DOCSLIB.ORG

Cybersecurity Survival Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cybersecurity Survival Guide CYBERSECURITY SURVIVAL GUIDE Principles & Best Practices Third Edition | August 2018 Lawrence C. Miller, CISSP www.paloaltonetworks.com/academy Advisory Panel: Brian Adams Jim Boardman Steve Bradshaw Keith Cantillon James Dalton Matthew Frohlich Thomas Trevethan Palo Alto Networks, Inc. www.paloaltonetworks.com © 2018 Palo Alto Networks – all rights reserved. Aperture, AutoFocus, GlobalProtect, Palo Alto Networks, PAN-OS, Panorama, Traps, and WildFire are trademarks of Palo Alto Networks, Inc. All other trademarks are the property of their respective owners. Table of Contents Table of Contents ..................................................................................................... i Table of Figures...................................................................................................... vi List of Tables ........................................................................................................ viii Foreword ............................................................................................................... ix Introduction ............................................................................................................ x Module 1 – Cybersecurity Foundation ................................................................ 1 1.1 Cybersecurity Landscape .................................................................................................. 1 1.1.1 Modern computing trends ........................................................................................ 2 1.1.2 New application framework and threat vectors ....................................................... 8 1.1.3 Turbulence in the cloud .......................................................................................... 10 1.1.4 SaaS application risks .............................................................................................. 12 1.1.5 Compliance and security are not the same ............................................................ 13 1.1.6 Recent high-profile cyber-attack examples ............................................................ 16 1.2 Cyberthreats ................................................................................................................... 20 1.2.1 Attacker profiles and motivations .......................................................................... 20 1.2.2 Modern cyber-attack strategy ................................................................................ 22 1.3 Endpoint security basics ................................................................................................. 27 1.4 Cyber-attack Techniques and Types .............................................................................. 27 1.4.1 Malware .................................................................................................................. 28 1.4.2 Vulnerabilities and exploits..................................................................................... 33 1.4.3 Spamming and phishing .......................................................................................... 35 1.4.4 Bots and botnets ..................................................................................................... 37 1.5 Wi-Fi and Advanced Persistent Threats ......................................................................... 42 1.5.1 Wi-Fi vulnerabilities ................................................................................................ 42 1.5.2 Wi-Fi man-in-the-middle attacks ............................................................................ 48 1.5.3 Advanced Persistent Threats .................................................................................. 52 Module 2 – Cybersecurity Gateway................................................................... 56 2.1 The Connected Globe ..................................................................................................... 57 2.1.1 The NET: How things connect ................................................................................. 57 2.1.2 Introduction to networking devices ....................................................................... 57 CYBERSECURITY SURVIVAL GUIDE, Third Edition i 2.1.3 Routed and routing protocols ................................................................................. 59 2.1.4 Area networks and topologies ................................................................................ 61 2.1.5 Domain Name System (DNS) .................................................................................. 66 2.2 Physical, Logical, and Virtual Addressing ....................................................................... 69 2.2.1 IP addressing basics ................................................................................................ 74 2.2.2 Introduction to subnetting ..................................................................................... 78 2.3 Packet Encapsulation and Lifecycle................................................................................ 80 2.3.1 The OSI and TCP/IP models ..................................................................................... 81 2.3.2 Data encapsulation ................................................................................................. 87 2.4 Network Security Models ............................................................................................... 88 2.4.1 Perimeter-based network security strategy ........................................................... 89 2.4.2 Zero Trust security .................................................................................................. 90 2.5 Cloud and Data Center Security ..................................................................................... 97 2.5.1 Cloud computing depends on virtualization ........................................................... 98 2.5.2 Cloud computing security considerations and requirements ................................ 98 2.5.3 Traditional data security solution weaknesses ..................................................... 101 2.5.4 East-west traffic protection .................................................................................. 102 2.5.5 Implementing security in virtualized data centers ............................................... 104 2.6 Network Security Technologies.................................................................................... 107 2.6.1 Firewalls ................................................................................................................ 107 2.6.2 Intrusion detection and prevention systems ........................................................ 110 2.6.3 Web content filters ............................................................................................... 111 2.6.4 Virtual private networks ....................................................................................... 112 2.6.5 Data loss prevention ............................................................................................. 115 2.6.6 Unified Threat Management ................................................................................ 116 2.6.7 Security information and event management...................................................... 117 2.7 Endpoint security ......................................................................................................... 119 2.7.1 Anti-malware ........................................................................................................ 119 2.7.2 Anti-spyware ........................................................................................................ 123 2.7.3 Personal firewalls .................................................................................................. 123 2.7.4 Host-based Intrusion Prevention Systems (HIPS) ................................................. 124 2.7.5 Mobile device management ................................................................................. 124 ii PALO ALTO NETWORKS® 2.8 Cloud, Virtualization, and Storage Security ................................................................. 126 2.8.1 Cloud computing ................................................................................................... 126 2.8.2 Virtualization ......................................................................................................... 128 2.8.3 Local and remote storage ..................................................................................... 130 2.9 Networking Concepts ................................................................................................... 131 2.9.1 Server and system administration ........................................................................ 132 2.9.2 Directory services .................................................................................................. 133 2.9.3 Structured host and network troubleshooting ..................................................... 133 2.9.4 ITIL fundamentals.................................................................................................. 136 2.9.5 Help desk and technical support .......................................................................... 137 Module 3 – Cybersecurity Essentials ............................................................... 138 3.1 Security Operating Platform ........................................................................................ 138 3.2 Network Security .........................................................................................................
Load more

Recommended publications
  • Inside a Phisher's Mind: Understanding the Anti-Phishing
    Inside a Phisher’s Mind: Understanding the Anti-phishing Ecosystem Through Phishing Kit Analysis Adam Oest∗, Yeganeh Safaei∗, Adam Doupe´∗, Gail-Joon Ahn∗x, Brad Wardmany, Gary Warnerz ∗Arizona State University, x Samsung Research, yPayPal, Inc., zCofense, Inc. faoest, ysafaeis, doupe, [email protected], [email protected], [email protected] Abstract—Phishing attacks are becoming increasingly preva- Phishing attacks are particularly damaging not only due lent: 2016 saw more phishing attacks than any previous year on to their prevalence, but because their impact extends beyond record according to the Anti-Phishing Working Group. At the the individuals who are directly targeted. The organizations same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing being impersonated in such attacks (such as financial institu- systems, as phishers have extensive control over the content tions or e-mail providers) expend vast resources to minimize they serve to their victims. By examining two large, real-world their losses and must work together with security firms and datasets of phishing kits and URLs from 2016 through mid- researchers to address the increasing level of sophistication 2017, we paint a clear picture of today’s anti-phishing ecosystem being observed in phishing. This gives rise to an anti-phishing while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side .htaccess ecosystem comprised of many diverse entities working toward filtering techniques used by phishers to evade detection by the the same goal of reducing the billions of dollars of annual security community.
    [Show full text]
  • FORCEPOINT Web Security FORCEPOINT’S CLOUD and ON-PREMISE WEB SECURITY Forcepoint Web Security FORCEPOINT’S CLOUD and ON-PREMISE WEB SECURITY
    FORCEPOINT Web Security FORCEPOINT’S CLOUD AND ON-PREMISE WEB SECURITY Forcepoint Web Security FORCEPOINT’S CLOUD AND ON-PREMISE WEB SECURITY Your business and its data are under constant attack. Traditional security solutions no longer provide sufficient protection. In fact, they can put you at risk for data loss and litigation. Protecting your network and data against advanced threats, crypto-ransomware and exploit kits are crucial for the survival of your business in an increasingly risky mobile and cloud- connected digital world. Customizable with the option to expand Companies need customizable solutions that communicate together to protect against these types of threats as they happen. Forcepoint Web Security offers real-time protection against advanced threats and data theft with multiple deployment options and modules to help tailor your web protection package to your organization’s needs. Forcepoint Web Security provides robust protection through content aware defenses and cloud app discovery and monitoring, reducing risks to sensitive data for both on premise and mobile users. Best of all, Forcepoint Web Security easily integrates with other Forcepoint solutions for single, consistent security controls that can protect against inbound and outbound threats with even the smallest of security teams. Web Security Objectives Identify and Control the Risks of Shadow IT Applications and Cloud Services Most of today’s security solutions can’t address Advanced Threats as they happen. Forcepoint Web Security is » Discover cloud applications being used within your advanced, real-time threat defense. organization. Monitor usage of those applications to determine and block those that represent the Securing Every User, Everywhere, greatest risk.
    [Show full text]
  • A Look at How Five of the Biggest Tech Companies Probe New Terrain
    THEMIDDLEMARKET.COM MARCH 2020 A look at how fi ve of the biggest tech companies probe new terrain through early-stage investments CV1_MAJ0320.indd 1 2/24/20 4:16 PM Gain way. We designed our M&A Escrow experience to be a straight line from start to finish. With our comprehensive Deal Dashboard, streamlined KYC and account opening, and high-touch service through a single point of contact, try a better way on your next deal. Learn more at srsacquiom.com 0C2_MAJ0320 2 2/24/2020 11:54:58 AM Contents March 2020 | VOL. 55 | NO. 3 Cover Story 16 Fresh Terrain A look at how five of the biggest tech companies explore new territory through early-stage investments. Features 24 Viral impact How the coronavirus is affecting M&A and private equity. 27 Top investment banks Houlihan Lokey leads list based on volume of PE-backed U.S. deals 30 Top private equity firms Audax ranks first in U.S. deals. Private Equity Perspective 14 Record year for fundraising Blackstone’s $26 billion fund marked the largest buyout fund ever raised. The Buyside 15 Taking a new path XPO Logistics is selling assets and has Watercooler hired a new CFO to lead the process. 6 10 Guest article Climate change draws PE Future of auto 33 KKR raises first global impact fund to BorgWarner acquires Delphi to Women on board target clean water. position for auto industry shift. Gender diversity on corporate boards is good for performance and for 8 12 shareholders. Protecting businesses Why investors like steaks Advent and Crosspoint buy Smith & Wollensky owner purchases cybersecurity firm Forescout.
    [Show full text]
  • Secure Email Gateway - Market Quadrant 2016 ∗
    . The Radicati Group, Inc. Palo Alto, CA 94301 . Phone: (650) 322-8059 . www.radicati.com . THE RADICATI GROUP, INC. Secure Email Gateway - Market Quadrant 2016 ∗ ......... An Analysis of the Market for Secure Email Gateway Solutions, Revealing Top Players, Trail Blazers, Specialists and Mature Players. November 2016 SM ∗ Radicati Market Quadrant is copyrighted November 2016 by The Radicati Group, Inc. Reproduction in whole or in part is prohibited without expressed written permission of the Radicati Group. Vendors and products depicted in Radicati Market QuadrantsSM should not be considered an endorsement, but rather a measure of The Radicati Group’s opinion, based on product reviews, primary research studies, vendor interviews, historical data, and other metrics. The Radicati Group intends its Market Quadrants to be one of many information sources that readers use to form opinions and make decisions. Radicati Market QuadrantsSM are time sensitive, designed to depict the landscape of a particular market at a given point in time. The Radicati Group disclaims all warranties as to the accuracy or completeness of such information. The Radicati Group shall have no liability for errors, omissions, or inadequacies in the information contained herein or for interpretations thereof. Secure Email Gateway - Market Quadrant 2016 TABLE OF CONTENTS RADICATI MARKET QUADRANTS EXPLAINED .................................................................................. 2 MARKET SEGMENTATION – SECURE EMAIL GATEWAYS .................................................................
    [Show full text]
  • Insight MFR By
    Manufacturers, Publishers and Suppliers by Product Category 11/6/2017 10/100 Hubs & Switches ASCEND COMMUNICATIONS CIS SECURE COMPUTING INC DIGIUM GEAR HEAD 1 TRIPPLITE ASUS Cisco Press D‐LINK SYSTEMS GEFEN 1VISION SOFTWARE ATEN TECHNOLOGY CISCO SYSTEMS DUALCOMM TECHNOLOGY, INC. GEIST 3COM ATLAS SOUND CLEAR CUBE DYCONN GEOVISION INC. 4XEM CORP. ATLONA CLEARSOUNDS DYNEX PRODUCTS GIGAFAST 8E6 TECHNOLOGIES ATTO TECHNOLOGY CNET TECHNOLOGY EATON GIGAMON SYSTEMS LLC AAXEON TECHNOLOGIES LLC. AUDIOCODES, INC. CODE GREEN NETWORKS E‐CORPORATEGIFTS.COM, INC. GLOBAL MARKETING ACCELL AUDIOVOX CODI INC EDGECORE GOLDENRAM ACCELLION AVAYA COMMAND COMMUNICATIONS EDITSHARE LLC GREAT BAY SOFTWARE INC. ACER AMERICA AVENVIEW CORP COMMUNICATION DEVICES INC. EMC GRIFFIN TECHNOLOGY ACTI CORPORATION AVOCENT COMNET ENDACE USA H3C Technology ADAPTEC AVOCENT‐EMERSON COMPELLENT ENGENIUS HALL RESEARCH ADC KENTROX AVTECH CORPORATION COMPREHENSIVE CABLE ENTERASYS NETWORKS HAVIS SHIELD ADC TELECOMMUNICATIONS AXIOM MEMORY COMPU‐CALL, INC EPIPHAN SYSTEMS HAWKING TECHNOLOGY ADDERTECHNOLOGY AXIS COMMUNICATIONS COMPUTER LAB EQUINOX SYSTEMS HERITAGE TRAVELWARE ADD‐ON COMPUTER PERIPHERALS AZIO CORPORATION COMPUTERLINKS ETHERNET DIRECT HEWLETT PACKARD ENTERPRISE ADDON STORE B & B ELECTRONICS COMTROL ETHERWAN HIKVISION DIGITAL TECHNOLOGY CO. LT ADESSO BELDEN CONNECTGEAR EVANS CONSOLES HITACHI ADTRAN BELKIN COMPONENTS CONNECTPRO EVGA.COM HITACHI DATA SYSTEMS ADVANTECH AUTOMATION CORP. BIDUL & CO CONSTANT TECHNOLOGIES INC Exablaze HOO TOO INC AEROHIVE NETWORKS BLACK BOX COOL GEAR EXACQ TECHNOLOGIES INC HP AJA VIDEO SYSTEMS BLACKMAGIC DESIGN USA CP TECHNOLOGIES EXFO INC HP INC ALCATEL BLADE NETWORK TECHNOLOGIES CPS EXTREME NETWORKS HUAWEI ALCATEL LUCENT BLONDER TONGUE LABORATORIES CREATIVE LABS EXTRON HUAWEI SYMANTEC TECHNOLOGIES ALLIED TELESIS BLUE COAT SYSTEMS CRESTRON ELECTRONICS F5 NETWORKS IBM ALLOY COMPUTER PRODUCTS LLC BOSCH SECURITY CTC UNION TECHNOLOGIES CO FELLOWES ICOMTECH INC ALTINEX, INC.
    [Show full text]
  • Conference Agenda Wednesday, October 14, 2020
    Confronting Cybersecurity and Data Privacy Challenges in Times of Unprecedented Change October 14 and 16, 2020 New York University School of Law Virtual Conference Faculty Director Executive Director Assistant Director Jennifer H. Arlen Alicyn Cooley Clarissa D. Santiago The Program on Corporate Compliance and Enforcement (PCCE) is a law and policy program dedicated to promoting effective enforcement and compliance. Through practical discourse and legal scholar­ ship, PCCE helps shape optimal enforcement policy, guides firms in developing more effective and robust compliance programs, and educates in the fields of corporate compliance and enforcement. Confronting Cybersecurity and Data Privacy Challenges in Times of Unprecedented Change October 14 and 16, 2020 Conference Objectives This conference brings together academics, government executives’ duties and best practices in these areas. It will officials, corporate directors, in-house counsel, compli­ then examine how enforcement agencies, financial services ance officers, and private attorneys for an off-the-record providers, and corporations collectively can address the discussion of today’s most significant challenges and risks threats posed today by the misappropriation of corporate pertaining to cybersecurity and data privacy. The confer­ data, including terrorism and election interference. The ence participants will offer concrete guidance on how com­ next panel will provide practical guidance, and regulators’ panies and their counsel can overcome and even preempt perspectives,
    [Show full text]
  • Insight Manufacturers, Publishers and Suppliers by Product Category
    Manufacturers, Publishers and Suppliers by Product Category 2/15/2021 10/100 Hubs & Switch ASANTE TECHNOLOGIES CHECKPOINT SYSTEMS, INC. DYNEX PRODUCTS HAWKING TECHNOLOGY MILESTONE SYSTEMS A/S ASUS CIENA EATON HEWLETT PACKARD ENTERPRISE 1VISION SOFTWARE ATEN TECHNOLOGY CISCO PRESS EDGECORE HIKVISION DIGITAL TECHNOLOGY CO. LT 3COM ATLAS SOUND CISCO SYSTEMS EDGEWATER NETWORKS INC Hirschmann 4XEM CORP. ATLONA CITRIX EDIMAX HITACHI AB DISTRIBUTING AUDIOCODES, INC. CLEAR CUBE EKTRON HITACHI DATA SYSTEMS ABLENET INC AUDIOVOX CNET TECHNOLOGY EMTEC HOWARD MEDICAL ACCELL AUTOMAP CODE GREEN NETWORKS ENDACE USA HP ACCELLION AUTOMATION INTEGRATED LLC CODI INC ENET COMPONENTS HP INC ACTI CORPORATION AVAGOTECH TECHNOLOGIES COMMAND COMMUNICATIONS ENET SOLUTIONS INC HYPERCOM ADAPTEC AVAYA COMMUNICATION DEVICES INC. ENGENIUS IBM ADC TELECOMMUNICATIONS AVOCENT‐EMERSON COMNET ENTERASYS NETWORKS IMC NETWORKS ADDERTECHNOLOGY AXIOM MEMORY COMPREHENSIVE CABLE EQUINOX SYSTEMS IMS‐DELL ADDON NETWORKS AXIS COMMUNICATIONS COMPU‐CALL, INC ETHERWAN INFOCUS ADDON STORE AZIO CORPORATION COMPUTER EXCHANGE LTD EVGA.COM INGRAM BOOKS ADESSO B & B ELECTRONICS COMPUTERLINKS EXABLAZE INGRAM MICRO ADTRAN B&H PHOTO‐VIDEO COMTROL EXACQ TECHNOLOGIES INC INNOVATIVE ELECTRONIC DESIGNS ADVANTECH AUTOMATION CORP. BASF CONNECTGEAR EXTREME NETWORKS INOGENI ADVANTECH CO LTD BELDEN CONNECTPRO EXTRON INSIGHT AEROHIVE NETWORKS BELKIN COMPONENTS COOLGEAR F5 NETWORKS INSIGNIA ALCATEL BEMATECH CP TECHNOLOGIES FIRESCOPE INTEL ALCATEL LUCENT BENFEI CRADLEPOINT, INC. FORCE10 NETWORKS, INC INTELIX
    [Show full text]
  • How Healthcare Data Privacy Is Almost Dead … and What Can
    HOW HEALTHCARE DATA PRIVACY IS ALMOST DEAD … AND WHAT CAN BE DONE TO REVIVE IT! OTHER INFORMATION SECURITY BOOKS FROM AUERBACH A Guide to the National Initiative for Mastering the Five Tiers of Audit Competency: Cybersecurity Education (NICE) The Essence of Effective Auditing Cybersecurity Workforce Framework (2.0) Ann Butera • ISBN 978-1-4987-3849-1 Dan Shoemaker, Anne Kohnke, and Ken Sigler Network and Data Security for Non-Engineers ISBN 978-1-4987-3996-2 Frank M. Groom, Kevin Groom, and Stephan S. Jones Analyzing and Securing Social Networks ISBN 978-1-4987-6786-6 Bhavani Thuraisingham, Satyen Abrol, Raymond Operational Assessment of IT Heatherly, Murat Kantarcioglu, Vaibhav Khadilkar, Steve Katzman • ISBN 978-1-4987-3768-5 and Latifur Khan ISBN 978-1-4822-4327-7 Practical Cloud Security: A Cross-Industry View Anti-Spam Techniques Based on Artificial Melvin B. Greer, Jr. and Kevin L. Jackson Immune System ISBN 978-1-4987-2943-7 Ying Tan • ISBN 978-1-4987-2518-7 Securing an IT Organization through Corporate Defense and the Value Preservation Governance, Risk Management, and Audit Imperative: Bulletproof Your Corporate Ken E. Sigler and James L. Rainey, III Defense Program ISBN 978-1-4987-3731-9 Sean Lyons • ISBN 978-1-4987-4228-3 Securing Cyber-Physical Systems Cyber Security for Industrial Control Systems: Edited by Al-Sakib Khan Pathan From the Viewpoint of Close-Loop ISBN 978-1-4987-0098-6 Peng Cheng, Heng Zhang, and Jiming Chen ISBN 978-1-4987-3473-8 Security and Privacy in Internet of Things (IoTs): Models, Algorithms, and Electronically Stored Information: Implementations The Complete Guide to Management, Edited by Fei Hu • ISBN 978-1-4987-2318-3 Understanding, Acquisition, Storage, Search, and Retrieval, Second Edition Security without Obscurity: A Guide to PKI David R.
    [Show full text]
  • Making It Safe for Your People to Work Remotely
    Ebook Making It Safe for Your People to Work Remotely Security Tips for Enabling Your Teams to Work Outside the Office forcepoint.com | intelisecure.com Making It Safe for Your People to Work Remotely 2 Reducing Complexity in the New World of Remote Working Digital transformation has created an overwhelmingly complex information security environment. In this rapidly evolving new world, an abrupt surge in remote workers has made that environment even more challenging. Forcepoint is challenging the way organizations look at the problem by bringing compelling new solutions into the data protection space. InteliSecure is proud to partner with Forcepoint by helping organizations tailor data protection to effectively leverage Forcepoint’s security technology platform. Through a full array of Professional and Managed Data Protection Services, our data security experts support organizations in selecting, deploying, and implementing Forcepoint tools. With a foundational security strategy, integrated with proven security technology, InteliSecure enables organizations to protect their most critical data assets. Now, you can ensure workers can do their jobs from anywhere—with confidence. forcepoint.com | intelisecure.com Making It Safe for Your People to Work Remotely 3 Table of Contents Security Risks to Watch for When People 03 Work Remotely Extending Your Email Phishing Protection 05 Outside of the Office Safeguarding People as they Browse and 07 Use the Web Differently Ensuring Data Security in a Multi-Cloud 09 Environment Connecting Remote Workers to Internal 12 Applications and Data forcepoint.com | intelisecure.com Making It Safe for Your People to Work Remotely 4 Security Risks to Watch for When People Work Remotely Given the current global climate, it’s likely that your workforce has seen a huge increase in employees working from home.
    [Show full text]
  • Forcepoint Web Security Cloud Help
    Forcepoint Cloud Security Gateway Portal Help Forcepoint Web Security Cloud 2021 ©2021, Forcepoint Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint. All other trademarks used in this document are the property of their respective owners. Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice. Last modified: September 13, 2021 Contents Chapter 1 Getting Started . .1 Initial steps . .2 Logging on and portal security. .2 Cloud Web setup wizard . .3 Configuring your firewall to connect to the cloud service . .4 Sending end user information to the cloud service . .5 Configuring the Directory Synchronization Client . .5 Download and configure the client software . .6 Verify synchronization results . .6 Adding users manually . .6 Setting up your first policy . .7 Configuring policy connections. .7 Directing user traffic to the cloud service . .7 Testing your policy settings . .8 Reviewing your configuration. .9 Finishing the setup wizard (next steps). .9 Navigating the cloud portal . .10 Cloud portal dashboards. .11 Creating custom dashboards in the cloud portal . .16 Alerts . .18 Chapter 2 Account Settings . .21 My Account . .22 Configuring SIEM storage . .22 Contacts . .24 Adding a contact . .24 Password settings . .28 Password policy . .29 Password expiration limit . .30 User lockout . .30 Changing passwords .
    [Show full text]
  • Research Note: RSA Conference 2019
    Research Note: RSA Conference 2019 Rajeev Chand Partner Head of Research The 28th annual RSA Conference was held March 4-8, 2019, at the Moscone Center in San Francisco, California. The conference is one of the largest conferences for information security globally and hosted 42,500+ attendees. At this year’s RSA, we held 21 1-on-1 meetings with CISOs/CSOs, entrepreneurs, and Wing Venture Capital government officials over two days, and we hosted the inaugural Wing Summit on 2061 Avy Avenue Security, involving 101 CISOs/CSOs from large cap public companies and ‘unicorn’ Menlo Park, CA 94063 private tech companies in an off-the-record, closed-door setting. In addition, we held 26 pre-RSA research calls with CISOs/CSOs and government officials to understand key security issues and priorities. In this Research Note, we highlight the trends, insights, and observations from our conversations in the following sections: • Key News Announcements • CISO Priorities • Government and Private Sector Key News Announcements There were two news announcements that were prominent in our RSA 2019 meetings: 1) Chronicle’s launch of Backstory, and 2) NSA’s release Ghidra. Backstory Chronicle’s launch of Backstory was the most discussed item in our meetings. We had two observations: 1) There is pent-up demand for a Splunk alternative. Splunk has the advantage of incumbency, and Splunk is ‘more than an application, it is a way of doing business’, as stated by a colleague. However, Splunk’s data-based pricing model was frequently mentioned as expensive. A colleague commented, ‘each year we re-examine whether this is the year to replace Splunk, and each year Splunk reduces its price sufficiently to make the transition costs for tools and processes not worth it.’ 2) The most often mentioned critiques of Backstory were: a) would corporations trust Google with their telemetry data, and b) does Backstory have the product maturity required by large enterprises.
    [Show full text]
  • Insight MFR By
    Manufacturers, Publishers and Suppliers by Product Category 7/18/2019 10/100 Hubs & Switch COMPREHENSIVE CABLE IOGEAR TECHNOLOGY QUANTUM VCE COMPANY LLC 3COM COMTROL IXIA QVS INC. VERBATIM 4XEM CORP. CONNECTPRO JUNIPER NETWORKS RADWARE VERTIV ACCELL CP TECHNOLOGIES KANEX RAM MOUNTS VISIONTEK ADTRAN CRESTRON ELECTRONICS KANGURU RAPID TECHNOLOGIES LLC. VIVOTEK ADVANTECH CO LTD CYBERDATA SYSTEMS KENSINGTON RARITAN VMWARE AEROHIVE NETWORKS CYBERPOWER SYSTEMS KRAMER ELECTRONICS, LTD. RED LION CONTROLS WASP BARCODE ALCATEL LUCENT DATTO, INC. LANTRONIX RIVERBED TECHNOLOGIES WIFI‐TEXAS.COM INC ALLIED TELESIS DELL LENOVO ROSE ELECTRONIC W‐LINX TECHNOLOGY ALTRONIX DELL EMC LG ELECTRONICS ROSEWILL XIRRUS (SEE NOTES) ALURATEK, INC. DIGI INTERNATIONAL LINKSYS RUCKUS WIRELESS ZYXEL AMER NETWORKS DIGIUM MANHATTAN WIRE PRODUCTS SABRENT Adapter IDE/ATA/SATA AMX D‐LINK SYSTEMS MCAFEE SANHO ADAPTEC ANKER EATON MELLANOX SAVVIUS INC ADDONICS TECHNOLOGY INC. APC EDGECORE MICRON CONSUMER PRODUCTS GROUP SDA ALERATECH ARISTA NETWORKS EDGEWATER NETWORKS INC MICROSEMI CORP SENNHEISER ALURATEK, INC. ARRIS GROUP INC ENGENIUS MILESTONE SYSTEMS INC SHARP APRICORN ASUS ENTERASYS NETWORKS MITEL SHORETEL ARECA US ATEN TECHNOLOGY ETHERWAN MONOPRICE SIGNAMAX ATTO TECHNOLOGY ATLONA EVGA.COM MOTOROLA ISG SIIG AVAGOTECH TECHNOLOGIES AUDIOCODES, INC. EXABLAZE MOXA TECHNOLOGIES, INC. SISOFTWARE AXIOM MEMORY AUTOMATION INTEGRATED LLC EXACQ TECHNOLOGIES INC NETAPP SMARTAVI INC BYTECC AVAYA EXTREME NETWORKS NETEON TECHNOLOGIES INC. SMC NETWORKS CABLES TO GO AXIS COMMUNICATIONS EXTRON NETGEAR, INC. STAMPEDE TECHNOLOGIES INC CHENBRO B & B ELECTRONICS FORTINET NETRIA STARTECH.COM CISCO SYSTEMS BELKIN COMPONENTS FUJITSU SCANNERS NETSCOUT SYSTEMS, INC SUPERMICRO COMPUTER CORSAIR MEMORY BLACK BOX FUJITSU SERVER STORAGE NOVATEL WIRELESS SYBA TECH LTD CRU ‐ CONNECTOR RESOURCES BLACKMAGIC DESIGN USA GARRETTCOM OMNITRON TARGUS DELL BLONDER TONGUE LABORATORIES GEAR HEAD ORACLE TEK‐REPUBLIC DELL EMC BOSCH SECURITY GEFEN OVERLAND STORAGE TELEADAPT, INC.
    [Show full text]