Machine learning (ML) is a commonly used term across nearly every sector of IT today. And while ML has frequently been used to make sense of big data—to improve business performance and processes and help make predictions—it has also proven priceless in other applications, including cybersecurity. This article will share reasons why ML has risen to such importance in cybersecurity, share some of the challenges of this particular application of the technology and describe the future that machine learning enables.

Why Machine Learning Has Become Vital for Cybersecurity

The need for machine learning has to do with complexity. Many organizations today possess a growing number of Internet of Things (IoT) devices that aren’t all known or managed by IT. All data and applications aren’t running on-premises, as hybrid and multicloud are the new normal. Users are no longer mostly in the office, as remote work is widely accepted.

To read this article in full, please click here

China-based cyberespionage actor DEV-0147 has been observed compromising diplomatic targets in South America, according to Microsoft’s Security Intelligence team. 

The initiative is “a notable expansion of the group’s data exfiltration operations that traditionally targeted gov’t agencies and think tanks in Asia and Europe,” the team tweeted on Monday. 

DEV-0147’s attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for reconnaissance and lateral movement, and the use of Cobalt Strike — a penetration testing tool — for command and control and data exfiltration, Microsoft wrote in its tweet. 

To read this article in full, please click here

Israel-based startup Oligo Security is exiting stealth mode with the public launch of its namesake software, offering a new wrinkle in library-based application security monitoring, observability, and remediation. Utilizing a technology called extended Berkeley Packet Filter (eBPF), it is able to provide agentless security coverage for open source code.

Given the prevalence of open source code in modern software — Oligo contends that it accounts for something like 80% or 90% — there is a need for software composition analysis solutions that can check the code for potential vulnerabilities. The current generation of solutions, however, is “noisy,” according to Oligo. It tends to produce a lot of false positives, and doesn’t contextualize alerts within a given runtime. The latter tendency is unhelpful for setting remediation priorities.

To read this article in full, please click here

As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work that would otherwise require significant effort and potentially drain in-house resources to those who can do it for you.

The use of third-party services can also come with significant—often unforeseen—risks. Third parties can be a gateway for intrusions, harm a company’s reputation if a service malfunctions, expose it to financial and regulatory issues, and draw the attention of bad actors from around the world. A poorly managed breakup with a vendor can also be perilous, resulting in the loss of access to systems put in place by the third party, loss of custody of data, or loss of data itself.

To read this article in full, please click here

By David Richardson, Vice President of Product at Lookout

As IT operations migrated to the cloud, it became easier to support remote and hybrid workers. The problem is that it has also complicated the infrastructure IT and security teams are tasked to protect.

Organizations far and wide have expanded their use of cloud and SaaS apps, especially over the last couple of years, to empower their users to stay productive and collaborate from anywhere. Many, though, have struggled to ensure their security strategies keep pace in this mode of operation, where users, endpoints, apps, and data now largely reside outside of the traditional enterprise perimeter. 

To read this article in full, please click here

Descope has launched its first product, a platform designed to help developers add authentication and user management capabilities to their business-to-consumer and business-to-business applications. The software as a service is available now. Developers can access the product free of charge for up to 7,500 monthly active uses for B2C applications and up to 50 tenants for B2B apps. Beyond these there is a US$0.10 per user and US$20 per tenant.

The Descope platform aims to make it easier to build passwordless authentication, according to the company. Descope says the new product allows organizations to:

• Create authentication flows and user-facing screens using a visual workflow designer.
• Seamlessly add a variety of passwordless authentication methods to apps such as magic links, biometrics and passkeys (based on WebAuthn), authenticator apps, and social logins.
• Validate, merge, and manage identities across the user journey.
• Get business apps enterprise-ready with single sign-on (SSO), access control, tenant management, and automated user provisioning.
• Enhance user protection by easily enabling multi-factor authentication (MFA), step-up, or biometric authentication within applications.

Descope’s platform offers different integration options: a no-code workflow builder and screen editor, a set of client and backend SDKs, and comprehensive REST APIs.

To read this article in full, please click here

Not too long ago, guarding access to the network was the focal point of defense for security teams. Powerful firewalls ensured that attackers were blocked on the outside while on the inside things might get “squishy,” allowing users fairly free rein within. Those firewalls were the ultimate defense—no one undesirable got access.

Until they did. With the advent of cloud computing, the edge of a network is no longer protected by a firewall. In fact, the network no longer has an edge: in our work-from-anywhere environment in which any data center is now a boundary, we can no longer rely on traditional protection mechanisms. Security has become more about protecting identity rather than the network itself.

To read this article in full, please click here