How to prepare for the General Data Protection Regulation

Coming into force on May 25, 2018 is the long-awaited European General Data Protection Regulation (GDPR), which will change how businesses handle data on their customers and employees. In this ever-evolving world of data privacy, it’s important for companies to not only gain a strong understanding of GDPR, but understand where their data is located and what steps need to be taken to safeguard and protect that data.

What is GDPR?
The EU GDPR is the most important change in data privacy regulations in 20 years, since it replaces the Data Protection Directive 95/46/EC, which was put in place in 1995 for individuals with regard to the processing of personal data and on the free movement of data. The EU GDPR is designed to enhance data privacy laws across Europe, changing the way organizations approach citizen’s data privacy.

According to Dimitri Sirota, CEO of data protection and privacy company BigID, the GDPR is extremely specific and there are about 99 ways for companies to get in trouble or “miss the mark” if they are not compliant. Penalties for organizations in breach of GDPR is up to four percent of annual global turnover or €20 million, whichever is greater. This is the maximum fine for noncompliance, and it’s imposed for the most serious infringements like not having sufficient customer consent to process data or violating the core of Privacy by Design concepts, according to

As an example, the GDPR requires that every individual, European resident or citizen in the world, has a legal right to their data. They can request all of their data from any company, and that company needs to provide the data within 30 days, said Sirota. It also allows any individual to request their data to be deleted from an organization.

Jean-Michel Franco, director of data governance products at big data integration company Talend, said that GDPR also mandates organizations warn their people about data leaks — and they have 72 hours to do so.

Simply put, the GDPR is all about data privacy and protection, and any national company needs to figure out what the GDPR means specifically for their business, added Sirota.

Are organizations prepared for GDPR?
The broadened privacy rights and fines for noncompliance are just part of the changes that come with GDPR, yet many companies have no idea what is coming their way, according to an IDC Research survey conducted in May 2017.

The survey found that a quarter of the 700 surveyed European companies admitted they were not aware of GDPR and more than half (52 percent) are unsure of the impact on their organization.

Since there are 99 articles to GDPR, Sirota said some enterprises tend to focus on specific elements of the mandate, while others are becoming more ambitious and digging into all of the requirements.

“Organizations want to be able to take control of their data, and account for their data,” said Sirota. “There is no other way to be accountable to your customers unless you can know what data you collect on that individual, [so] more ambitious companies are [realizing] that they need visibility into the data.”

How can organizations get ready for GDPR?
To start, the regulation mandates that if you have significant data, you need to elect a data protection officer. However, if it is a large organization, one person should not be responsible for everything done with private data within the company, so it’s a matter of delegating the authority to the right people, according to Franco. ComputerWorld UK writes that there should be two roles dedicated to data protection: an individual to act as a contact point for the data protection authority and data subjects, and a data protection officer who will make sure processing operations are compliant.

IBM also developed a five-step approach for preparation for GDPR, which breaks down into separate steps: assess the GDPR readiness, design an implementation plan, transform the organisation wherever enhancements are needed, operate along a framework designed to ensure compliance, and conform on an ongoing basis to GDPR standards.

From a security perspective, Sirota said technology today doesn’t focus on the data. Most of the security technology today is focused on the endpoints, the application, the server and the network, he said.

“What I think companies are realizing, is if they want to protect that particular asset, you need to have some safeguards around that asset,” said Sirota. He thinks that this is the next phase for companies as GDPR approaches.

“Protecting the network is not the same as protecting the data, and the fact that this regulation and this huge penalty is a shadow, [it’s] forcing companies to rethink about how they track, account, manage the data they collect on their customers and employees,” said Sirota.

What technology exists for companies to utilize as they prepare for GDPR compliance?
Since this is one of the more dramatic regulations in history, said Sirota, we should expect to see a wave of new technologies specifically geared toward the better management and protection of identity data.

There is software and technology available today that can help, like privacy impact assessment tools. There is technology geared towards the discovery, protection and governance of identity data. These tools can give companies the ability to dig deeper, focus the microscope on data and give their business the intelligence they need to see how the data is getting used, and then take action around that data to derisk it, said Sirota.

“Privacy is all about confidentiality and being able to assure individuals that their data is not being misused,” said Sirota. “But again, you can’t do any type of assurance unless you know where their data is, so the privacy concerns that companies have are clearly about data, data loss and data misuse.”

Additionally, it’s important to address key requirements around data inventory and portability, which is why both Talend and MapR technologies are working together to create a new governed data lake solution to help businesses accelerate their GDPR readiness, according to Franco. He said that about 50 percent of companies affected by the GDPR will not be in full compliance by the end of 2018, which is why the new data lake solution is capable of meeting the GDPR’s data storage, inventory, protection, retention, and security requirements.

While it’s not the only way to regulate and protect data, Franco said that Talend believes it’s a way to centralize the process and it lets companies discover how the data is being captured, shared and managed.

Companies to watch in 2018

The world of software development involves so much more than writing code these days. Developers need to understand artificial intelligence, the cloud, new methodologies, and the expanding infrastructure required for the Internet of Things. Here are some companies our editors are watching to lead the way.

WHAT THEY DO: Application security
WHY WE’RE WATCHING: With data breaches recurring at an alarming rate, this startup is building DevSecOps solutions for companies that understand the importance of security and are looking for a better way.
WHY WE’RE WATCHING: The future of user interfaces is conversational (see: Siri, Cortana, Alexa, et al) and is using artificial intelligence to enable intelligent dialogs between humans and IT systems.
WHAT THEY DO: Integration platform-as-a-service
WHY WE’RE WATCHING: Flow is a platform created for connectivity via API that enables organizations to automate workflows. Flow Express is a low-code solution for business users.

WHAT THEY DO: Customer engagement
WHY WE’RE WATCHING: Usermind’s platform ensures that data is compatible, accessible and actional across teams and systems, without the need to run queries. This provides the context organizations require to build successful applications.

WHAT THEY DO: Artificial intelligence
WHY WE’RE WATCHING: Veritone has created a platform that provides access to its cognitive engines, for such things as face and object recognition, natural language understanding and more, in what the company calls an operating system for AI.

Postdot Technologies
WHAT THEY DO: API management
WHY WE’RE WATCHING: More than 3 million developers are using the company’s Postman API development environment to create, test, document and share APIs.

WHAT THEY DO: Data visualization
WHY WE’RE WATCHING: The company recently released an open-source project, Dash, to help developers build analytical web applications using the Python programming language. Dash is built on Plotly.js, React and Flask to connect UI components to the analytical Python code.

WHAT THEY DO: Data analytics
WHY WE’RE WATCHING: An advanced analytics database provider that uses GPUs for IoT data and analytics for real-time insights into data streams and large data sets.

WHAT THEY DO: Algorithm marketplace
WHY WE’RE WATCHING: The company offers an enterprise solution for algorithms, functions and machine learning models that can run as microservices. It has backing from Google’s AI venture fund Gradient Ventures.

WHAT THEY DO: Localization and mapping
WHY WE’RE WATCHING: This early-stage startup helps developers create robotic, augmented reality and virtual reality solutions that localize, navigate and understand unfamiliar surroundings. It is backed by Toyota AI Ventures.

WHAT THEY DO: AI development
WHY WE’RE WATCHING:  For business operations that span both virtual and physical worlds, bonsai’s platform makes machine learning libraries easier for developers and enterprises to manage.

WHAT THEY DO: Network visibility
WHY WE’RE WATCHING: This cybersecurity startup has created a network visibility solution that gives information security professionals insight into what’s happening. Its founders created the Bro open-source framework and still drive its development.

Plenty of blame to go around for Equifax breach

If you’re not reading this on another planet or in a bunker somewhere, then you’re likely aware of the recent breach of data from credit agency Equifax. Reports indicate that unknown attackers took advantage of a vulnerability in an Equifax web application to purloin personal identifiable information from 143 million people, including Social Security numbers.

And shortly thereafter, all the industry pundits weighed in, pointing fingers in all different directions. The problem is they used open-source code. The problem is that their software development practices need to change. The problem is there is a talent gap that can’t keep up with business changes and technology advances. The problem is that leadership has never taken security as seriously as they should, as they are not up to speed on the amount and danger of the threats out there in the wild.

Sadly, many of those 143 million people are not aware that Equifax even had their data. As regulations allow businesses to sell their lists to other companies, a person downloading music could have his data sold to another company without his knowledge or consent.

One of the things that made this incident even more disturbing than Equifax’s complete disregard for the protection of private, personal data, is that it did not reveal the breach until months after it occurred. Cyber security company eSentire says that one thing being overlooked in many cases is that the breach notices would have required Equifax to report the incident to their clients in 24 hours, not weeks. And, because Equifax retains bigger clients in New York, they are governed by DFS NYCRR rules, which dictate 72 hours for breach reports – again, not weeks. Did their clients receive notification within this timeframe?

Mark Sangster, VP and Industry Security Strategist at eSentire, says, “Given the nature of Equifax data and the magnitude of the breach make this a watershed moment in breach detection and response. Many difficult questions will be asked and become the crux of numerous legal actions that will likely stem from this event. The most obvious, is why it took so long to disclose the breach. The risk to consumers begins to drop exponentially as soon as the breach becomes public, and affected companies and consumers can take defensive measures to protect their financial identity and funds.

Yet, Equifax waited over a month to respond and provide breach notice. Headquartered in Atlanta, Equifax is bound by the state breach notification laws of Georgia, which require a firm to report a breach, stating, ‘The notice shall be made in the most expedient time possible and without unreasonable delay.’ In some circumstances, notification is to be made within 24 hours. Did Equifax meet this requirement and do everything in its power to protect those affected by the breach?

But to fully understand what happened with the Equifax hack, businesses need to understand that software applications are not written from scratch. Rather, 80-90% of a modern application is built using open source components – like Apache Struts (the alleged culprit in the Equifax hack).

According to a recent Sonatype report, software developers download these components from repositories that house billions of open-source software components. Sonatype’s research shows that only 57% of organizations have a software governancepolicy, which ensures that development organizations download only approved components, and 65% do not have meaningful controls over what components are in their applications. As Equifax learned the hard way, software components age like milk, not wine — the older a component is, the more likely it is to be either vulnerable or defective.

Wayne Jackson, CEO of Sonatype blames C-level executives. “For far too long, businesses have under-invested in software integrity, relying on network-based defenses that are incapable of protecting many exploit vectors, including those associated with open-source security defects. The Equifax breach and loss of 143 million records (including mine) serves as a painful reminder of why every link in the software supply chain must be automatically and continuously managed. To do otherwise is simply negligent.”

Lev Leshokhin, EVP of strategy and analytics at software quality measuring tool provider CAST Software, says developers today have too narrow a focus and do not consider the business implications of what they create.

“What Equifax brings to light is that we are under a shortage of talented developers and cannot keep up with business demand and tech complexity at the same time, creating further software risk. The solution is NOT to rely on the ability to hire good developers so they write good software – there just aren’t enough skilled developers with whole-system vision to go around. We need to take our most senior developers, have them design the architectures for data protection, and then ensure these architectural constructs are followed by the developer plebiscite with every build.

“What we saw in the CAST survey of developers just released in September,” he continued, “is that only about half (54%) of developers understand the architecture of their overall application. This means that the other half are working in silos and have little to no visibility into how their component can endanger the rest of the system. Combine that with the fact that more than 60% of developers report their dream job is at Google, and you can be sure that software engineers at financial institutions or retailers are bringing down these statistics.”

The harshest criticism of Equifax’s response and explanation was leveled by a software testing expert who wished to remain anonymous to comment on the case. “I heard that Equifax is blaming all this on a bug in some open-source web software. If true, then I call utter bull**** on that. The concept ‘defense in depth’ may have been conceived at night, but it wasn’t conceived ‘last’ night.”

Further, he said the main problem is not so much a lack of technical knowledge but rather a lack of caring. “Notice that immediately, I mean immediately, Equifax tried to turn this into a money-making opportunity, by offering ‘free’ credit monitoring that becomes not free after year… So, to them, this is not a bug, it’s a sales feature.”

The expert went on to say that ultimately, this comes down to Equifax and the other credit bureaus being able to pass on their costs of production failures to their customers. “Once software vendors and companies that use software are held fully accountable for the costs of bugs they put into production, this kind of nonsense will magically stop happening. In other words, once liability law catches up with the role software now plays in society, these problems will happen much, much, much less frequently.”

Fingers can be pointed in a lot of directions over this and other breaches, but the fact remains that these will continue until organizations start to elevate how they approach security and the investments they make in keeping our data secure. There are reports going around that Equifax hired a CISO with degrees in music and fine arts, but no mention of any formal education in software security. If the reports are true, that tells you all you need to know about how too many companies today still view security – as something to be merely fiddled with.

UWP Community Toolkit 2.0, XebiaLabs DevOps Platform 7.1, and Amazon EC2 Elastic GPUs for Windows

Microsoft announced that its UWP Community Toolkit graduated to version 2.0 and it sets the stage for future releases. Today, there are over 100 contributors to the toolkit, and developers have downloaded the packages over 250,000 times.

With version 2.0, the toolkit is making efforts to line up with the latest Windows 10 Fall Creators Update to enable developers to take advantage of the new APIs and the Fluent Design System. The Fluent Design System will see new and existing controls updated in the coming months, and a sample app will also be updated to take advantage of new foundational elements.

Also, according to a Microsoft Windows blog:

“Version 2.0 introduces two new packages: Microsoft.Toolkit and
Microsoft.Toolkit.Serviceswith the commitment to support more cross platform APIs in future releases. These packages are built with .NET Standard and support any platform with .NET Standard 1.4 and above. The Bing Service is the first API to go cross-platform and there is currently work underway to move more services to the new packages.”

XebiaLabs expands its DevOps Platform
XebiaLabs expanded dual-mode DevOps capabilities in its XebiaLabs DevOps Platform version 7.1. These features give developers using Jenkins and other code tools the ability to tie in continuous integration automation into their enterprise continous delivery processes.

XebiaLabs dual-mode DevOps approach supports DevOps users across the enterprise, and it delivers new code-centric features like Environment as Code. This allows teams to “define deployment infrastructure and environments in code, making it easier for Development and Operations to collaborate on configuration management,” according to an announcement from XebiaLabs.

Amazon announces Amazon EC2 Elastic GPUs for Windows
Amazon has announced the wide release to Amazon EC2 Elastic GPUs for Windows, which can be attached to an Amazon Elastic Compute Cloud instance to boost graphics performance of an application.

They are designed for applications running on the Amazon’s cloud computing platform that require limited or intermittent boosts in graphical overhead compared to their other cloud GPU offerings like the G3 and G2.

Developers using the bare minimum of increased graphical horsepower with the Elastic GPUs can see as much as an 80 percent cost-reduction compared to the G3 and G2 line.

The EC2 Elastic GPU currently supports the OpenGL API standard with more coming soon.

Kernel self-protection with Android 8.0
According to a blog post from the Android developers team, Android 8.0 focuses on kernel self-protection with four security hardening features, which are backported from upstream Linux to all kernels supported in devices that first ship with the Android Oreo release.

Sami Tolvanen, senior software engineer at Android Security, wrote:

“Android Oreo includes mitigations for the most common source of security bugs in the kernel. This is especially relevant because 85% of kernel security bugs in Android have been in vendor drivers that tend to get much less scrutiny. These updates make it easier for driver developers to discover common bugs during development, stopping them before they can reach end user devices.”

Details on how the security team is hardening the kernel in Android Oreo can be found here.

Gigster receives $20M in funding, Checkmarx’s DevSecOps platform, and Okta’s two-factor authentication

Gigster wants freelance programmers to earn a Silicon Valley salary, from the comfort of their homes.

The four-year-old startup pairs companies looking for software developers in touch with freelance programmers all around the world. The startup just received $20 million in funding from investors like Salesforce’s CEO Marc Benioff, Redpoint Ventures, and basketball star Michael Jordan. The company will use the money to fund sales, marketing and other efforts aimed at persuading big enterprise companies to use Gigster, according to a Business Insider report.

In an announcement, the founders, Roger Dickey and Debo Olaosebikan said: “We’re also obsessed with making software less difficult to build. Using millions of data points gathered from over 1,000 projects, we are building a suite of tools that make software development more efficient & reliable. More customers and more data enable us to discover patterns in how work is done. Patterns lead to tools for better software delivery, which leads to more, happier customers.”

More information on the company’s funding can be found here.

Checkmarx announces new DevSecOps capabilities
At Jenkins World 2017, Checkmarx announced its new Interactive Application Security Testing solution, CxIAST, which gives teams continuous application security testing in real time, with zero scan time, accuracy and seamless implementation.

“CxIAST is a game changer for organizations who are struggling to deliver secure software faster,” said Maty Siman, CTO and founder, Checkmarx. “Our unified AppSec platform correlates data and results from all Checkmarx products across the software development lifecycle and then leverages that information intelligently to generate fast, accurate and actionable results.”

CxIAST monitors an application by using existing functional tests, and it doesn’t need to actively induce the application in order to detect vulnerabilities, according to a company announcement. The solution is also an “important pillar in Checkmarx’s Application Security Testing platform, which provides solutions at every stage of the SDLC,” reads the announcement.

Okta adds two-factor authentication as new standard for customers
Okta, a provider of identify for the enterprise, delivered new functionality for its cloud-based Okta Adaptive Multi-Factor Authentication (AMFA). The company also announced that two-factor authentication comes as a standard for every Okta user, which sets a baseline for strong identity protection, according to the company.

“In today’s cloud and mobile world, we have more data, with more people, and in more locations than ever before – making credential harvesting the most fruitful tactic for today’s threat actors,” Yassir Abousselham, Chief Security Officer at Okta. “Identity is now the security team’s last control point because security can’t manage every single person, device and app; what they can control is who has access to information, and when.”

Abousselham said that’s why the company boosted its security provided by Okta Identity Cloud so it’s more effective for customers. With the enhancements to its AMFA solution, multi-factor authentication as the new standard of identity-driven security, and the ability to “make smarter security decisions based on context, we’re helping to ensure the right person gets access to the right resources, at the right time,” he said.

SecurityScorecard: Government ranks #16 out of 18 industries in cybersecurity

SecurityScorecard’s annual U.S. State and Federal Government Cybersecurity Report was released today, and it paints a very grim picture of the government’s cyber health status.

Across all of the industries surveyed, including transportation, retail, and healthcare, government organizations received one of the lowest security scores. Cybersecurity incidents show no signs of slowing down, and as technology becomes more advanced and hackers become smarter, it’s up to organizations to take the right steps towards effective security defenses — especially today’s government agencies.

SecurityScorecard, a third party risk management company, looked into the strongest and weakest security standards based on security hygiene and security reaction time of various organizations, along with their 100 public-facing IP addresses. According to SecurityScorecard’s cofounder and COO, Sam Kassoumeh, the report is designed to educate officials, agency leaders, and government security personnel about the current state of security in the government sector.

“On an almost daily basis, the institutions that underpin the nation’s election system, military, finances, emergency response, transportation, and many more, are under constant attack from nation-states, criminal organizations, and hacktivists,” said Kassoumeh. “Government agencies provide mission-critical services that, until they are compromised, most people take for granted.”

Overall, the findings show government organizations struggled with several categories of security measurements: endpoint security, IP reputation, and patching cadence.

Compared to last year’s report, government organizations moved up from the lowest performing industry, past telecommunications and education. This year, government agencies are still the third lowest performing industry when compared to the other industries. One of the main reasons the government scores so low is the result of legacy systems and applications, which are defined as systems that were set up and now considered “antiquated technologies that are vulnerable to exploitation,” said Alex Heid, chief research officer at SecurityScorecard.

“The U.S. government is one of the original entities that invented the Internet, along with the university and education vertical,” said Heid. “It is therefore a natural result that the availability of old, exploitable technologies are mixed into an environment of recently implemented, possibly misconfigured new technologies.”

And besides its use of legacy technologies, the government may also run into security challenges (like network security and patching cadence) because of smaller budgets and resource shortages. However, increasing the availability of resources and personnel available is a way for the government to make progress with its cybersecurity efforts, according to Heid. He said that sometimes small cities or townships may only have a small staff of IT engineers, who have to double-task as being in charge of security as well. On the other hand, large agencies will most likely have the staff size, but the networks are so massive that not everything can be continuously accounted for at the same time, added Heid.

The good news is, government agencies seem to be taking steps towards better cybersecurity strategies and continuous solutions, and many on both federal and local levels are bringing attention to the importance of strong security practices, said Heid. The problem is, agencies are taking too long to ramp up cybersecurity efforts.

“Many government agencies are aware that information security is an area of concern across the board, and many are taking proactive steps to address the problems,” said Heid. “However, these efforts will oftentimes move at the ‘speed of government,’ which can be considerably lacking when it comes to the rapid developing world of emerging threats.”

Potential security risks and how hackers can get in
There are many ways that hackers can get into an organization, but according to Heid, it appears that default password use, as well as password reuse, are the most common and effective methods of pulling off an enterprise breach. Hardware devices and applications typically ship with default passwords in place, said Heid, and often times these passwords are never changed. And on some embedded systems, it’s not possible to change default passwords, he said.

“For password reuse attacks, over three billion email password combinations have been made available from publicly circulating data breaches, and attackers have been using these lists to find login portals where users have re-used accounts credentials,” said Heid. “Lower skilled attackers usually look for Netflix or Amazon logins, organized crime groups may look for banking credentials that have been reused, and state sponsored hacking groups would leverage the available .gov/.mil credentials to gain access to those respective resources, and the resources of third party contractors and services.”

Also, poor network security can lead to network level attacks, which Heid said can come in several forms. One way is where a hacker will exploit vulnerabilities within the protocol (FTP, telnet, SMB, etc.) with the goal of executing arbitrary code, like with a buffer overflow attack, he said.

“These types of attacks are considered high value, as they provide instant access to systems running vulnerable software,” said Heid. “A more common network attack is a brute force attack that leverages circulating email address : username : password combinations. Attackers will use information from hacked databases to attempt to access other services that may be using the same credentials.”

Enterprises and agencies should also take a look at their patching cadence score, which is defined as the measurement of frequency for the implementation of software updates. The patching cadence score indicates if there is a significant delay from the time a vulnerability patch is made to the time when the patch gets implemented into the enterprise’s network, said Heid.

Agencies or organizations that want to dig into the granular details of their particular scorecard can get an immediate view of the issue factors that affect their enterprise, according to Heid. They can claim their scorecard to engage in a “collaborative remediation process for their own enterprise, as well as that of their partners and business ecosystem,” he added.

But from a network security standpoint, Heid and SecurityScorecard advise agencies to conduct continuous availability audits on their external network assets in order to ensure that proper segmentation is always in place, he said.

The majority of IT security professionals believe encryption backdoors are ineffective and potentially dangerous, with 91 percent saying cybercriminals could take advantage of government-mandated encryption backdoors.

72 percent of the respondents do not believe encryption backdoors would make their nations safer from terrorists, according to a Venafi survey of 296 IT security pros, conducted at Black Hat USA 2017.

“Giving the government backdoors to encryption destroys our security and makes communications more vulnerable,” said Kevin Bocek, chief security strategist for Venafi. “It’s not surprising that so many security professionals are concerned about backdoors; the tech industry has been fighting against them ever since global governments first called for unrestricted access. We need to spend more time protecting and supporting the security of our machines, not creating purposeful holes that are lucrative to cybercriminals.”

Additional findings

  • Only 19 percent believe the technology industry is doing enough to protect the public from the dangers of encryption backdoors.
  • 81 percent feel governments should not be able to force technology companies to give them access to encrypted user data.
  • 86 percent believe consumers don’t understand issues around encryption backdoors.

Encryption backdoors create vulnerabilities that can be exploited by a wide range of malicious actors, including hostile or abusive government agencies. Billions of people worldwide rely on encryption to protect critical infrastructure – including global financial systems, electrical grids and transportation systems – from cybercriminals who steal data for financial gain or espionage.

Google has announced the rollout of new anti-phishing checks for the iOS Gmail app: in less than two weeks, all users will be confronted with two warnings if they attempt to follow a suspicious link from within the app.

The first one is a pop-up, warning generally about untrusted nature of the site they are attempting to visit:

iOS Gmail anti-phishing

If they choose to dismiss the warning and proceed, another warning will provide more specific information about the suspected malicious site:

iOS Gmail anti-phishing


This security improvement come three months after Android users began seeing the latter alert after following a malicious link.

Google has lately introduced several new security and anti-phishing features for Gmail and, generally, for Google accounts.

These include delayed email delivery to perform additional checks based on the real-time, last-minute updates to the company’s spam filter and Safe Browsing technology, and a longer and more effort-intensive user app approval process, which aims to reduce the risk of potentially malicious apps gaining control of users’ Google account.

Time is the most important factor in detecting network breaches and, consequently, in containing cyber incidents and mitigating the cost of a breach.

“Security event investigations can last hours, and a full analysis of an advanced threat can take days, weeks or even months. Even large security operations center (SOC) teams with more than 10 skilled analysts find it difficult to detect, confirm, remediate, and verify security incidents in minutes and hours,” says Chris Morales, Vectra Network’s head of security analytics.

“However, the teams that are using artificial intelligence to augment their security existing analysts and achieve greater levels automation are more effective than their peers and even SOC teams with more than 10 members who are not using AI.”

Human-machine teaming is crucial

Vectra Networks has polled 459 Black Hat attendees on the composition and effectiveness of their organizations’ SOC teams.

The group – a mix of security architects, researchers, network operations and data center operations specialists, CISOs and infosec VPs – were asked whether their SOCs are already using AI in some form for incident response, and 153 (33%) said Yes.

The size of these teams, the time it takes them to detect and confirm a threat, and to remediate the incident and verify its containment varies.

But, when comparing the time it takes SOC teams of over 10 analysts to do all those things with or without the help of AI, the former group is consistently more speedy.

Take for example the time it takes for them to detect a threat:

ai threat detection response

Or how long it takes for them to remediate an incident:

ai threat detection response

“There is a measurable trend with organizations that have implemented AI to automate tedious incident response tasks to augment the SOC manpower, enable them to focus on their artisan skills and empower decision making,” Morales noted. “When man and machine (AI) work together, the result is always better than man or machine alone.”

These results fit together with those of a McAfee survey that tried to get to the bottom of what makes some threat hunters and SOCs more successful than others. The answer was: the automation of many tasks relating to threat investigation, so that they can spend more time on the actual threat hunting.

Until your phone or tablet is set up just the way you want it, a brand new device feels kind of foreign. With the V30, LG is giving you more options for making the phone your own. You can match haptic feedback to the ringtone of your choosing, for starters. Customization applies to security as well, with a handful of ways to make sure you’re the only one unlocking your phone.

Its face recognition apparently works “instantaneously” without the need to turn the screen on first. More than that, you can set a voice password as well. Biometric security!

To take advantage of the handset’s 18:9 OLED display, you can even adjust the Floating Bar (or push it out of the way entirely). Essentially, it offers a place to put your most used apps and widgets.

That’s not to mention all the tricks the phone’s camera is capable of with its f/1.6 glass lens. From the manual shooting mode, you can access Graphy, a sort of photo editing suite that grants access to editing presets designed by pro photographers. Want to make a quick GIF of your dog licking its nose? That’s doable too.

Those interested in more info won’t have too much longer to wait — the LG V30 will be formally revealed August 31st.