in ransomware defense.
Remote work has significantly accelerated the adoption of cloud-managed offerings, which now represent 60% of the installed base and 95% of all new deployments. Hybrid deployment offerings are desirable for buyers that cannot commit to 100% cloud deployments. However, buyers should look for indicators that solutions are truly designed for cloud delivery and not simply management servers shifted to the cloud.
Fileless attacks are now a common component of all malware types, making the behavioral protection of EDR tools a critical capability. Advanced adversaries targeting the organization can evade any protection solutions, making detection and hunting critical to fast incident response. EDR should now be a mandatory key capability; however, EDR capabilities are deployed to only 40% of endpoints.
The biggest barrier to adoption of EDR tools remains the skills required to operate them and the increased total costs, particularly as later adopters deploy EDR. On average, EDR capabilities will add an extra 37% to initial costs, and adoption of EDR must be accompanied by investment in training to be effective.
To alleviate the skills gap, MDR services that provide monitoring and alert triage are becoming much more popular. MDR services are increasingly being offered by the solution providers themselves rather than through partners.
The recent SolarWinds supply chain attacks illustrated both the value of EDR and the drawbacks. We have little evidence that EDR solutions detected the breach in real time. However, EDR solutions were very useful postevent to detect compromise and to block newly discovered malicious behavior. However, EDR data storage periods should anticipate attack techniques that stretch the attack timeline to several weeks.
SolarWinds attacks also illustrated the need for better integration of telemetry data from identity and email at a minimum and the need for effective tamper protection to ensure agents are not disabled.
Extended detection and response capabilities are emerging as the newest key capability for EPP solutions. XDR provides a threat detection and incident response tool that unifies multiple security products into a common incident response and hunting toolset.
All organizations need better-prioritized hardening guidance. EPP solutions are increasingly offering vulnerability analysis, with some more advanced solutions also including endpoint configuration guidance.
EPP solutions may also add mobile threat defense and integration with unified endpoint management to reduce the overall administration burden and allow further consolidation of security operations and IT operations tools. "
Ransomware is currently the biggest risk for all organizations. Recent changes in ransomware include the expansion of affiliate programs, data theft and doxing threats, and the expansion of human-operated ransomware; all of which elevate the business impact of ransomware infections. Some EPP solutions are offering cyber insurance policies for ransomware to demonstrate confidence in ransomware defense.
Remote work has significantly accelerated the adoption of cloud-managed offerings, which now represent 60% of the installed base and 95% of all new deployments. Hybrid deployment offerings are desirable for buyers that cannot commit to 100% cloud deployments. However, buyers should look for indicators that solutions are truly designed for cloud delivery and not simply management servers shifted to the cloud.
Fileless attacks are now a common component of all malware types, making the behavioral protection of EDR tools a critical capability. Advanced adversaries targeting the organization can evade any protection solutions, making detection and hunting critical to fast incident response. EDR should now be a mandatory key capability; however, EDR capabilities are deployed to only 40% of endpoints.
The biggest barrier to adoption of EDR tools remains the skills required to operate them and the increased total costs, particularly as later adopters deploy EDR. On average, EDR capabilities will add an extra 37% to initial costs, and adoption of EDR must be accompanied by investment in training to be effective.
To alleviate the skills gap, MDR services that provide monitoring and alert triage are becoming much more popular. MDR services are increasingly being offered by the solution providers themselves rather than through partners.
The recent SolarWinds supply chain attacks illustrated both the value of EDR and the drawbacks. We have little evidence that EDR solutions detected the breach in real time. However, EDR solutions were very useful postevent to detect compromise and to block newly discovered malicious behavior. However, EDR data storage periods should anticipate attack techniques that stretch the attack timeline to several weeks.
SolarWinds attacks also illustrated the need for better integration of telemetry data from identity and email at a minimum and the need for effective tamper protection to ensure agents are not disabled.
Extended detection and response capabilities are emerging as the newest key capability for EPP solutions. XDR provides a threat detection and incident response tool that unifies multiple security products into a common incident response and hunting toolset.
All organizations need better-prioritized hardening guidance. EPP solutions are increasingly offering vulnerability analysis, with some more advanced solutions also including endpoint configuration guidance.
EPP solutions may also add mobile threat defense and integration with unified endpoint management to reduce the overall administration burden and allow further consolidation of security operations and IT operations tools. "