Inside
Inside Security

Inside Security (Mar 13th, 2017)

David’s Take: enterprise email encryption tools

I have been testing and writing about email encryption products for many years, and today I review five of them for Network World; four of which employ encryption gateways and one that’s end-to-end. The good news is that the products are finally easy enough to use for the general public. The five vendors include two that I reviewed in 2015: HPE/Voltage Secure Email and Virtru Pro. The other three are Inky (the end-to-end product), Zix Gateway, and Symantec Email Security.cloud. Zix was the overall winner in terms of ease of use and features.  The link also includes a three minute screencast that shows you how the data leak protection features work. – NETWORK WORLD

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top Story – Zero Day Traits

A new study from the RAND Corporation about zero-day vulnerabilities shows some interesting trends. First, Zero-day exploits and their underlying vulnerabilities have a rather long average life expectancy of almost seven years. That long timeline plus low collision rates—the likelihood of two people finding the same vulnerability (approximately six percent per year)—means the level of protection afforded by disclosing a vulnerability may be modest at best. Also, keeping quiet about—or “stockpiling”—vulnerabilities may be a reasonable option for those entities looking to both defend their own systems and potentially exploit vulnerabilities in others.

  • Email gray
  • Permalink gray

Funding and M&A

RiskSense, the developer of a cyber risk management platform with offices in Sunnyvale and New Mexico, closed a $14M series A round led by Paladin Capital Group. The company was founded as a technology transfer from the New Mexico Institute of Mining and Technology to commercialize the university's cyber security research and is led by Srinivas Mukkamala.

KnowBe4 has raised a $4M round led by Elephant Partners. The phishing and security awareness firm is based in Clearwater Fla. and founded by Stu Sjouwerman.

Id.me has raised a $19M series B round led by FTV Capital. The digital identity firm is based in the DC area and founded by Blake Hall.

Garrison Technology has raised $14.6M  round and led by Touchstone Innovations. The anti-malware firm is based in London and founded by David Garfield.

  • Email gray
  • Permalink gray

Reports

Security researcher Scott Helme reports on the usage of encrypted web protocols. He found it is on the rise among the top most-visited websites. He scans these sites daily and reports: the absolutely enormous jump in the adoption of Content Security Policy. In the last 6 months there has been a 166% increase in the number of sites deploying CSP in the Alexa Top 1 Million which represents a great success. He put the data about these and other secure web protocol usage into a publicly available Google Doc Spreadsheet, Alexa Top 1 Million Scan Results. -- SCOTT HELME BLOG

  • Email gray
  • Permalink gray

Security researchers at Seattle-based IOActive found multiple critical vulnerabilities in supposedly secure messaging app Confide. These include impersonating another user by hijacking an account session or by guessing a password, learning the contact details of Confide users, becoming an intermediary in a conversation and decrypting messages, and potentially altering the contents of a message or attachment in transit without first decrypting it. The app has become a favorite of the Trump White House. -- CYBERSCOOP

  • Email gray
  • Permalink gray

The Information Technology and Innovation Foundation published an interesting report last week that shows a third of the reviewed government-based websites failed the test for SSL certificates. Even more depressing: 92 percent of the most popular sites fail to meet at least one of the basic standards for security, speed, mobile friendliness, or accessibility. The study looks at a sample of 300 sites drawn from the more than 6,000 websites and more than 400 domains operated by the feds. – ITIF REPORT

  • Email gray
  • Permalink gray

Using outdated Javascript libraries in your website is a big problem. This survey of a sampling of websites found that nearly seven percent of jQuery includes, 40% of Angular queries, and an astonishing 87% of Handlebars includes use vulnerable JS versions. The researchers explain their methodology and provide a list of 72 different JS libraries. Sadly, there is no quick fix with a lot of complexities and issues to resolve to make JS more secure.  – THE MORNING PAPER BLOG

  • Email gray
  • Permalink gray

Just for fun

“Assume women know things. Provide real intelligence and value when you speak with them, or get out of the way so they can find a different colleague.” This from a 20-something female CEO that speaks her mind with the provocatively-titled essay, Running a Business With Boobs. – MEDIUM BLOG

  • Email gray
  • Permalink gray

Subscribe to Inside Security

MORE NEWSLETTERS

Small x2 635961444810294824 marijuana

Inside Cannabis

Financial, legislative, agricultural, and all the other most important news about the cannabis industry

TWICE WEEKLY
Small x2 giphy

Inside Cannabis

TWICE WEEKLY

SUBSCRIBED!

Share via

Small x2 screen shot 2016 09 18 at 8.55.07 pm

Inside Retail

Tracking the latest trends in consumer goods and services.

TWICE WEEKLY
Small x2 1auw39

Inside Retail

TWICE WEEKLY

SUBSCRIBED!

Share via

Small x2 screen shot 2016 08 22 at 1.39.14 pm

Inside San Francisco

Fascinating news and highlights from around the Bay Area

DAILY
Small x2 mqhbsmc

Inside San Francisco

DAILY

SUBSCRIBED!

Share via

Small x2 shutterstock 173668979 680x400

Inside Dev

Breaking news and info for developers

WEEKLY
Small x2 giphy %282%29

Inside Dev

WEEKLY

SUBSCRIBED!

Share via