How to Build a Security Operations Center (SOC) on a Budget
Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.
October 1, 2019.
By the CyberWire staff
The oligarch behind the Internet Research Agency that worked its influence mischief from St. Petersburg has come under new sanctions imposed by the US Treasury Department. Yevgeniy Prigozhin has been sanctioned before, but this time his yachts and private jets are specifically named. He may find it difficult to ride them into non-Russian ports-of-call, Fifth Domain notes. Mr. Prigozhin is variously described as "founder," "financier," or "owner" of the troll farm.
There are also purely criminal use cases for disinformation, as a Recorded Future study concludes. Much of it takes the form of meretricious and dishonest advertising and apple-polishing, and there's enough demand to sustain a disinformation-as-a-service market. Bulk social media campaigns are prominent offerings.
An internal EU policy document from the European Commission’s Directorate-General for Communications Networks, Content and Technology has leaked, and shows the EU as being of two minds with respect to foreign technology. It wants Chinese and US tech, but it fears them as well. The leaked document recommends an urgent “initiative for technological sovereignty," Bloomberg reports.
Among the many observations on trends out today is one from Emsisoft: more than six-hundred government entities in the US, mostly state and local organizations, have been hit with ransomware this year, and Emsisoft thinks it's going to get worse. Politico grouses that legislators are either out of ideas or indisposed to act, and a Help Net Security op-ed argues for collective defense as local government's best option.
NSA has launched its new Cybersecurity Directorate, the Washington Post reports.
Today's issue includes events affecting Australia, China, European Union, France, Iran, NATO/OTAN, New Zealand, Russia, Saudi Arabia, Turkey, United Kingdom, United States, Venezuela, and Zimbabwe.
Bring your own context.
As cyberattacks become more consequential, and more destructive, there are lessons to be learned from incident response in other sectors.
"We don't have to recreate what to do here. The incident command system was first developed by a guy named Alex Brunacini and Phoenix Fire Department, where he was trying to figure out how to deal with wildfires that were occurring in Phoenix and the surrounding areas where you'd have to coordinate response amongst all kinds of different fire departments. So he built this thing called the Incident Command System, and it's a method to make decisions and understand an organizational hierarchy when you have to put a hierarchy together all at once in a hurry. Well, interestingly enough, in a large-scale incident in a company, you have the same problem because you can't rely on the structure of the company to respond to that incident. The CEO is on a plane for the next 12 hours. The next person in charge doesn't know anything about cybersecurity. And three of the other executives you can't get a hold of because all your systems are down, so you've got to have a way to respond where you're responding, in a lot of ways, from the bottom up with people that are specially trained in how to do this. And I think as companies realize more and more that this is a business recovery type of incident, we're starting to see those tools that come from the realms of incident response or the military and get re-translated into cybersecurity. And again, the good news is we don't have to reinvent how to do this. We just have to translate it into cybersecurity."
—Caleb Barlow, CEO and president of Cynergistek, on the CyberWire Daily Podcast, 9.27.19.
What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
Second Annual DataTribe Challenge(Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
Cyber Security Summits: October 3 in NYC and October 17 in Scottsdale(New York City, New York, United States, October 3, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The U.S. Department of Justice, The FBI, Google, IBM, Darktrace, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
The 6th Annual Journal of Law and Cyber Warfare Symposium(New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email firstname.lastname@example.org for a chance to receive a complimentary ticket.
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
Vulnerability Summary for the Week of September 23, 2019(CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Plixer announces support for multi-vendor SD-WAN visibility(Yahoo) Plixer, the company that enables security and network teams to effectively collaborate and solve real-world challenges, today announces multi-vendor SD-WAN visibility available within its network and security intelligence platform, Scrutinizer. Supported vendors include VMware SD-WAN by VeloCloud, and
Facebook to Create Fact-Checking Exemptions for Opinion and Satire(Wall Street Journal) Facebook plans to allow opinion pieces and satire to be exempted from its fact-checking program, according to people familiar with the matter, as the social-media giant grapples with how to stop the spread of falsehoods while maintaining its own neutrality.
Teen Hackers Try to Convince Parents They Are Up to Good(Wall Street Journal) Teenagers across the country are forming hack clubs and trying to spread the word that hacking doesn’t always mean breaking into government servers or stealing bank data. Convincing teachers and parents of that isn’t always easy.
Legislation, Policy, and Regulation
Cyber eliminates distinction between war and peace(SC Magazine) "I feel I am now at war" says General Sir Nick Carter, UK chief of defence staff, as UK ups investement in offensive cyber-capabilities and Nato says ""Cyber-attack on one NATO state is an attack on all"
The New Cold War in Cyberspace(CIOReview) The New Cold War in Cyberspace By Liza Massey, CIO, County of Marin - During my 30+ years in the IT industry, most spent as a tech executive, I have watched with fascination and irritation the arms...
Indiana Putting $10 Million Toward Election Security(Government Technology) One in 10 direct recording electronic voting machines will have a small black box attached that will let voters see a printout of ballots, providing a paper trail that can be used in post-election audits.
Pompeo was on Trump call with Ukrainian President (CNN) Secretary of State Mike Pompeo was on the July 25 phone call between President Donald Trump and Ukrainian President Volodymyr Zelensky that has come under scrutiny following last week's release of a whistleblower complaint dealing, in part, with circumstances surrounding that conversation, a source familiar told CNN.
Probe continuing on Clinton emails(Arkansas Online) The State Department is continuing an investigation of email use among employees who worked for Hillary Clinton, former secretary of state, asking scores of current and former officials to submit to questioning by the bureau overseeing diplomatic security, former officials said Sunday.
Northern California Resident Charged with Acting as an Illegal Agent(US Department of Justice) The Department of Justice unsealed charges today in a criminal complaint charging Xuehua Peng, also known as Edward Peng, 56, for acting as an illegal foreign agent in delivering classified United States national security information to officials of the People’s Republic of China’s Ministry of State Security (MSS).
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Detect '19(National Harbor, Maryland, USA, September 29 - October 2, 2019) Insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Threat intelligence data is a valuable asset for security teams who unlock the value it contains.
SecureWorld Detroit(Detroit, Michigan, USA, October 1 - 2, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Kansas City Cybersecurity Conference(Kansas City, Missouri, USA, October 3, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Australian Cyber Conference 2019(Melbourne, Victoria, Australia, October 7 - 9, 2019) The Australian Information Security Association (AISA) is the premier industry body for information security professionals in Australia. As a nationally recognised not-for-profit organisation, AISA champions...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.