December 22, 2024

PayPal Buys Cybersecurity Firm, Creates Israel Hub

Posted on March 10, 2015 by in Security

Online payments group PayPal announced Tuesday it was acquiring Israeli cybersecurity firm CyActive and establishing a new security hub in Israel.

The terms of the deal were not announced, but some reports this week said PayPal, which is being spun off by online giant eBay, was paying $ 60 million for CyActive.

“Our goal is to extend our global security leadership, and bolster our efforts in predictive threat detection and prevention,” said PayPal chief technology officer James Barrese in a blog post.

“The acquisition of CyActive will bring great talent and immediately add ‘future-proof’ technology to PayPal’s world-class security platform. With CyActive, we’ll have even more ways to proactively predict and prevent security threats from ever affecting our customers.”

The move comes with the finance sector increasingly under attack from hackers. In recent months, major companies have disclosed data breaches affecting tens of millions of customers, with credit card or financial information leaked in some cases.

CyActive, which launched in 2013, specializes in “predictive cybersecurity,” or heading off online attacks before they happen.

The company’s website claims it has “an unprecedented ability to automatically forecast the future of malware evolution, based on bio-inspired algorithms and a deep understanding of the black hats’ hacking process.”

Online retail giant eBay unveiled plans last September to spin off PayPal, aiming to help the unit compete better in the fast-moving online payments segment.

According to eBay, PayPal facilitates one in every six dollars spent online today.

And PayPal has moved into mobile payments with the acquisition of the payment processing group Braintree, boosting its own mobile platform called OneTouch.

Subscribe to the SecurityWeek Email Briefing

view counter

© AFP 2013


SecurityWeek RSS Feed

Insider vs. Outsider Threats: Can We Protect Against Both?

Posted on June 26, 2014 by in Security

Media reports affirm that malicious insiders are real. But unintentional or negligent actions can introduce significant risks to sensitive information too. Some employees simply forget security best practices or shortcut them for convenience reasons, while others just make mistakes.

Some may not have received sufficient security awareness training and are oblivious to the ramifications of their actions or inactions. They inadvertently download malware, accidentally misconfigure systems, or transmit and store sensitive data in ways that place it at risk of exposure.

Insider ThreatsPersonnel change too. Companies hire new employees, and promote and transfer individuals to new roles. They augment staff with temporary workers and contractors. New leadership comes onboard. Many of these insiders require legitimate access to sensitive information, but needs differ with changing roles, tenure, or contract length. It’s extremely challenging to manage user identities and access privileges in this environment, not to mention the people themselves. A person who was once trustworthy might gradually become an insider threat – while another becomes a threat immediately, overnight.

New technologies and shifting paradigms further complicate matters. The evolving trends of mobility, cloud computing and collaboration break down the traditional network perimeter and create complexity. While these new tools and business models enhance productivity and present new opportunities for competitive advantage, they also introduce new risks.

At the same time, you can’t ignore outsider threats which are responsible for the lion’s share of breaches. Since 2008, the Verizon Data Breach Investigations Report has shown that external actors – not insiders – are responsible for the vast majority of the breaches they investigated. Some of the top reasons why breaches were successful include: weak credentials, malware propagation, privilege misuse, and social tactics. These are precisely the types of weaknesses that trace back to the actions (or inactions) of insiders.

The question isn’t whether to focus on the insider or outsider threat. The question is how to defend against both – equally effectively.

What’s needed is a threat-centric approach to security that provides comprehensive visibility, continuous control, and advanced threat protection regardless of where the threat originates. To enable this new security model, look for technologies that are based on the following tenets:

Visibility-driven: Security administrators must be able to accurately see everything that is happening. When evaluating security technologies, breadth and depth of visibility are equally important to gain knowledge about environments and threats. Ask vendors if their technologies will allow you to see and gather data from a full spectrum of potential attack vectors across the network fabric, endpoints, email and web gateways, mobile devices, virtual environments, and the cloud. These technologies must also offer depth, meaning the ability to correlate that data and apply intelligence to understand context and make better decisions.

Threat-focused: Modern networks extend to wherever employees are, wherever data is, and wherever data can be accessed from. Keeping pace with constantly evolving attack vectors is a challenge for security professionals and an opportunity for insider and outsider threats. Policies and controls are essential to reduce the surface area of attack, but breaches still happen. Look for technologies that can also detect, understand, and stop threats once they’ve penetrated the network and as they unfold. Being threat-focused means thinking like an attacker, applying visibility and context to understand and adapt to changes in the environment, and then evolving protections to take action and stop threats.

Platform-based: Security is now more than a network issue; it requires an integrated system of agile and open platforms that cover the network, devices, and the cloud. Seek out a security platform that is extensible, built for scale, and can be centrally managed for unified policy and consistent controls. This is particularly important since breaches often stem from the same weaknesses regardless of whether they result from insider actions or an external actor. This constitutes a shift from deploying simply point security appliances that create security gaps, to integrating a true platform of scalable services and applications that are easy to deploy, monitor, and manage.

Protecting against today’s threats – whether they originate from the inside or the outside – is equally challenging. But they have a lot in common – tapping into many of the same vulnerabilities and methods to accomplish their missions. There’s no need to choose which to prioritize as you allocate precious resources. With the right approach to security you can protect your organization’s sensitive information from both insiders and outsiders.

Marc Solomon, Cisco’s VP of Security Marketing, has over 15 years of experience defining and managing software and software-as-a-service platforms for IT Operations and Security. He was previously responsible for the product strategy, roadmap, and leadership of Fiberlink’s MaaS360 on-demand IT Operations software and managed security services. Prior to Fiberlink, Marc was Director of Product Management at McAfee, responsible for leading a $ 650M product portfolio. Before McAfee, Marc held various senior roles at Everdream (acquired by Dell), Deloitte Consulting and HP. Marc has a Bachelor’s degree from the University of Maryland, and an MBA from Stanford University.

Previous Columns by Marc Solomon:


SecurityWeek RSS Feed

FireEye Unveils All-in-One Platform to Detect, Contain and Mitigate Threats

Posted on February 10, 2014 by in Security

FireEye, a provider of solutions that help companies block advanced cyber attacks, has expanded its FireEye Security Platform in an effort to offer customers a single solution that spans from threat detection and alerts to remediation.

The enhancements incorporate endpoint protection and managed security services from Mandiant, the company FireEye recently acquired for roughly $ 1 billion. Additionally, the updated platform includes new analytics and intrusion prevention capabilities, FireEye said. 

FireEye IPO

The FireEye Security Platform is powered by the company’s Multi-Vector Virtual Execution (MVX) engine that conducts signature-less analysis in a specialized sandbox to provide protection across the primary threat vectors—Web, email and files. FireEye’s Security Platform also has been updated to include FireEye Dynamic Threat Intelligence.

Overall, FireEye said that the new capabilities of its FireEye Security Platform include:

Intrusion Prevention System – A new intrusion prevention system applies FireEye’s MVX technology to validate attacks and minimize the time and resources security teams spend investigating false alerts. Users get actionable insight from validated alerts so they can focus on alerts that present the greatest risk and accelerate incident response.

Endpoint Threat Detection & Response – The platform now incorporates Mandiant’s endpoint threat detection and response products (formerly sold as Mandiant for Security Operations). FireEye customers can now confirm when network and email alerts result in compromise.

Threat Analytics – New threat analytics capabilities allow security teams to apply FireEye’s threat intelligence to security event data generated from their existing security infrastructure so they can find and scope attacks as they are unfolding. A cloud-based solution, the threat analytics can perform real-time correlation of event logs against FireEye’s threat intelligence to identify when attackers are active in an environment.

Managed Defense Subscription Services – New subscription services build on FireEye’s continuous monitoring subscription service by offering additional expertise from Mandiant’s Managed Defense service. Organizations will now be able to choose from an expanded menu of monitoring and protection services and draw on FireEye security analysts to actively hunt for adversaries to find and stop attacks as they begin to unfold.

“FireEye is enabling us to address new layers of security infrastructure with the advanced technology that made their core products so effective,” said Brandy Peterson, CTO, FishNet Security. “The new platform will allow us to approach our customers with the right mix of new technology, updates for outdated products and services to help protect them from today’s advanced attacks.”

The new products and services are expected to be available during the first half of 2014, the company said.

Managing Editor, SecurityWeek.

Previous Columns by Mike Lennon:


SecurityWeek RSS Feed