Dell SecureWorks Inc. is a United States-based Dell Inc. subsidiary that provides information security services, protecting its customers' computers, networks and information assets from malicious activity such as cybercrime. The company has thousands of customers, ranging from Fortune 100 companies to mid-sized businesses in a variety of industries.It became part of Dell in February 2011. Wikipedia.
SecureWorks | Date: 2016-12-29
A network interface device includes a memory and a processor operable to receive a malicious packet marker, store the malicious packet marker to the memory, monitor network data packets flowing in the network interface device, determine that a packet matches the malicious packet marker, and store log information from the packet to the memory.
News Article | May 18, 2017
LONDON, May 18, 2017 /PRNewswire/ -- Overview: Enterprise and government spending for cybersecurity products, managed services, and professional services will be substantial over the course of the next few years. According to Cybersecurity Ventures, cumulative global spending on cybersecurity products and services will exceed $1 trillion over the next five years. Furthermore, the firm predicts $6 trillion in cybercrime damages annually by 2021. Accordingly, Mind Commerce sees damage control and mitigation solutions as a critical portion of the cybersecurity market. Download the full report: https://www.reportbuyer.com/product/4897121/ At the macro level, spending is driven by the realization of increasingly more voluminous and sophisticated global threats to digital infrastructure. At the business level, company reliance upon the Internet, open interfaces and communication between customers and other companies necessitates robust cybersecurity solutions. In addition, new technologies and solutions such as the Internet of Things (IoT) will require new approaches to cybersecurity and hence innovative solutions as evaluated in the Mind Commerce report Artificial Intelligence in IoT Security and Fraud Prevention 2017 – 2022. Global Cybersecurity Market Outlook and Forecasts 2017 – 2022 examines cybersecurity technology and solutions. The report assesses risks and security operation issues relative to current and anticipated cybersecurity technologies. The research also assesses the impact regionally including North America, Europe, APAC, Middle East, Africa, and Latin America. The report evaluates leading cybersecurity solution provider companies, product and solutions, and impact on industry verticals. The report includes global and regional cybersecurity forecasts for the period 2017 to 2022 by product and solution, managed services, professional services, security type, deployment model, industry verticals, and threat platforms. Target Audience: · IT services companies · Cybersecurity solution providers · Network and datacenter operators · Managed security service providers · Cloud and network solution providers · Governmental agencies and NGO organizations · Enterprise organizations across all industry verticals Companies in Report: · Accenture PLC · BAE Systems Inc. · Barracuda Networks Inc. · Bayshore Networks · BlackMesh Inc. · Booz Allen Hamilton Inc. · Cassidian Cybersecurity · Centrify Corporation · Check Point Software Technologies Ltd. · Cisco Systems Inc. · DXC Technology · FireEye inc · Fortinet Inc. · Fortscale Security Ltd. · Hewlett Packard Enterprise (HPE) · IBM Corporation · Juniper Networks · Kaspersky Lab · Lockheed Martin · LogRhythm Inc. · McAfee · Northrop Grumman Corporation · Palo Alto Networks Inc. · Pradeo Security Systems · PricewaterhouseCoopers (PwC) · Rapid7, Inc. · RSA Security LLC · Schneider Electric · SecureWorks Inc. · Sophos Ltd. · Symantec Corporation · Thales Group · Trend Micro, Inc. Download the full report: https://www.reportbuyer.com/product/4897121/ About Reportbuyer Reportbuyer is a leading industry intelligence solution that provides all market research reports from top publishers http://www.reportbuyer.com For more information: Sarah Smith Research Advisor at Reportbuyer.com Email: firstname.lastname@example.org Tel: +44 208 816 85 48 Website: www.reportbuyer.com To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/global-cybersecurity-market-outlook-and-forecasts-2017---2022-300460260.html
News Article | May 17, 2017
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA). For more information, please visit www.qualys.com. Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies. To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/qualys-to-speak-at-upcoming-investor-conferences-300458783.html
News Article | May 26, 2017
Russian government hackers seem to have figured out that sometimes the best way to hack into people's Gmail accounts is be to abuse Google's own services. On Thursday, researchers exposed a massive Russian espionage and disinformation campaign using emails designed to trick users into giving up their passwords, a technique that's known as phishing. The hackers targeted more than 200 victims, including, among others, journalists and activists critical of the Russian government, as well as people affiliated with the Ukrainian military, and high-ranking officials in energy companies around the world, according to a new report. Read more: Would You Click on These Fake Gmail Alerts? Researchers at the Citizen Lab, a digital rights research group at the University of Toronto's Munk School of Global Affairs, were able to identify all these victims following clues left in two phishing emails sent to David Satter, an American journalist and academic who's written Soviet and modern Russia, and who has been banned from the country in 2014. On October 7, Satter received a phishing email designed to look like it was coming from Google, claiming someone had stolen his password and that he should change it right away. As with seen with other phishing attacks targeting people affiliated with the Hillary Clinton campaign that led to the DNC leaks of last year, the email, however, didn't come from Google. It was actually from a group of hackers known as Fancy Bear, or APT28, whom many believe work for Russia's military intelligence, the GRU. The "Change Password" button linked to a short URL from the Tiny.cc link shortener service, a Bitly competitor. But the hackers cleverly disguised it as a legitimate link by using Google's Accelerated Mobile Pages, or AMP. This is a service hosted by the internet giant that was originally designed to speed up web pages on mobile, especially for publishers. In practice, it works by creating a copy of a website's page on Google's servers, but it also acts as an open redirect. According to Citizen Lab researchers, the hackers used Google AMP to trick the targets into thinking the email really came from Google. "It's a percentage game, you may not get every person you phish but you'll get a percentage," John Scott-Railton, a senior researcher at Citizen Lab, told Motherboard. So if the victim had quickly hovered over the button to inspect the link, they would have seen a URL that starts with google.com/amp, which seems safe, and it's followed by a Tiny.cc URL, which the user might not have noticed. (For example: https://www.google[.]com/amp/tiny.cc/63q6iy) Using Google's own redirect service was also perhaps also a way to get the phishing email past Gmail's automated filters against spam and malicious messages. "It's a percentage game, you may not get every person you phish but you'll get a percentage." According to Citizen Lab, who doesn't directly point the finger at Fancy Bear, the email was actually sent by annaablony[@]mail.com. That address was used in 2015 by Fancy Bear to register a domain, according to security firm ThreatConnect. And another domain used in the October attacks exposed by Citizen Lab was also previously linked to Fancy Bear, according to SecureWorks, which tracked the phishing campaign against the DNC and the Clinton campaign. Curiously, the email targeting Satter came just a few days before Google warned some Russian journalists and activists that "government-backed attackers" were trying to hack them using malicious Tiny.cc links. Now we know that in October of 2016, when the hackers targeted Satter and at least 200 other people, the trick of using Google AMP was working, and Google hadn't blocked it. Google has previously dismissed concerns about open redirectors, arguing that "a small number of properly monitored redirectors offers fairly clear benefits and poses very little practical risk." On Thursday, a company spokesperson said that this is a known issue and last year some Google AMP URLs started showing a warning if the company's systems are uncertain whether the link is safe to visit, such as this. But for some security researchers, they are dangerous. "The AMP service's behavior as an open redirect for desktop browsers was clearly abused in this situation and is also just trivial to abuse in general," Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, told Motherboard in an email. "There is undoubtedly some engineering tradeoff I'm not seeing that causes them to maintain it." Google's redirectors might not be the only part of Google's infrastructure that Fancy Bear hackers have been taking advantage of. Citizen Lab researchers found a Tiny.cc URL that targeted an email address—myprimaryreger[@]gmail.com—that other security researchers suspect was used by Fancy Bear to test their own attacks. That address had a Google Plus page filled with images that appear in real, legitimate Gmail security alerts. It's unclear what the hackers used these for, or if they used them at all. But the researchers said that perhaps the hackers were embedding them in phishing emails, and the fact that they were hosted on Google Plus perhaps helped thwart Gmail's security controls. The Fancy Bear hackers are known to use popular services like URL shorteners in their high-profile hacking operations. And, sometimes, those URL shorteners betray them and end up revealing who they targeted. Between March 2015 and May 2016, as part of their operation to hack Clinton's campaign chairman John Podesta, and former National Security Advisor Colin Powell, the hackers targeted more than 6,000 people with more than 19,000 phishing links. Some of those used Bitly URLs that, as it turned out, could be decoded to figure out who they were intended to. Similarly, in this case Citizen Lab researchers were able to identify the victims by figuring out that there was a pattern behind how Tiny.cc creates short URLs. That pattern, as research fellow Adam Hulcoop explained to me, "was chronological." So, starting from the links sent to Satter, the researchers were able to guess other links created around the same time. It's impossible to know why the hackers keep relying on services like Bitly or Tiny.cc, which end up exposing some of their operations—although months later. One explanation could be that their phishing campaigns are highly automated, given that they target thousands of people. So, as Hulcoop put it, they need a modular phishing infrastructure where every element can be modified if needed, as "an insurance policy of sorts" and they use third party services "to try and balance the need for OpSec [operational security, or the practice of keeping operations secret] with the ability to operate at scale." "The construction of the Tiny.cc shortcodes pointing to TinyURL shortcodes, which ultimately point to phishing sites on different servers. This modularity is likely by design so that the operator can change up the individual components, servers, redirectors, etc., and only abandon the pieces that are burned," he said in an online chat. "The more layers you have, the more flexible you can be." Subscribe to Science Solved It, Motherboard's new show about the greatest mysteries that were solved by science.
News Article | May 25, 2017
"Observations and Recommendations on Connected Vehicle Security" aims to provide a thorough assessment on vehicle security design, which must be flexible enough to adapt to future challenges, and be cognizant of unanticipated threats that future disruptive technologies may bring. In the first of three sections, the IoT Working Group provides a detailed and insightful analysis of the evolution of vehicle connectivity towards fully connected and autonomous systems. The next section outlines areas of concern for connected vehicles, and lays out nearly 20 different attack vectors and the resulting impacts to the driver or vehicle. Finally, the report evaluates the security gaps that need attention and offers recommendations for enterprise-wide security controls to safeguard the driving public. Automobile connectivity today is evolving on a number of fronts. Platforms designed in the pre-connected era are now being connected in multiple ways. This has allowed security researchers to gain access to sensitive vehicles. Sensitive functions can be compromised via direct access, such as with USB and the On Board Diagnostic (OBD-II) port, or by remote access such as infotainment consoles, Bluetooth, WiFi and cellular devices. "There are a number of motivations for bad actors to compromise connected vehicle components and technologies, ranging from curious hackers attempting to demonstrate weaknesses, to malicious entities attempting to cause harm, on both small and large scales," said John Yeoh, senior research analyst at the CSA. "Only through the thoughtful use of disruptive technologies such as big data, machine learning and artificial intelligence can we help build a better, safer and more secure connected vehicle ecosystem." Nearly 20 CSA IoT Working Group members contributed to the research and development of the report. Lead authors of the report include Brian Russell, chair of the CSA IoT Working Group and chief engineer, Cyber Security Solutions at Liedos, a CSA corporate member, along with Aaron Guzman of SecureWorks, Paul Lanois of Credit Suisse, and IoT industry expert Drew Van Duren. The CSA IoT Working Group focuses on understanding the relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their implementations. Individuals interested in becoming involved in future research and initiatives are invited to do so by visiting https://cloudsecurityalliance.org/group/internet-of-things/#_join. About Cloud Security Alliance The Cloud Security Alliance (CSA) is the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA's activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/cloud-security-alliance-releases-new-guidance-for-connected-vehicle-security-300463718.html
News Article | May 23, 2017
Fancy Bear may have stumbled in the French election but they’re still wreaking havoc across Western Europe. And despite the failure of what many suspect was their attempt to disrupt the victory of Emmanuel Macron’s political campaign, the infamous Russian hackers haven’t yet adapted their tactics, say cybersecurity experts. In France, Fancy Bear was suspected of hacking Macron’s email account, presumably in an attempt to boost right-wing candidate Marine Le Pen. The hack led to a massive dump of leaked documents just days before this month’s election, but it proved ineffective due to French resistance to fake news and social media and to the Macron campaign’s effective counterattack–reportedly setting up its own fake sites and accounts to confuse the hackers. But the group continues to pursue digital attacks across the world, in an effort to steal sensitive information and promote Russian interests through leak-based propaganda campaigns, experts say. “A lot of their activity goes pretty unnoticed in the West, because a lot of it focuses on Eastern Europe and Central Asia,” says John Hultquist, director of cyber-espionage analysis at security firm FireEye. The group has targeted political figures in Montenegro, for instance, as the Balkan country–once part of Soviet-aligned Yugoslavia–moves to join NATO. “Obviously that has repercussions for Russian influence in the area,” says Hultquist. Fancy Bear has also been active in Germany, hacking computers of the country’s parliament in 2015 and subsequently attacking Chancellor Angela Merkel’s party and reportedly sending phishing emails to affiliated political research organization earlier this year. Die Zeit, a respected German newspaper, warned earlier this month that “it is quite possible that emails from the chancellor will soon appear during the election campaign” leading up to a vote in September that will determine whether Merkel’s party continues to control the legislature. The group hasn’t been spotted to the same extent in the U.K., where elections are slated for June 8, though security firm SecureWorks reported earlier this year that Fancy Bear penetrated a network belonging an unnamed television network in the country in 2015 and 2016. Part of the reason for Fancy Bear’s relentlessness is due to the perception that their attacks go unpunished. Though the hackers suspected of hacking the Democratic National Committee and Hillary Clinton campaign chairman John Podesta’s email accounts inarguably impacted the election, leading to the victory of Russian president Vladimir Putin’s preferred candidate, they’ve paid a relatively small price for the attacks, says Chris Finan, cofounder and CEO of security startup Manifold Technology and a former White House cybersecurity advisor. “What consequences have the Russians paid for what they did in 2016? Hardly anything: a few new sanctions.” Fancy Bear, also dubbed APT-28 and Pawn Storm by various analysts, doesn’t focus only on the headline-grabbing, politically charged leak campaigns that typically make the news, he says. The group also pursues regular digital espionage campaigns against a variety of military, diplomatic, and government targets, looking for information of value to Russian intelligence that might never be released to the public.
News Article | May 26, 2017
ATLANTA--(BUSINESS WIRE)--SecureWorks Corp. (NASDAQ: SCWX), a provider of intelligence-driven information security solutions, today announced that Michael R. Cote, Chief Executive Officer, and R. Wayne Jackson, Chief Financial Officer, will present at the following investor conferences: The presentations will be available on SecureWorks' website http://investors.secureworks.com by 8:00 a.m. Eastern Time on the morning of each conference. SecureWorks’ presentation at the William Blair's 37th Annual Growth Stock Conference will be webcast at http://wsw.com/webcast/blair53/scwx. Interested parties should log on to the website 15 minutes prior to the presentation time to register for the event and download any necessary software. A replay of the webcast will be available on the site for 90 days following the conclusion of the conference. SecureWorks® (NASDAQ: SCWX) is a leading global cybersecurity company that keeps organizations safe in a digitally connected world. We combine visibility from thousands of clients, artificial intelligence and automation from our industry-leading SecureWorks Counter Threat Platform™, and actionable insights from our team of elite researchers and analysts to create a powerful network effect that provides increasingly strong protection for our clients. By aggregating and analyzing data from any source, anywhere, we prevent security breaches, detect malicious activity in real time, respond rapidly, and predict emerging threats, offering our clients a cyber-defense that is Collectively Smarter. Exponentially Safer.™ www.secureworks.com
News Article | May 1, 2017
By this time last year, one tech company had gone public. Already this year, nine tech companies have gone public on U.S. exchanges. Needless to say, public exits are looking up. That comparison becomes starker when you compare SecureWorks, 2016’s first IPO, to Snap, which went public in 2017. SecureWorks priced under range, and it has since fallen nearly 38 percent from its IPO price. Snap, in contrast, priced above range and then saw its share price quickly ascend. It’s too early to compare 2017’s IPO crop closely to 2016’s. That said, we can still parse out some interesting numbers from the cadre of newly public tech companies in 2017. So, under that edict, let’s explore. The nine companies that have gone public this year in alphabetical order are Alteryx, Carvana, Cloudera, Elevate Credit, Mulesoft, Netshoes, Okta, Snap and Yext. (The list would have a tenth entrant, of course, if not for AppDynamics’ pre-IPO exit.) The list of companies includes a number of enterprise-facing concerns, a Brazilian e-commerce company (listed on the New York Stock Exchange, thus making the cut), and whatever Snap calls itself. All told, it’s a moderately diverse mix of companies that vary, in terms of value, from just a few hundred million dollars to tens of billions. That range brings us to the question of relative scale. Let’s see where the numbers take us. According to amended Google Finance data — you can follow along on a public copy of the raw figures here — the rank list of the most valuable 2017 tech IPOs is stark: The aggregate value of our nine IPOs is $37.5 billion. That allows us to deduce the following comparative metrics: Snap is worth more than two-thirds of all 2017 tech IPOs, tipping the scales at 68.8 percent; and Mulesoft, the second most valuable public 2017 IPO, clocks in at just 7.8 percent. And, just for fun, the five-largest tech companies by market cap have gained nearly $50 billion in aggregate market cap today alone, more than the value of all 2017 IPOs. This year, the media has mostly focused on the pace of growth and the value of that growth when it comes to IPOs. This is reasonable. After all, many tech companies are valued more on their expansion prospects than on their potential for near-term shareholder remuneration via cash disbursements or buybacks. As it turns out, that is a damn good thing for the 2017 set of U.S.-listed tech IPOs. Not one of these companies has a price/earnings ratio. That’s to say that they all lose money. Not one is profitable. I can hear your complaints already: tech IPOs are supposed to lose money due to substantial investment in growth. But that disregards the fact that four of the five largest tech companies by market cap were profitable at IPO, at least one 2016 IPO was profitable at the time of its debut (Acacia Communications, the year’s second IPO), and another was close (Line). So perhaps we’ll see some companies in the black make it across the finish line as the year progresses. I raise all of that to underscore the pace-to-date of IPOs this year. By May 1, 2016, the year’s IPO tally was one, and by mid-May, it had crawled to two. This year, two companies went public last Friday alone, and the pipeline includes published S-1s. In 2017, we have averaged an IPO every 13.3 days—just under two weeks. 2016, by mid-May, was at a pace of one every 66.5 days. It’s been a great year thus far for startup and unicorn liquidity alike. That is partially due to the Nasdaq setting new highs on a seemingly regular basis. (It’s not as hard to IPO when tech stocks are at record prices, as you can imagine.) What will be interesting to see is how many more companies can make it out before the market changes, and the IPO window closes, if only in part. We’ll check back in after the next few debuts to see what’s changed.
SecureWorks | Date: 2016-07-29
A method includes selecting a first connection between a connection manager and a managed system, the first connection being associated with a first privilege level, communicating by the connection manager a first command to the managed system via the first connection, determining that a second command is executable on the managed system using a connection that is associated with a second privilege level, the second privilege level being a lower privilege level than the first privilege level, selecting a second connection between the connection manager and the managed system, the second connection being associated with the second privilege level, and communicating, by the connection manager, the second command to the managed system via the second connection.
SecureWorks | Date: 2016-04-29
Network traffic can be prevented from entering a protected network. An alert can be received that can be triggered by network traffic that matches at least one signature that is associated with undesired network behavior. A source of the network traffic that triggered the alert can be determined, and network traffic that originates from the source can be blocked. Blocking the source can include assigning a determination to the alert. It can then be determined whether network traffic from the source should be blocked based on the determination. The source can then be provided to the protected network such that a network device coupled to the protected network can be configured to block network traffic that originates from the source.