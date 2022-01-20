ContributorsPublishersAdvertisers
APIRO: A Framework for Automated Security Tools API Recommendation

By Zarrin Tasnim Sworna, Chadni Islam, Muhammad Ali Babar
 4 days ago

Security Orchestration, Automation, and Response (SOAR) platforms integrate and orchestrate a wide variety of security tools to accelerate the operational activities of Security Operation Center (SOC). Integration of security tools in a SOAR platform is mostly done manually using APIs, plugins, and scripts. SOC teams need to navigate through API calls...

infosecurity-magazine.com

#HowTo: Automate Your Security Processes

IT security is more complicated today than ever before – teams have more platforms to support, more changes to manage and more vulnerabilities to fix. This is only compounded by there being 3.12 million empty security roles worldwide, according to ISC2. In response to this, IT security teams want...
SOFTWARE
Computer Weekly

Automated document management system tools transform workflows

In this e-guide, we examine the components of a viable DMS and the technologies influencing its broader acceptance, how e-signatures are powering DM Simplementations, the differences between electronic and digital signatures, and the role of automated document management system tools in ensuring continuity for the new hybrid workforce. Rising DMS...
SOFTWARE
Dark Reading

Honeywell Adds Deception Tech to Building Automation Systems Security

Building technologies giant Honeywell now offers deception technology as part of a new cybersecurity platform for OT systems in commercial buildings. Honeywell's new offering - Honeywell Threat Defense Platform (HTDP) - is based on Acalvio Technologies' autonomous deception technology, which provides a proactive security approach designed to confuse and lure attackers to decoy assets in order to protect actual data and assets.
SOFTWARE
naval-technology.com

Cequence Security Launches ML-Based API Security Platform

Concept: California’s security software startup Cequence Security has rolled out an ML-based application programming interfaces (API) security platform that protects users’ APIs and web-based applications from automated bot attacks and vulnerability exploits. The startup claims that the new platform unifies API discovery and inventory tracking with risk analysis, remediation, and real-time threat prevention across any cloud platform. The startup claims that the new platform serves over 85 brands globally and protects two billion API transactions per day.
SOFTWARE
martechseries.com

Y Meadows Achieves ISO 27001 Certification for NLP-based Customer Service Automation Tools

Y Meadows, a technology company dedicated to helping customer service teams improve the quality of their interactions through the use of artificial intelligence, announced that its NLP-Powered Customer Service Automation solution has been ISO 27001 certified, confirming that the platform meets the highest international standards for continually establishing, implementing, maintaining and optimizing its information security infrastructure.
SOFTWARE
VentureBeat

Eureka emerges from stealth to secure cloud data stores with automation

Digital transformation is driving cloud adoption in the enterprise. In 2020, more than 50% of organizations moved their workloads to the cloud, and Gartner predicts that companies will increase spending on cloud platforms by 14% within two years. But while the cloud is bringing greater flexibility and capabilities than on-premises systems, including remote data stores, it’s also posing a challenge for security teams struggling to keep up with the pace of data proliferation. A recent Cloud Security Alliance survey of IT professionals found that 58% are worried about security in the cloud, with the majority citing network security and staff-related issues as their top concerns.
TECHNOLOGY
Searchengine Journal

How To Use Python For IndexNow API Bulk Indexing & Automation

IndexNow is a protocol developed by Microsoft Bing and adopted by Yandex that enables webmasters and SEO pros to easily notify search engines when a webpage has been updated via an API. And today, Microsoft announced that it is making the protocol easier to implement by ensuring that submitted URLs...
CODING & PROGRAMMING
TrendHunter.com

Consolidated API Security Platforms

Cequence Security, a California-based startup that offers a variety of security software solutions, has launched an innovative new API security platform that is designed to remove a lot of the complications around achieving a higher degree of protection against bots and other threats that can attack web applications. The Cequence...
TECHNOLOGY
arxiv.org

Security Orchestration, Automation, and Response Engine for Deployment of Behavioural Honeypots

Cyber Security is a critical topic for organizations with IT/OT networks as they are always susceptible to attack, whether insider or outsider. Since the cyber landscape is an ever-evolving scenario, one must keep upgrading its security systems to enhance the security of the infrastructure. Tools like Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), Threat Intelligence Platform (TIP), Information Technology Service Management (ITSM), along with other defensive techniques like Intrusion Detection System (IDS), Intrusion Protection System (IPS), and many others enhance the cyber security posture of the infrastructure. However, the proposed protection mechanisms have their limitations, they are insufficient to ensure security, and the attacker penetrates the network. Deception technology, along with Honeypots, provides a false sense of vulnerability in the target systems to the attackers. The attacker deceived reveals threat intel about their modus operandi. We have developed a Security Orchestration, Automation, and Response (SOAR) Engine that dynamically deploys custom honeypots inside the internal network infrastructure based on the attacker's behavior. The architecture is robust enough to support multiple VLANs connected to the system and used for orchestration. The presence of botnet traffic and DDOS attacks on the honeypots in the network is detected, along with a malware collection system. After being exposed to live traffic for four days, our engine dynamically orchestrated the honeypots 40 times, detected 7823 attacks, 965 DDOS attack packets, and three malicious samples. While our experiments with static honeypots show an average attacker engagement time of 102 seconds per instance, our SOAR Engine-based dynamic honeypots engage attackers on average 3148 seconds.
SOFTWARE
Mac Observer

Mac Security Tools Company ‘Objective-See’ Goes Non-Profit

Instead of antivirus or antimalware software, I use several tools from Objective-See. They’re free and open source. Company founder Patrick Wardle is making the business a non-profit. I see a lot of people who take VC money and almost always your business model has to change or you have...
TECHNOLOGY
securityboulevard.com

API Gateway Security – What kind of security do API gateways offer?

APIs are critical building blocks of modern applications and also represent one of the fastest-growing facets of an organization’s attack surface. Naturally, enterprises need to ensure that these assets are properly managed, provisioned, and remain protected from threats and attackers. API protection solutions and API gateways both play key...
SOFTWARE
arxiv.org

Scotch: An Efficient Secure Computation Framework for Secure Aggregation

Federated learning enables multiple data owners to jointly train a machine learning model without revealing their private datasets. However, a malicious aggregation server might use the model parameters to derive sensitive information about the training dataset used. To address such leakage, differential privacy and cryptographic techniques have been investigated in prior work, but these often result in large communication overheads or impact model performance. To mitigate this centralization of power, we propose \textsc{Scotch}, a decentralized \textit{m-party} secure-computation framework for federated aggregation that deploys MPC primitives, such as \textit{secret sharing}. Our protocol is simple, efficient, and provides strict privacy guarantees against curious aggregators or colluding data-owners with minimal communication overheads compared to other existing \textit{state-of-the-art} privacy-preserving federated learning frameworks. We evaluate our framework by performing extensive experiments on multiple datasets with promising results. \textsc{Scotch} can train the standard MLP NN with the training dataset split amongst 3 participating users and 3 aggregating servers with 96.57\% accuracy on MNIST, and 98.40\% accuracy on the Extended MNIST (digits) dataset, while providing various optimizations.
CODING & PROGRAMMING
Gigaom

Security Tools Help Bring Dev and Security Teams Together

Software development teams are increasingly focused on identifying and mitigating any issues as quickly and completely as possible. This relates not only to software quality but also software security. Different organizations are at different levels when it comes to having their development teams and security teams working in concert, but the simple fact remains that there are far more developers out there than security engineers.
SOFTWARE
butterpolish.com

Top PHP framework 2022 to Build Robust and Secure Websites

In the year 2022, PHP is expected to provide the best platform for advanced developers to develop secure and complex applications. The applications can be operated at a greater level. Working as an advanced programming language, it has several frameworks that are supportive in web application development. From time to...
SOFTWARE
securityintelligence.com

Omnichannel E-commerce Growth Increases API Security Risk

Today, a lot of the digital innovation we see is largely thanks to the application programming interface (API). Without APIs, rapid development would be nearly impossible. After all, the API is the link between computers, software and computer programs. But wherever there’s a link, a potential data security weakness exists.
INTERNET
VentureBeat

Orca Security to add API protection with 1st acquisition

Orca Security announced today it has acquired RapidSec, a web security startup that will bring new capabilities to its cloud protection platform — including in the red-hot area of securing APIs. It’s the first acquisition for the fast-growing company since its launch in 2019, and will help to widen...
BUSINESS
ExecutiveBiz

Agile Defense Receives ATO for DuroSuite STIG Automation Tool

An Agile Defense-made automation tool for Security Technical Implementation Guides compliance was granted authority to operate on the networks of the Department of Defense. The company said Monday its DuroSuite is designed for security configuration audits and vulnerability remediation efforts as well as compliance with the Defense Information Systems Agency’s STIGs.
TECHNOLOGY
securityboulevard.com

Critical OWASP Top 10 API Security Threats

It’s no secret that APIs are under attack. Companies are struggling to keep their APIs safe and secure from accidental breaches to malicious hacks. The problem will only worsen as APIs become more complex and more companies rely on them for critical business functions. The security risks increase exponentially.  
COMPUTERS
arxiv.org

Automated machine learning for secure key rate in discrete-modulated continuous-variable quantum key distribution

Continuous-variable quantum key distribution (CV QKD) with discrete modulation has attracted increasing attention due to its experimental simplicity, lower-cost implementation and compatibility with classical optical communication. Correspondingly, some novel numerical methods have been proposed to analyze the security of these protocols against collective attacks, which promotes key rates over one hundred kilometers of fiber distance. However, numerical methods are limited by their calculation time and resource consumption, for which they cannot play more roles on mobile platforms in quantum networks. To improve this issue, a neural network model predicting key rates in nearly real time has been proposed previously. Here, we go further and show a neural network model combined with Bayesian optimization. This model automatically designs the best architecture of neural network computing key rates in real time. We demonstrate our model with two variants of CV QKD protocols with quaternary modulation. The results show high reliability with secure probability as high as $99.15\%-99.59\%$, considerable tightness and high efficiency with speedup of approximately $10^7$ in both cases. This inspiring model enables the real-time computation of unstructured quantum key distribution protocols' key rate more automatically and efficiently, which has met the growing needs of implementing QKD protocols on moving platforms.
SOFTWARE
arxiv.org

A Machine Learning Framework for Distributed Functional Compression over Wireless Channels in IoT

IoT devices generating enormous data and state-of-the-art machine learning techniques together will revolutionize cyber-physical systems. In many diverse fields, from autonomous driving to augmented reality, distributed IoT devices compute specific target functions without simple forms like obstacle detection, object recognition, etc. Traditional cloud-based methods that focus on transferring data to a central location either for training or inference place enormous strain on network resources. To address this, we develop, to the best of our knowledge, the first machine learning framework for distributed functional compression over both the Gaussian Multiple Access Channel (GMAC) and orthogonal AWGN channels. Due to the Kolmogorov-Arnold representation theorem, our machine learning framework can, by design, compute any arbitrary function for the desired functional compression task in IoT. Importantly the raw sensory data are never transferred to a central node for training or inference, thus reducing communication. For these algorithms, we provide theoretical convergence guarantees and upper bounds on communication. Our simulations show that the learned encoders and decoders for functional compression perform significantly better than traditional approaches, are robust to channel condition changes and sensor outages. Compared to the cloud-based scenario, our algorithms reduce channel use by two orders of magnitude.
SOFTWARE

