Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Endpoint security. Show all posts
LLM security
Cyber Security endpoint detection and response Endpoint security Garner LLM security

How are LLMs with Endpoint Data Boost Cybersecurity


The issue of capturing weak signals across endpoints and predicting possible patterns of intrusion attempts is ideally suited for Large Language Models (LLMs). The objective is to mine attack data in order to improve LLMs and models and discover new threat patterns and correlations.

Recently, some of the top endpoint detection and response (EDR) and extended detection and response (XDR) vendors were seen taking on the challenge. 

Palo Alto Network’s chairman and CEO Nikesh Arora says, “We collect the most amount of endpoint data in the industry from our XDR. We collect almost 200 megabytes per endpoint, which is, in many cases, 10 to 20 times more than most of the industry participants. Why do you do that? Because we take that raw data and cross-correlate or enhance most of our firewalls, we apply attack surface management with applied automation using XDR.” 

Co-founder and CEO of Crowdstrike, George Kurtz stated at the company’s annual Fal.Con event last year, “One of the areas that we’ve really pioneered is that we can take weak signals from across different endpoints. And we can link these together to find novel detections. We’re now extending that to our third-party partners so that we can look at other weak signals across not only endpoints but across domains and come up with a novel detection.” 

It has been demonstrated that XDR can produce better signals with fewer noise. Broadcom, Cisco, CrowdStrike, Fortinet, Microsoft, Palo Alto Networks, SentinelOne, Sophos, TEHTRIS, Trend Micro, and VMware being some of the top providers of XDR platforms.

Why LLMs are the new key element of Endpoint Security?

Endpoint security will evolve with the inclusion of telemetry and human-annotated data by enhancing LLMs. 

As per the authors of Gartner’s latest Hype Cycle for Endpoint Security, endpoint security technologies concentrate on faster, automated detection and prevention as well as remediation of attacks, to power integrated, extended detection and response (XDR), which correlates data points and telemetry from endpoint, network, emails, and identity solutions.

Compared to the larger information security and risk management market, spending on EDR and XDR is expanding more quickly. As a result, there is more intense competition across EDR and XDR providers.

According to Gartner, the market for endpoint security platforms will expand at a compound annual growth rate (CAGR) of 16.8% from its current $14.45 billion to $26.95 billion in 2027. With an 11% compound annual growth rate, the global market for information security and risk management is expected to reach $287 billion by 2027 from $164 billion in 2022.  

Read more »
Vulnerabilities and Exploits
Data Leak Endpoint security GPUs side-channel attacks Vulnerabilities and Exploits

Modern GPUs Susceptible to Latest GPU.zip Side-Channel Assault

 

Researchers from numerous American universities have discovered that nearly every contemporary graphics processing units (GPUs) are vulnerable to a brand-new kind of side-channel attack that could be employed to steal sensitive information. 

GPU.zip is a novel attack method discovered and reported by representatives from the University of Texas at Austin, Carnegie Mellon University, the University of Washington, and the University of Illinois Urbana-Champaign. 

The GPU.zip attack employs hardware-based graphical data compression, an optimization in modern GPUs that is created for enhancing performance.

"GPU.zip exploits software-transparent uses of compression. This is in contrast to prior compression side channels, which leak because of software-visible uses of compression and can be mitigated by disabling compression in software,” the researchers stated.

GPU.zip can be used to compromise a device by tricking the targeted user into visiting a malicious website, unlike many other recently revealed side-channel attacks that require physical access to the target device. Through this technique, the attacker's website is able to steal data from other websites that the victim is actively visiting. 

The method can specifically be used by the malicious website to steal individual pixels from another site that is open at the same time. This allows for the theft of visible information on the screen, such as usernames, which can be exploited to deanonymize a user.

While most websites that save sensitive information are designed to avoid this type of leakage, certain popular sites are still vulnerable. 

The researchers demonstrated the attack through stealing the targeted individual's username, which is displayed in the upper right corner of Wikipedia. It is worth mentioning, however, that obtaining the information via a GPU.zip attack takes a significant amount of time.

The researchers' two experiments took 30 minutes and 215 minutes to establish the Wikipedia login. Nevertheless, developers should verify that their websites are not vulnerable by configuring them to refuse being integrated by sites from other domains. 

In March 2023, AMD, Apple, Arm, Intel, Nvidia, and Qualcomm were given information on the discoveries and proof-of-concept (PoC) code, but none of them had committed to releasing updates by September 2023. 

The attack has been demonstrated to operate with the Chrome web browser. Other popular browsers, such as Safari and Firefox, are unaffected. Google was also alerted about the potential risk in March 2023, but the internet giant is currently debating whether and how to fix the issue, the researchers added.
Read more »
Technologies
Agriculture Agriculture industry Cyber Security Endpoint security farmers Food Supply Chain Hackers Technologies

Agriculture Industry Should be Prepared: Cyberattacks May Put Food Supply Chain at Risk


Technological advancement in the agriculture sector has really improved the lives of farmers in recent years. Along with improved crop yields and cutting input costs, farmers can keep an eye on their crops from anywhere in the world.

Now, farmers can even use drone technology without having to transverse countless acres. They can monitor the movements, feeding, and even chewing patterns of every cow in their herd. However, a greater reliance on technology could endanger our farmers. More technology means more potential for hacks that might put the food supply chain in danger. 

For more such technologies, like automated feeding and watering systems, autonomous soil treatment systems or even smart heat pumps or air conditioners, that enable connecting to the internet – known in the security circles as “endpoints” – there is a risk of their vulnerabilities being exploited by threat actors. 

It is crucial that software manufacturers in the agriculture industry give security a high priority in their components and products in order to proactively address these dangers. From the farm to the store, security must be integrated into every step of this supply chain to guarantee that entire systems are kept safe from any potential intrusions. These are not some simple threats, hackers are employing ransomware to target specific farms while jailbreaking tractors. More than 40,000 members of the Union des producteurs agricoles in Quebec were affected by a ransomware attack earlier this month. 

However, it could be difficult to stay protected from all sorts of risks, considering the complexity of new technologies and the diversity in applying them all. From enormous refrigeration units to industrial facilities with intricate operations and technology to networked and more autonomous farming equipment, all pose a potential security risk.

In order to minimize the risk, it is important for the endpoints to adopt the latest embedded security protocols and ensure that all the farm devices are updated with the latest security patches. 

It is interesting to note that humans proved to be a weak link in the cybersecurity chain. It will be easier to prevent some of the most frequent mistakes that let hostile actors in if businesses practice "cyber hygiene," such as adopting two-factor authentication and creating "long and strong" (and private) passwords for every user. Cybercriminals, unlike farmers, are often fairly sluggish, so even a tiny level of security can make them move their nefarious operations elsewhere.

Moreover, education and a free flow of information turn out to be the best tool to safeguard the entire food supply chain. In order to maintain a reliable and resilient food supply chain, it has been suggested that stakeholders work together in sharing information in regard to the best measures ensuring better cybersecurity standards – which may include software manufacturers, farmers, food processors, retailers and regulators.  

Read more »
Web browsing
Cloud Computing Cyber Security Cybersecurity Endpoint security Remote Work Web browsing

The Rising Popularity of Remote Browser Isolation

Browser Isolation

The Importance of Browser Isolation in a Remote Work Environment

The COVID-19 pandemic has caused a seismic shift in the way we work, with remote work becoming the norm for many organizations. While this has brought numerous benefits, it has also presented new security challenges. In response, companies have turned to remote browser isolation as a solution. 

According to the "Innovation Insight for Remote Browser Isolation" report by Menlo Security, remote browser isolation is a rapidly evolving technology that is gaining popularity due to its ability to provide a secure browsing experience. In this blog, we will explore some of the key findings of this report and examine the growing importance of remote browser isolation in today's business landscape.

Amit Jain, who holds the position of Senior Director of Product Management at Zscaler, a cloud-based security company, suggests that due to the increasing number of remote employees utilizing cloud services, browser isolation has become essential in safeguarding both corporate cloud services and the employee's device.

He says, "For modern enterprises, the Internet is now the corporate network. This shift has enabled workers to work from anywhere while being able to access the information they need for their jobs through cloud-based apps and private apps via the Web, while this has provided maximum flexibility to workers, it has also significantly expanded the attack surface and has the potential to expose data."

Key Trends in Remote Browser Isolation: An Analysis of Menlo Security's Report

1. Growing Popularity of Remote Browser Isolation: It is quickly gaining traction as a key security technology, with many organizations recognizing its ability to protect against web-based threats.

2. Increased Need for Scalable Solutions: As more companies adopt remote work policies, the need for scalable remote browser isolation solutions has become more pressing. Many companies are exploring cloud-based solutions to meet this need.

3. The Importance of User Experience: Despite its security benefits, remote browser isolation can be challenging to implement in a way that provides a seamless user experience. The report highlights the importance of user experience in driving the adoption and suggests that solutions that prioritize ease of use are likely to gain traction.

4. New Threats and Attack Vectors: As with any security technology, remote browser isolation is not immune to evolving threats and attack vectors. The report discusses some of the emerging threats that remote browser isolation must contend with and suggests that ongoing innovation in this space will be critical in order to stay ahead of attackers.

5. Integration with Other Security Technologies: Remote browser isolation is most effective when integrated with other security technologies such as secure web gateways and endpoint security solutions. 

Browser Isolation Solutions: Will companies isolate?

Gartner says, "By 2022, 25% of enterprises will adopt browser isolation techniques for some high-risk users and use cases, up from less than 1% in 2017. By effectively isolating endpoints from browser-executable code, attacks that compromise end-user systems will be reduced by 70%, while eliminating the need to detect or identify malware."

Larger companies operating in regulated industries have tended to adopt remote browser isolation due to its ease of deployment and its physical air gap, which provides an additional layer of security. 

Small and medium-sized enterprises tend to opt for local browser isolation technology due to its flexibility. As expected, vendors have varying opinions on whether standalone or integrated solutions are preferable.

Mr. Jain from Zscaler said "The technology should be fully integrated into the zero trust platform providing threat protection for all Web activity and preventing data loss from sanctioned SaaS and corporate private apps. Moreover, HTML smuggling [and other] attacks can be better thwarted by an architecture which involves a tighter combination of browser isolation and sandbox technologies."

As cloud usage has increased, browser isolation has become even more important. Cloud services are often accessed through web browsers, and if a user's device is compromised, the sensitive data stored in the cloud is also at risk. However, using browser isolation significantly reduces the risk of a data breach.

Mark Guntrip, senior director at Menlo Security, said "It's not the fact of what we do — it's the fact that we do it without interfering with that digital experience of the end user." So they can interact with whatever they want. They can click on whatever they want, but we hold anything that's active away from them"



Read more »
Subscribe to: Posts (Atom)