Thursday, February 12, 2015

Cyber Security ML

Companies

Founder and CTO of Palo Alto Networks Nir Zuk
Cloud Platform Product Manager at Google
the Chief Information Security Officer at FireEye
Chief Privacy Officer at McAfee
Daniel Caselles is the co-founder and CTO at Authenware Corporation
http://www.authenware.com/
http://www.authenware.com/presentations/AuthenWare-%20Product-Datasheet-082312.pdf

BlueBox

https://bluebox.com/whitepaper-download/

https://bluebox.com/
WHITEPAPER
Ushering in a New Era in Mobile Data Security

The rapid acceleration of BYOD combined with the explosion of mobile applications has created the perfect storm for enterprise CISOs. Traditional mobile solutions like MDM and MAM address components of the problem, but are often too restrictive for today’s demanding mobile worker, unintentionally incenting behavior that puts the enterprise at risk. A new era of mobile data security has dawned, allowing CISOs the data visibility, control and security they need and providing employees freedom, ease-of-use and privacy without compromising security. Learn more about the market drivers shaping mobile data security today and what to expect from next generation solutions.

Nir Hasson
Enterprise Sales Director, North America
TrapX Security

2014 – Present (1 year)San Francisco Bay Area

TrapX Security (www.trapx.com) is a leading provider of APT/Cyber Kill Chain technologies to protect both on-premises and cloud-based assets. TrapX 360 platform captures 0-day and advanced threats in real-time with no false positives. The solution is based on a unique, patented sensors grid that detects, captures, and disrupts malware - once bypassing the perimeter defenses - from spreading into organizations’ critical assets.

Publications

Implicit Authentication through Learning User Behavior
 Elaine Shi1 , Yuan Niu2 , Markus Jakobsson3 , and Richard Chow1 1 Palo Alto Research Center emails: eshi@parc.com,rchow@parc.com 2 University of California, Davis email: yniu@ucavis.edu 3 FatSkunk email: markus@fatskunk.com
 Abstract.
Users are increasingly dependent on mobile devices. However, current authentication methods like password entry are significantly more frustrating and difficult to perform on these devices, leading users to create and reuse shorter passwords and pins, or no authentication at all. We present implicit authentication - authenticating users based on behavior patterns. We describe our model for performing implicit authentication and assess our techniques using more than two weeks of collected data from over 50 subjects. Keywords security, usability, implicit authentication, behavior modelling
https://www.cs.umd.edu/~elaine/docs/isc.pdf

On the (In)Security of Mobile Two-Factor Authentication

Alexandra Dmitrienko2 , Christopher Liebchen1 , Christian Rossow3 , and Ahmad-Reza Sadeghi1 1 CASED/Technische Universit¨at Darmstadt, Germany 2 CASED/Fraunhofer SIT Darmstadt, Germany 3 Vrije Universiteit Amsterdam, The Netherlands email:{christopher.liebchen,ahmad.sadeghi}@trust.cased.de, alexandra.dmitrienko@sit.fraunhofer.de, c.rossow@vu.nl

Abstract. Two-factor authentication (2FA) schemes aim at strengthening the security of login password-based authentication by deploying secondary authentication tokens. In this context, mobile 2FA schemes require no additional hardware (e.g., a smartcard) to store and handle the secondary authentication token, and hence are considered as a reasonable trade-off between security, usability and costs. They are widely used in online banking and increasingly deployed by Internet service providers. In this paper, we investigate 2FA implementations of several well-known Internet service providers such as Google, Dropbox, Twitter and Facebook. We identify various weaknesses that allow an attacker to easily bypass them, even when the secondary authentication token is not under attacker’s control. We then go a step further and present a more general attack against mobile 2FA schemes. Our attack relies on crossplatform infection that subverts control over both end points (PC and a mobile device) involved in the authentication protocol. We apply this attack in practice and successfully circumvent diverse schemes: SMS-based TAN solutions of four large banks, one instance of a visual TAN scheme, 2FA login verification systems of Google, Dropbox, Twitter and Facebook accounts, and the Google Authenticator app currently used by 32 third-party service providers. Finally, we cluster and analyze hundreds of real-world malicious Android apps that target mobile 2FA schemes and show that banking Trojans already deploy mobile counterparts that steal 2FA credentials like TANs. Keywords: Two-factor authentication, Smartphones Security, Banking Trojans, Cross-platform Infection
http://fc14.ifca.ai/papers/fc14_submission_127.pdf


Meetups

Cybersecurity with Next Generation Authentication

June 10, 2014 · 6:30 PM
http://www.meetup.com/software/events/184819352/


This talk will discuss the latest cybersecurity technologies to address the need for authentication in critical systems. The pervasiveness of fraud in financial services, government and gaming has led to a host of potential solutions including behavioral and physical biometrics. We will explore some of the science and mathematics behind the algorithms, and to maintain robust credentials that stay ahead of the hackers.
Daniel Caselles is the co-founder and CTO at Authenware Corporation
http://www.linkedin.com/pub/daniel-caselles/0/804/651


VIDEO: http://youtu.be/ffmfjkSfoiA

This video contains only the presentation. You might want to wait for a longer and better quality video from Danny Parrillo.

We also have an archived version of the webcast available. Get to it via the eventbrite registration:

https://www.eventbrite.com/e/next-generation-authentication-for-critical-information-security-tickets-11332316263
It requires MS Silverlight, but is very good quality.



Bob Long


Hello Cybersecurity “fans”,
Our next MC2IT forum is ‘Security in the Hybrid Era – EXPO and Panel Discussion’ and is being held June 25th at 5pm at the Santa Clara Convention Center.
Our panelists include the Founder and CTO of Palo Alto Networks Nir Zuk, the Cloud Platform Product Manager at Google, the Chief Information Security Officer at FireEye and the Chief Privacy Officer at McAfee. Anyone interested in this topic is encouraged to register at: www.mcsecurityforum.org
Or, please feel free to contact me at bobl@getfound.us

No comments:

Post a Comment