Pwn Pulse Named Finalist for SC Awards 2016 Europe

Awards season isn’t over yet – not when SC Magazine UK has yet to give out its annual European IT security awards. At Pwnie Express, we’ll be picking out our best formalwear and joining our fellow nominees for the June 2016 event.

As an industry-recognized 2015 SC Magazine Security Innovator, we were thrilled to learn that Pwn Pulse has also been named one of SC Magazine UK’s six finalists for the Best Vulnerability Management Solution, which “acknowledges superior products and services that help customers address the most pressing cyber security threats.” This recognition comes on the heels of the launch of Pwn Pulse into the European market, which provided EU workplaces new, full visibility into the connected devices posing threats to their networks.

Meanwhile, demand for wireless/wired detection continues to surge in the region. According to the ISACA European 2015 IT Risk/Reward Barometer, 70 percent of European business and IT professionals consider it a medium to high likelihood that a company will be hacked through a connected device. As bring your own device (BYOD) and Internet of Things (IoT) devices continue to proliferate in workplaces across the EU, 51 percent believe their IT department is not aware of all of the connected devices within the organization, and one in three do not have a policy in place to address BYOD at all — let alone discover and analyze the multitude of devices in and around their networks.

These devices can be inherently malicious or can be used as gateways into the networks of these organizations, including critical networks used by utilities, financial institutions, government organizations, and others.

At Pwnie, we work with our global customers to help them better understand the threat of connected devices in and around their organizations. With the Pwn Pulse enterprise-class SaaS platform, European organizations can continuously detect and fingerprint every wireless and wired device – from phone to printer – and hone in on the ones they actually care about. This helps them prioritize security response, reduce alert fatigue and provide situational intelligence to implement real-time remediation. This visibility from Pwn Pulse also enables companies to more comprehensively protect critical business infrastructure while preserving data privacy.

Being recognized by SC Magazine UK is a testament to our incredible team, and in particular, our top- notch engineering talent, as well as our amazing users around the globe who have deployed Pwn Pulse. The SC Magazine Awards Europe are one of the information security industry’s most prominent recognitions. Winners in the Threat Solution categories are decided by an expert panel of judges, hand- picked by SC Magazine UK’s editorial team for their breadth of knowledge and experience in the information security industry. The awards honor both the cyber security professionals working in the trenches, and the products and services that help protect today’s corporate world from a myriad of ever-changing threats.

Norwich University computer security program part of major security event, Super Bowl 50

NORTHFIELD, Vt. – The Norwich University computer security and information assurance (CSIA) program, with students operating both onsite in California and on campus, supported Santa Clara Police Department, the lead law enforcement agency at Super Bowl 50, and the law enforcement and homeland security functions leading up to and during this international sporting event.

Norwich University was the only educational institution invited to participate in support of the public safety team tasked with safeguarding Super Bowl 50. With support from over 60 students working at its campus based Global Threat Observatory, Norwich cybersecurity students and faculty collaborated with Levi’s Stadium – the host for the event – and with the Super Bowl 50 Critical Infrastructure & Cyber Protection Sub Committee, the represented agencies and their personnel. This committee was led by Detective Sergeant Ray Carreira ’96 of the Santa Clara Police Department, the lead law enforcement agency for the event.

Throughout 2015 CSIA students worked with this team in preparation for this globally televised event and formed partnerships with leading software developers to support their work.

Norwich University’s participation was made possible in part with generous support by these critical providers:

  • Barrier 1 Barrier 1 patented process delivers the ability to accurately detect and protect against all forms of known and never-before-seen cyber attacks in real time and at the point of impact. Barrier1 uses an Intelligent based analytical based engine that utilizes over 25,000 sensors on board that feed a series of behavior algorithms.
  • Carbon Black Carbon Black leads a new era of endpoint security by enabling organizations to disrupt advanced attacks, deploy the best prevention strategies for their business, and leverage the expertise of 10,000 professionals from IR firms, MSSPs and enterprises to shift the balance of power back to security teams. Only Carbon Black continuously records and centrally retains all endpoint activity, making it easy to track an attacker’s every action, instantly scope every incident, unravel entire attacks and determine root causes. Carbon Black also offers a range of prevention options so organizations can match their endpoint defense to their business needs. Carbon Black has been named #1 in endpoint protection, incident response, and market share. Forward-thinking companies choose Carbon Black to arm their endpoints, enabling security teams to: Disrupt. Defend. Unite.
  • Intel 471 Intel 471’s online portal and API provide clients with actionable and proactive cyber threat intelligence information for integration with customers’ own security and fraud detection systems. We track financially motivated cyber criminals and hacktivists and are described as an “actor-centric cyber threat intelligence collection capability” for our customers. n the US with globally deployed researchers.
  • ProtectWise™ ProtectWise is disrupting the network security industry with its Cloud Network DVR, a virtual camera in the cloud that records everything on the network, which allows security professionals to see threats in real time and retrospectively for complete detection and visibility of enterprise threats. ProtectWise was used to monitor network activity and identify threats.
  • Pwnie Express Pwnie Express provides threat detection of the billions of devices in and around your workplace. By automating wireless and wired device detection, Pwnie solutions continuously detect the devices on or around your network that are open pathways for attackers. Pwnie arms your security team to win the BYOD battle with the ability to detect and fingerprint any device, from phone to thermostat, in order to prioritize your security response, reduce alert fatigue, and provide situational intelligence.
  • Silobreaker Silobreaker products help security and intelligence professionals make sense of the overwhelming amount of data on the web. By providing powerful tools and visualizations that cut through and analyze data from hundreds of thousands of open sources, Silobreaker makes it easy for users to monitor and investigate threat actors, attack types, vulnerabilities, instabilities, geopolitical developments, or any other topic or event.  Customers save time by working more efficiently through large data-sets and improving their expertise, knowledge and decision-making by examining and interpreting the data more easily.

Levi’s Stadium, home of Super Bowl 50, is one of the most technologically capable stadiums in the world. In preparation, CSIA students attended Wrestlemania and a major soccer match for fact-finding and familiarization with the security environment.

Super Bowl 50 was broadcast in over 180 countries in 25 languages and was expected to reach over 115 million households in the USA, making it the most viewed event in history.

“I have been so impressed by these Norwich students and their professionalism, their ability to solve complex problems and the ease with which they have integrated into this intense law enforcement environment,” said Captain Phil Cooke, Santa Clara Police Department Super Bowl 50 Commander.

The Norwich University cybersecurity program began in 1999.

Ranked #2 by the Ponemon Institute for cyber security in the U.S., Norwich University programs are consistently ranked among the best in the nation for cyber security education.  Norwich University is recognized as a National Center of Academic Excellence in Information Assurance Education by the National Security Agency (NSA) and the Department of Homeland Security (DHS) and has received designation as a Center of Digital Forensics Academic Excellence (CDFAE) by the Defense Cyber Crime Center (DC3). Beginning in 2002, Norwich University became a member of what is now called National Science Foundation’s Cyber Corps: Scholarship for Service program. Norwich is partnered with the United States Army Reserves (USAR) to develop cyber-education curricula that align with federal standards and cybersecurity needs.

“When I read about all the impressive work Norwich is doing with cyber, I took the opportunity to connect that expertise to a function for law enforcement of this major event,” Carreira said.

˜˜˜

Norwich University is a diversified academic institution that educates traditional-age students and adults in a Corps of Cadets and as civilians. Norwich offers a broad selection of traditional and distance-learning programs culminating in Baccalaureate and Graduate Degrees. Norwich University was founded in 1819 by Captain Alden Partridge of the U.S. Army and is the oldest private military college in the United States of America. Norwich is one of our nation’s six senior military colleges and the birthplace of the Reserve Officers’ Training Corps (ROTC).www.norwich.edu

In fulfillment of Norwich’s mission to train and educate today’s students to betomorrow’s global leaders and captains of industry, the Forging the Future campaign is committed to creating the best possible learning environment through state-of-the-art academics and world-class facilities. Norwich University will celebrate its bicentennial in 2019. Learn more about the campaign and how to participate in the “Year of Transformation” here: bicentennial.norwich.edu.

Devices Spawn An Internet Of Evil Things Say Global InfoSec Execs

Oh great. The world’s internet security professionals are increasingly worried about what they are calling the Internet of Evil Things.

These concerns stem from the risks posed by connected Internet of Things (IoT) devices — a problem which is set to grow, even as resources and visibility into such connected devices have stagnated, according to a new survey.

The study of the views of more than 400 global IT security professionals, called “The Internet of Evil Things: Top Connected Device Threats 2016” by InfoSec outfit Pwnie Express shows that even as awareness of vulnerable devices grows in 2016, information security (InfoSec) professionals are not ready or equipped to manage the consequences.

The Connected Device Problem

According to the study, an overwhelming majority (86 per cent) of InfoSec professionals are concerned with connected device threats, with 50 per cent either “Very” or “Extremely” concerned.

Their fears have risen sharply in the last 12 months, with 67 per cent more worried about connected device threats than they were a year ago.

Perhaps most troubling is what is driving their concerns — first-hand experience. More than half (55 per cent) have witnessed an attack via wireless device, and 38 per cent have witnessed an attack via mobile device, according to the study’s authors.

Blame is also sheeted home to the proliferation of wireless and mobile devices and the prevalence of BYOD and BYOx environments. In fact, more than a third of those surveyed said they didn’t know even how many devices were connected to their networks.

(Original Article)

Information security professionals may not be prepared for IoT after all

Risk and concern surrounding the Internet of Things (IoT) continues to grow, while related security resources and visibility into connected devices stagnates, according to new research sponsored by Pwnie Express, the wireless threat detection solutions provider.

As a result, even with awareness of vulnerable devices at an all time high, information security professionals are not ready or equipped to address the growing threat of the IoT, the research suggests.

According to the report, today, 86% of information security professionals are concerned about connected device threats, with 50% either ‘very’ or ‘extremely concerned’.

Furthermore, the majority (67%) are more worried about connected device threats than they were a year ago, with first- hand experience driving heightened concern – 55% have witnessed an attack via wireless device, and 38% have witnessed an attack via mobile device.

(Original Article)

Study argues InfoSec workers not able to deal with IoT enterprise security concerns

Good news and bad news: information security professionals are becoming more aware of the risks presented by the proliferation of endpoints through the Internet of Things (IoT), but they are struggling to prepare to address the growing threat.

That is the verdict from a new piece of research from Pwnie Express. In a report entitled ‘The Internet of Evil Things’, which polled more than 400 global IT security professionals, the researchers argued Coolpad devices were the more frequently vulnerable mobile hotspot, while HP printers were considered a particularly dangerous backdoor.

Pwnie Express CEO Paul Paget said: “As the IoT universe continues to grow, the corresponding attack surface for malicious actors is growing, giving them an easy and unsecured way into your organisation’s most sensitive information – and this has understandably put information security professionals on edge. Yet, despite ever-growing concerns around the proliferation of connected devices on and around their networks, more than one-third of organisations admit to having no BYOD policy in place at all and only 24% actually have a budget in place for BYOD security technology.

“This tells us that security professionals desperately need help educating the corner office and those in charge of the purse strings about the new evils and dangers their organisations face in our ever-evolving IoT world,” he added.

(Original Article)

Threat geography: Why certain kinds of cyberattacks come from certain places

Everyone is everywhere

Finally, while these broad trends are important to keep in mind, it’s just as important to not let them blind you to the diverse array of threats coming from all directions. “It’s dangerous to fall into threat categorizations, as not all bots are from Russia, and not all Chinese are after US military secrets,” says Jayson Street, InfoSec Ranger from Pwnie Express. “Security professionals make themselves vulnerable to attacks when they don’t investigate the possibility of that 419 being from Kansas or Paraguay. The internet has no borders, boundaries or categories. Attackers are global, profit-driven individuals. While you may physically know your neighbors and border countries, on the internet you’re just a number. Attackers don’t see region or nationality; they see IP addresses, and profitable possibilities.”

(Original Article)

Listen to the Security Shark Tank Pwnie Express Spotlight Podcast Now!

Company Description:

Pwnie Express provides threat detection for the billions of wireless and wired devices in and around your workplace. By automating wireless and wired device detection, Pwnie solutions continuously detect the devices on or around your network that are open pathways for attackers.

Areas of focus:

BYOD

Internet of Things Security

Describe the business challenge your solution addresses:

The ability to visualize, fingerprint, and analyze the behavior of devices on your network is critical for threat detection, BYOD policy enforcement, remote vulnerability assessment, resource inventory management, bandwidth optimization and more. Pwnie Express’s Pwn Pulse provides real-time, automatic detection of all wireless and wired devices in your workspaces.

(Original Article)

The Risk of Open WiFi on Display at RSA

VIDEO: Once again the RSA Conference decided to use unencrypted WiFi, and once again it’s time to (re)learn why that’s a bad idea.

SAN FRANCISCO–Security experts from around the globe descended on the Moscone Center here this week for the annual RSA Conference, which provided free WiFi throughout the sessions and exhibit halls. While the WiFi has been generally available, there has been one key problem with it–it’s unencrypted.

(Original Article)

Internet of Evil Things Report

The team at PWNIE Express have just released their Internet of Evil Things Report for 2016. The report is a sobering discussion as to how badly behind we are in attempting to resolve the Infosec puzzle.

While we have made gains in traditional infosec management and monitoring, there is still a vast area of connectivity we have failed to address. If your interested in INFOSEC, run a network or are just curious as to what the next areas of security concern are, head along to their website and register for the report. Its worth the read.

(Original Article)