Top Security News
The busy week in cybersecurity included two news items at the federal level, as President Trump kicked off a digital security review and intelligence officials raised concerns about Kaspersky Lab software. Meanwhile, Cisco and Intel issued patches to fix vulnerabilities in major products. And around the cybersecurity industry, Okta, Exabeam and Crowdstrike were among the vendors that made moves this week.
Here are details on 11 key happenings in cybersecurity this week.
Trump Signs Executive Order On National Cybersecurity
President Trump Thursday signed an executive order that aims to improve the federal government’s cybersecurity practices and reduce its susceptibility to hackers. Specifically, the order directs federal officials to perform a full review of the country’s digital security vulnerabilities. “The executive branch has for too long accepted antiquated and difficult–to-defend IT,” the executive order reads in part. The order had gone through a number of revisions in recent months but appears to differ little from the prior two administrations in terms of cybersecurity policy.
Intelligence Agencies Say They’re Tracking Kaspersky Lab
During a Senate hearing Thursday on security threats, U.S. intelligence officials testified that they are concerned about the federal government using security software from Russia-based Kaspersky Lab. Officials from agencies including the CIA and NSA said they are not comfortable with using Kaspersky software, following questions from senators about whether the software could be used by the Russian government against the U.S. Vincent Stewart, the director of the Defense Intelligence Agency, told the Senate committee that his agency is “tracking Kaspersky and their software.” Kaspersky Lab responded with a statement to what it called the “false allegations,” saying the company “has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts.”
Cisco Patches WikiLeaks Security Vulnerability
In March, WikiLeaks exposed CIA documents that revealed a critical flaw in Cisco’s IOS software, which affected more than 300 models of routers and switches. This week, Cisco said it has patched the flaw, which had the potential to let attackers remotely executive malicious code and take control of affected devices. Cisco Monday released software updates that address the vulnerability and urged customers to install the fixed versions of the IOS.
Intel Fixes vPro Security Flaw
Thousands of enterprise PCs could potentially be vulnerable to a security flaw in Intel’s vPro processors, enabling hackers to take control of computers remotely, Intel said this week. The company said it has released a firmware update to address the issue, and expected PC makers to make updates available starting this week. Intel’s vPro processors are popular with business customers that purchase and deploy large fleets of computers. The flaw can potentially allow attackers to gain control of the manageability features on these products, according to Intel.
RedLock Raises $12M, Launches Channel Strategy
Cloud security startup RedLock said this week that it’s raised a $12 million Series A funding round and is rolling out a 100 percent channel strategy. The Menlo Park, Calif.-based company’s cloud security offering looks to provide visibility, monitoring and control over public cloud infrastructure. Sierra Ventures and Storm Ventures led the company’s Series A funding.
RedLock was created by CEO Varun Badhwar, a co-founder of cloud access security brokerage company CipherCloud. Badhwar told CRN that RedLock has signed up a handful of partners so far, who have already sourced and closed deals. He said RedLock would launch an official channel program soon.
Exabeam Unveils Partnership With Crowdstrike
Security intelligence platform company Exabeam said this week that it’s teaming up with cloud-delivered endpoint protection company Crowdstrike on a new security offering. The offering will involve tying together endpoint data from Crowdstrike’s Falcon product with user activity data monitored by Exabeam on corporate networks and in the cloud. The result is an offering that can provide “the best security intelligence available today” to customers, Exabeam said in a release.
Also this week Crowdstrike said it had expanded Falcon OverWatch, its managed threat hunting solution. The expansion will add options for guided response and remote incident management, Crowdstrike said.
Okta Gets FedRAMP Certification To Bring Aboard More Federal Customers
Newly public identity management firm Okta said this week that it has received Moderate certification in FedRAMP, the Federal Risk and Authorization Management Program. The certification “will make it easy for government agencies to attain the benefits of the cloud” using Okta’s offering, the company said. Okta’s government customers include the U.S. Department of Justice, the firm said.
Opaq Networks Acquires Drawbridge Networks
Network security-as-a-service provider Opaq Networks said this week that it has acquired micro-segmentation solution provider Drawbridge Networks. Herndon, Va.-based Opaq, which aims to offer a more centralized and simpler network security option for enterprises, said the addition of Drawbridge will expand its existing service by enabling the deployment of software agents on network endpoints. Terms of the acquisition were not disclosed. The deal follows Opaq’s $21 million Series A funding round in January.
Malwarebytes Fills Two New Executive Positions
Malware prevention and remediation specialist Malwarebytes this week said it has hired two executives to fill newly created positions. Raj Mallempati, who previously was vice president of global marketing at MobileIron, is now the first senior vice president of marketing at Malwarebytes. The company also brought aboard Elena Verna, formerly senior vice president of growth at SurveyMonkey, as Malwarebytes’ first senior vice president of growth. The new executives will help “to drive our company’s growth immensely over the next few years,” Malwarebytes CEO Marcin Kleczynski said in a news release.
Trusona Launches Password-Less Login Option For Salesforce
Identity authentication firm Trusona this week debuted a new offering for secure log-in to Salesforce.com, Trusona for Salesforce, that removes the need for passwords. The offering works by using a smartphone to scan a uniquely generated QR code on a computer, which logs the user into Salesforce. Trusona said it has included technology to prevent the QR code from being replicated.
Ransomware Attacks Hit Organizations Globally
A string of ransomware attacks, including a major attack on hospitals across the United Kingdom, were reported this week by organizations across a number of countries. In addition to the U.K. incidents, the BBC cited reports of ransomware attacks in countries including the U.S., Spain, Italy, Russia, China, and Vietnam. The attacks on National Health Service hospitals in the U.K. locked up IT and phone systems, and led hospitals to discourage visits by patients except in cases of emergency. In Spain, telecom firm Telefonica was among those reporting it had been affected by a cyberattack. Many of the attacks involved demands of Bitcoin payments in order to unlock computer systems, the BBC reported.