fbpx
Connect with us

Tech

Security Think Tank: Identify, assess and monitor to understand attack paths

Published

on

Security Think Tank: Identify, assess and monitor to understand attack paths

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back

By

  • Rob McElvanney

Published: 05 May 2022

Maintaining digital risk management in today’s connected world requires updating security processes and procedures to identify the levels of risk that the more traditional approaches fail to identify. This means understanding your applications and the interconnection between technologies across your supply chain/alliances and/or partners. You also need to understand the data processes.

That means data flow mapping – “knowing” your data; “who” has got access to “what”; “how” do they access it and “how often”; and the physical locations that could be under different local regulation and legislation. This should be accompanied by work to build mature commercial obligations between you and your suppliers to achieve the levels of risk mitigation you require.

The source of threats and inherent risk can be identified through several means, including threat intelligence mapping of the organisation’s digital footprint or attack surface and the threat actors targeting your organisation or sector.

Threat hunting exercises should be carried out regularly, for example looking for subdomain takeover opportunities or attackers that are targeting organisations by purchasing typo-squatting domains.

Penetration testing can set out specific risks to systems, but remember this is at a specific point in time, networks and applications and these risks should be mapped to key regulations and good practice standards, including GDPR, NCSC Cloud Security Principles, NIST and ISO 27001.

However, we should also consider what continuous proactive measures are available to reinforce this activity.

Advances in technology provide the opportunity to address risk across wide, complex IT ecosystems. Combining a blended mix of threat intelligence and attack surface protection measures allows organisations to discover, evaluate, and provide actionable intelligence. This will tell them what they don’t know, rather than focusing on what they already know.

These platforms can provide scalable analytical frameworks that enable organisations to quickly and efficiently find unusual attributes across bulk unstructured data and across internal and exposed internet-facing infrastructure.

These new technologies provide the ability to quickly identify assets that require more security attention than others across the IT domain. This provides a way to prioritise threats that need to be addressed in the immediate, medium and long term, enabling a more efficient and effective use of pressed resources.

Advances in artificial intelligence (AI) are also helping to build in prediction and the ability to rationalise better and take appropriate action in response to risk. This technology is now available as a business-wide solution to monitor key systems and data to protect business operations, revenue, reputation and profits from cyber and digital risk 24/7.

Test cyber defence detection and response capability

It is also important to carry out cyber incident exercises to establish how resilient organisations are to cyber attacks and practise their response in a safe environment. Exercises also help to create a culture of learning within an organisation and provide an opportunity for relevant teams and individuals to maximise their effectiveness during an incident.

Creating bespoke exercises is a way to tailor them to reflect the organisation’s values, and the unique challenges, constraints and threats it faces.

One example of this is CBEST, which was developed by the Bank of England as an approach to operational resilience testing and compliance. It differs from other types of security testing because it is threat intelligence-based and is less constrained as it takes a holistic view of the entire organisation, rather than a narrow focused penetration test of a specific system. It also focuses on the more sophisticated and persistent attacks against critical systems and essential services.

The inclusion of specific cyber threat intelligence ensures that the tests replicate, as closely as possible, the evolving threat landscape and therefore remain relevant and up to date. The feedback from the test then outlines actions that can be taken to improve defence capabilities and increase operational resilience.

This type of adversarial testing is generally referred to as Red Team testing, with the penetration test company simulating the attackers who are then pitched against the organisation’s detect-and-respond capability – the Blue Team. A more collaborative approach between attackers and defenders is commonly referred to as a Purple Team exercise, which is generally carried out iteratively to provide continuous improvement of the detect-and-respond capability. Attacks – either real or simulated through testing – should be detected and an adequate and timely response set in motion.

Given the complexities and interconnection of modern business technology, it is critical that IT teams deploy the full range of defences to understand and monitor their vulnerabilities and put actions in place to minimise the risks they identify.

Rob McElvanney is a cyber security expert at PA Consulting





Read more on Network security management

Go to Source

Click to comment

Leave a Reply

Tech

AMD CEO says 5-nm Zen 4 processors coming this fall

Published

on

Did you miss a session from GamesBeat Summit 2022? All sessions are available to stream now. Watch now.


Advanced Micro Devices revealed its 5-nanometer Zen 4 processor architecture today at the Computex 2022 event in Taiwan.

The new AMD Ryzen 7000 Series desktop processors with Zen 4 cores will be coming this fall, said Lisa Su, CEO of AMD, in a keynote speech.

Su said the new processors with Zen 4 architecture will deliver a significant increase in performance upon their launch in the fall of 2022. Additionally, Su highlighted the strong growth and momentum for AMD in the mobile market as 70 of the more than 200 expected ultrathin, gaming and commercial notebook designs powered by Ryzen 6000 Series processors have been launched or announced to-date.

In addition, other AMD executives announced the newest addition to the Ryzen Mobile lineup, “Mendocino;” the newest AMD smart technology, SmartAccess Storage; and more details of the new AM5 platform, including support from leading motherboard manufacturers.

“At Computex 2022 we highlighted growing adoption of AMD in ultrathin, gaming, and commercial notebooks from the leading PC providers based on the leadership performance and battery life of our Ryzen 6000 series mobile processors,” said Su. “With our upcoming AMD Ryzen 7000 Series desktop processors, we will bring even more leadership to the desktop market with our next-generation 5-nm Zen 4 architecture and provide an unparalleled, high-

performance computing experience for gamers and creators.”

AMD Ryzen 7000 Series desktop processors

The new Ryzen 7000 Series desktop processors will double the amount of L2 cache per core, feature higher clock speeds, and are projected to provide greater than 15% uplift in single-thread performance versus the prior generation, for a better desktop PC experience.

During the keynote, a pre-production Ryzen 7000 Series desktop processor was demonstrated running at 5.5 GHz clock speed throughout AAA game play. The same processor was also demonstrated performing more than 30% faster than an Intel Core i9 12900K in a Blender multi-threaded rendering workload.

In addition to new “Zen 4” compute dies, the Ryzen 7000 series features an all-new 6nm I/O die. The new I/O die includes AMD RDNA 2-based graphics engine, a new low-power architecture adopted from AMD Ryzen mobile processors, support for the latest memory and connectivity technologies like DDR5 and PCI Express 5.0, and support for up to four displays.

AMD Socket AM5 Platform

The new AMD Socket AM5 platform provides advanced connectivity for our most demanding enthusiasts. This new socket features a 1718-pin LGA design with support for up to 170W TDP processors, dual-channel DDR5 memory, and new SVI3 power infrastructure for leading all-core performance with our Ryzen 7000 Series processors. AMD Socket AM5 features the most PCIe 5.0 lanes in the industry with up to 24 lanes, making it our fastest, largest, and most expansive desktop platform with support for the next-generation and beyond class of storage and graphics cards.

And AMD said the “Mendocino” processors will offer great everyday performance and are expected to be priced from $400 to $700.

Featuring “Zen 2” cores and RDNA 2 architecture-based graphics, the processors are designed to deliver the best battery life and performance in the price band so users can get the most out of their laptop at an attractive price.

The first systems featuring the new “Mendocino” processors will be available from computer partners in Q4 2022.

GamesBeat’s creed when covering the game industry is “where passion meets business.” What does this mean? We want to tell you how the news matters to you — not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it. Learn more about membership.

Go to Source

Continue Reading

Tech

AMD’s Ryzen 7000 desktop chips are coming this fall with 5nm Zen 4 cores

Published

on

AMD’s Ryzen 7000 desktop chips are coming this fall with 5nm Zen 4 cores

AMD’s upcoming Ryzen 7000 chips will mark another major milestone for the company: they’ll be the first desktop processors running 5 nanometer cores. During her Computex keynote presentation today, AMD CEO Lisa Su confirmed that Ryzen 7000 chips will launch this fall. Under the hood, they’ll feature dual 5nm Zen 4 cores, as well as a redesigned 6nm I/O core (which includes RDNA2 graphics, DDR5 and PCIe 5.0 controllers and a low-power architecture). Earlier this month, the company teased its plans for high-end “Dragon Range” Ryzen 7000 laptop chips, which are expected to launch in 2023.

Since this is just a Computex glimpse, AMD isn’t giving us many other details about the Ryzen 7000 yet. The company says it will offer a 15 percent performance jump in Cinebench’s single-threaded benchmark compared to the Ryzen 5950X. Still, it’d be more interesting to hear about multi-threaded performance, especially given the progress Intel has made with its 12th-gen CPUs. You can expect 1MB of L2 cache per core, as well as maximum boost speeds beyond 5GHz and better hardware acceleration for AI tasks.

AMD is also debuting Socket AM5 motherboards alongside its new flagship processor. The company is moving towards a 1718-pin LGA socket, but it will still support AM4 coolers. That’s a big deal if you’ve already invested a ton into your cooling setup. The new motherboards will offer up to 24 channels of PCIe 5.0 split across storage and graphics, up to 14 USB SuperSpeed ports running at 20 Gbps, and up to 4 HDMI 2.1 and DisplayPort 2 ports. You’ll find them in three different flavors: B650 for mainstream systems, X650 for enthusiasts who want PCIe 5.0 for storage and graphics and X650 Extreme for the most demanding folks.

Given that Intel still won’t have a 7nm desktop chip until next year (barring any additional delays), AMD seems poised to once again take the performance lead for another generation. But given just how well Intel’s hybrid process for its 12th-gen chips has worked out, it’ll be interesting to see how it plans to respond. If anything, it sure is nice to see genuine competition in the CPU space again.

While Ryzen 7000 will be AMD’s main focus for the rest of the year, the company is also throwing a bone to mainstream laptops in the fourth quarter with its upcoming 6nm “Mendocino” CPUs. They’ll sport four 6nm Zen 2 cores, as well as RDNA 2 graphics, making them ideal for systems priced between $399 and $699. Sure, that’s not much to get excited about, but even basic machines like Lenovo’s Ideapad 1 deserve decent performance. And for many office drones, it could mean having work-issued machines that finally don’t stink.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Go to Source

Continue Reading

Tech

Disney’s Disney+ ad pitch reflects how streaming ad prices set to rise in this year’s upfront

Published

on

Disney’s Disney+ ad pitch reflects how streaming ad prices set to rise in this year’s upfront

With Disney+, Disney is looking to set a new high-water mark for ad prices among the major ad-supported streamers. The pricey pitch is representative of a broader rising tide in streaming ad pricing in this year’s TV advertising upfront market, as Disney-owned Hulu, Amazon and even Fox’s Tubi are looking to press upfront advertisers to pay up.

In its initial pitch to advertisers and their agencies, Disney is seeking CPMs for Disney+ around $50, according to agency executives. That price point applies to broad-based targeting dubbed “P2+,” which refers to an audience of any viewer who is two years old or older (though Disney has told agency executives that programming aimed at viewers seven years old and younger will be excluded from carrying ads). In other words, more narrowly targeted ads are expected to cost more based on the level of targeting. A Disney spokesperson declined to comment.

At a $50 CPM, Disney+ is surpassing the prices that NBCUniversal’s Peacock  and Warner Bros. Discovery’s HBO Max sought in last year’s upfront market and that gave ad buyers sticker shock. The former sought CPMs in the $30 to $40 range, while the latter sought $40+ CPMs. By comparison, other major ad-supported streamers like Hulu, Discovery+ and Paramount+ were charging low-to-mid $20 CPMs that major ad-supported streamers charge. As a result, Peacock’s and HBO Max’s asks ended up being price prohibitive, with some advertisers limiting the amount of money they spent with the streamers because of their higher rates.

Unsurprisingly, agency executives are balking at Disney+’s price point. “They’re citing pricing that no longer exists, meaning Peacock and HBO Max recognized they came out too high and they’re reducing it. Disney+ is using earmuffs to pretend that second part didn’t happen,” said one agency executive.

However, Disney+ isn’t the only streamer seeking to raise the rates that ad buyers are accustomed to paying. Hulu is also seeking to increase its prices in this year’s upfront, with P2+ pricing going from a $20-$25 CPM average to averaging in the $25-$30 CPM range, according to agency executives. And during a call with reporters on May 16, Fox advertising sales president Marianne Gambelli said that the company will seek higher prices for its free, ad-supported streaming TV service Tubi in this year’s upfront market. It’s unclear what Tubi’s current rates are, but FAST services’ CPMS are typically in the low to mid teens, said the agency executives.

“We have to get the value for Tubi. Tubi has grown to a point — it’s doubled, tripled in size over the past couple of years. So we are going to obviously make that a priority and look for not only more volume but price,” Gambelli said.

Meanwhile, in pitching its Thursday Night Football package that will be streamed on Amazon Prime Video and Twitch, Amazon has been pressing for a premium on what Fox charged advertisers last year, according to agency executives. The e-commerce giant will be handling the games’ ad placements like traditional TV, meaning that it will run the same ad in each ad slot for every viewer as opposed to dynamically inserting targeted ads. “It’s streaming broadcast,” said a second agency executive.

An Amazon spokesperson declined to comment on pricing but did provide a general statement. “Thursday Night Football on Prime Video and Twitch is a purely digital broadcast, and we’re excited to bring fans a new viewing experience. There are 80MM active Prime Video households in the U.S. and, in a survey of our 2021 TNF audience, 38% reported they don’t have a pay-TV service – meaning TNF on Prime Video and Twitch enables brands to connect with cord-cutters and cord-nevers. Brands can also reach these viewers beyond TNF. Our first-party insights enable them to reengage TNF audiences across Amazon, such as in Freevee content.”

One of the agency executives that Digiday spoke to said the latest ask is for a plus-10% increase on Fox’s rates, though what Fox’s rates were are unclear and other agency executives said the premium that Amazon is asking for varies. Ad Age reported in February that Amazon was seeking up to 20% higher prices than Fox’s rates. “I don’t know if it is consistently plus-10, but it is definitely more. Which is crazy because Fox couldn’t make money on it, which is why they gave it up for this fall,” said a second agency executive.

“Someone was eating way too many gummies before they put the pricing together,” said a second agency executive of Amazon’s Thursday Night Football pitch.

Ad-supported streaming service owners also see an opportunity to push for higher prices as advertisers to adopt more advanced targeting with their streaming campaigns, such as by using the media companies’ and/or advertisers’ first-party data to aim their ads on the streamers. 

Said one TV network executive, “You’ll see premiums, especially as it relates to advertisers that really want to hook into [their company’s streaming service] and buy those targeted audiences across the platform and either use [the TV network’s] first-party data or bring their own data to the table. That’s the biggest business we’re in, and that’s where we see great growth from a pricing standpoint.”

https://digiday.com/?p=448869

Go to Source

Continue Reading
Home | Latest News | Tech | Security Think Tank: Identify, assess and monitor to understand attack paths
a

Market

Trending