Reflections on Black Hat USA

Posted by Arthur Braunstein on Aug 17, 2016 6:49:53 PM

 

This year’s Black Hat USA conference was bigger and badder than ever, with attendance up nearly 30% according to show organizers. Of all the security conferences, Black Hat has the most clear divide between the technical practitioner side and the security vendors, and the main themes varied depending on which side of the divide you were standing.  From the practitioner side, these ranged from enhancing technical skills (excellent training) to strategies and threats, to leadership and alignment with the business. The instructors and presenters were world class, the content was superb, and thoughtfulness and creativity were everywhere.

All good for the practitioners and kudos to the organizers. On the vendor side, things were a little more nuanced.

Read More

Topics: Exploits, Moving Target Defense, Endpoint Security

The Future of Intrusion Detection

Posted by Mordechai Guri on Aug 10, 2016 6:00:00 PM

It’s always an interesting exercise to extrapolate from current technologies and industry challenges to sketch the future landscape. This especially holds true for cyber security, with its rapid growth and change as new threat types, targets and counter techniques emerge almost daily. While hard and fast predictions fall beyond my purview, I see several trends likely to dominate the field in the upcoming years, particularly around intrusion detection.

Read More

Topics: Endpoint Security, cybersecurity

Black Hat Goers Pessimistic About the Cyber Security Future

Posted by Morphisec Team on Aug 4, 2016 6:43:02 PM

Black Hat USA is in full swing, and cyber experts in every field have descended on Vegas to catch up on the latest cyber threat research, see the latest security technologies and cram in as much hacking and fun as possible into a few short days. However, despite their obvious dedication to the industry, these same industry experts do not see a rosy cyber future.

For the second year in a row, Black Hat organizers conducted a survey of conference attendees, publishing the results in a report titled, “2016: The Rising Tide of Cybersecurity Concern.”

Read More

Topics: Events, Endpoint Security, cybersecurity

Morphisec On Cyber Security

Posted by Morphisec Team on Aug 3, 2016 11:00:00 AM

One of Morphisec’s mandates is to share our expertise with the industry at large. You’ll find bylines and commentary by team members in numerous publications on everything from the cyber security implications of Brexit to improving supply chain cyber security. Following are a few of the latest articles by Morphisec experts.

Read More

Topics: Company, Industry News, Endpoint Security, Mordechai Guri, ransomware

Don’t Gamble With Your Cybersecurity: Join Morphisec in Las Vegas at Black Hat 2016

Posted by Morphisec Team on Jul 26, 2016 9:41:58 AM

Next week begins Black Hat USA 2016, held July 30 – August 4 at the Mandalay Bay Convention Center in Las Vegas. In its 19th year, the iconic cyber security conference still retains an air of mystique despite its acquired patina of glitz and business. Black Hat begins with four days of intensive hacker training, delving in-depth into the tools and techniques the bad guys are using. The ability to think like a hacker is of enormous importance in developing better cyber defenses – what better place to practice it than Sin City?

Read More

Topics: Company, Events, cybersecurity

Protect Your Company against Exploit Kits with Moving Target Defense

Posted by Michael Gorelik on Jul 12, 2016 12:10:54 PM

There are kits for everything these days: beer brewing, engine tuning, and, yes, hacking. Hacking's “exploit kits” (EKs)—toolkits with packaged exploit codes—let almost anyone become a digital intruder, from the guy down the hall to the nation-state operator oceans away. I'm going to share some key areas you need to be aware of when preparing for an EK-driven attack.

Read More

Topics: Exploits, Endpoint Security, Exploit Kit

The King is Dead, Long live the King: Angler May Have Disappeared but Neutrino Quickly Fills In

Posted by Michael Gorelik on Jul 6, 2016 5:11:36 PM

Angler Hangs Up Its Pole

Back in April, more than 80% of drive by download attacks were attributed to Angler. Now? Nearly zero. Speculation abounds regarding its disappearance earlier this month. A vacation by Angler operators? Black market price wars? But the close timing to the roundup in Russia of 50 criminals associated with the Lurk banking Trojan attacks seems the most likely culprit. In this case, Angler may be off the table for good. Unfortunately, Angler’s apparent demise didn’t slow down cyber criminals for long; they simply switched to Neutrino.

Read More

Dridex is Back with a Vengeance. Adding More Evasion Techniques to its Arsenal.

Posted by Michael Gorelik on Jul 2, 2016 8:29:11 PM

The disappearance of Angler has left a gaping hole in the malware market which cybercriminals are only to happy to fill with new variants of old standbys. The latest to reemerge after a period of disuse are Locky and Dridex. A new Locky campaign spotted in the wild on June 20 is analyzed by Pierluigi Paganini on the Security Affairs site. Now a bigger and badder Dridex has reappeared, with more sophisticated evasion tactics, including a new sandbox evasion technique.

Read More

Topics: Exploits, Exploit Kit, Sandbox evasion

How to Stack the Deck Against Attackers. Gartner Security Summit Recap.

Posted by Ronen Yehoshua on Jun 23, 2016 12:26:53 PM

Last week’s Gartner Security & Risk Management Summit crammed several months’ worth of information, analyses, workshops and networking into 3 ½ short days.  As expected, everything related to cyber security was particularly hot. Though many messages were familiar, a shift could be detected, a recognition that the landscape is transforming and innovation is called for.

Read More

Topics: Events, Endpoint Security, CISO, SecOps

There’s a Madness to the Method - Surreal Logic in Cybersecurity

Posted by Arthur Braunstein on Jun 15, 2016 1:23:26 AM

 

Imagine a conversation like this.

ASPIRING VIOLINIST:  Maestro, what should I do to be a violin virtuoso?

MAESTRO: You must practice 48 hours every day on the tuba. I will sell you a tuba.

ASPIRING VIOLINIST:  But there are only 24 hours in a day. Did you say tuba?

MAESTRO: If you won’t follow my advice, I can’t help you.

More Madness than Method

It sounds absurd, but conversations like this unfold daily when enterprise cyber practitioners meet with industry vendors and security consultants. The industry tells them that they are not doing enough. They must install more security technology, hire more analysts, and patch more frequently. This may seem simple; merely a matter of budget and execution. But the technology is not up to the task and the cost of following this advice to the letter would force enterprises to spend themselves out of existence. And it still wouldn’t work. Not enough hours, wrong instrument.

Read More

Topics: Exploits, Moving Target Defense

Welcome to our Blog

Keeping you in the loop with company updates, industry insight, cyber security trends, and cyber attack information.

Subscribe to Newsletter

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....