Information Technology

Following a cybersecurity meeting at the White House on Wednesday, President Biden secured promises from major tech companies to spend significant sums improving the nation’s cyber resiliency. Microsoft and Google, for instance, each committed billions to specific cybersecurity investments. The meeting comes in the wake of a series of dramatic cybersecurity incidents, including the Colonial Pipeline ransomware attack that shut down gas and oil deliveries throughout the southeast, the SolarWinds software supply chain attack and an extensive hack on Microsoft Exchange servers.In a statement, the White House said a “whole-of-nation effort” is needed to address cybersecurity threats. To that end: Microsoft announced it will invest $20 billion over the next five years to advance “cyber security by design” and deliver advanced security solutions. The company also announced it will immediately make available $150 million in technical services to help federal, state and local governments upgrade their security.Google committed $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain and enhance open-source security. The company also said it will help 100,000 Americans earn industry-recognized digital skills certificates.Apple will establish a new program to make the technology supply chain more secure. As part of that effort, it plans to work with its suppliers to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging and incident response. IBM said it will train 150,000 people in cybersecurity skills over the next three years, and it will partner with more than 20 Historically Black Colleges & Universities to establish Cybersecurity Leadership Centers. Amazon announced it will offer Amazon Web Services account holders a free multi-factor authentication device. It also plans to make its security awareness training, which it currently offers to employees, free to the public.  The White House also received commitments from cyber insurance providers and educational organizations to improve the nation’s security posture. President Biden issued a cybersecurity executive order in early May, requiring federal agencies to modernize their cyber defenses. The Biden Administration earlier this year also launched a 100-day initiative to improve cybersecurity across the electric sector. On Wednesday, the administration announced the initiative has improved the cybersecurity posture of more than 150 electric utilities and would now expand to natural gas pipelines. Additionally, the White House Wednesday said the National Institute of Standards and Technology (NIST) will develop a new framework to improve the security and integrity of the technology supply chain.  To do so, it will work with partners including Microsoft, Google and IBM. More

“We have almost made the decision around which cloud meaningless to our customers,” says Elastic CEO Shay Banon, “because they can just go and pick and choose, and we integrate with the marketplace.”
Elastic Inc.
Enterprise search technology company Elastic this afternoon reported fiscal Q1 revenue that topped analysts’ expectations, and a surprise profit where analysts had expected a loss, and raised its forecast for revenue. The report sent Elastic shares up almost 4% in late trading. “Our cloud revenue grew 89%, year over year, we’re very proud of that,” CEO and founder Shay Banon told ZDNet in an interview via Zoom. “Next year, we expect to breach the $1 billion barrier,” added Banon. “We’ve very excited about our growth.Elastic’s total revenue in the three months ended in July rose 50%, year over year, to $193.1 million, yielding a net profit of 4 cents a share, excluding some costs.Analysts had been modeling $173.2 million and a 10-cent net loss per share.Total cloud revenue of $61.5 million made up a third of total revenue.

Elastic’s progress in cloud is being helped by the ability to have search function across different clouds where customers have workloads, Banon told ZDNet. Customers can deploy Elastic’s Elasticsearch software on Amazon AWS and also GCP, and search across the two, for example. Elastic “move the search, we don’t move the data,” meaning that customers information stays where it is hosted. “That’s pretty unique,” said Banon. The ability to span clouds can save money in terms of cost of data hosting, claimed Banon.”We have almost made the decision around which cloud meaningless to our customers,” said Banon, “because they can just go and pick and choose, and we integrate with the marketplace.” That integration has “required substantial investment on our part,” said Banon. “I’m happy to start to see it panning out.”In a separate release, Elastic announced it has agreed to acquire five-year-old security startup Cmdwatch Security, Inc., of Vancouver, British Columbia, also known simply as Cmd, for undisclosed terms. The startup will bring runtime security capabilities to Elastic’s observability and event management tools, with particular emphasis on protecting assets in cloud environments, including things such as Kubernetes installations.Banon said observability tools such as application management and DevOps are on course to merge with security tools. “There is another phase of consolidation that is going to happen in the next five years in the market, which is that observability and security are going to start to merge together,” said Banon. “Because while you observe, why not protect?”For the current quarter, the company sees revenue of $193 million to $195 million, and net loss per share in a range of 15 cents to 19 cents. That compares to consensus for $188.7 million and a 14-cent loss per share.For the full year, the company raised its outlook for revenue from a prior rang of $782 million to $708 million to a new range of $808 million to $814 million. That compares to consensus of $789 million. The company also lowered its outlook for profitability, forecasting a net loss of 57 cents to 67 cents a share, excluding some costs, below the prior outlook of 51 cents to 50 cents a share.

Tech Earnings More

Security, in both the physical and digital sense, is imperative for companies to deter trespassers and would-be thieves and to protect valuable equipment crucial for businesses to operate successfully.  A robust security setup can take the pressure off existing security staff and give business owners peace of mind out-of-hours. Luckily for organizations, the emergence of the Internet of Things (IoT) technology, mobile connectivity, apps, and cloud technologies has radically changed the security landscape and made it easier than ever to set up multi-room and on-premise systems. The possibilities are endless: cloud or local feed storage, customizable or automatic alerts and alarms, smartphones and tablet connectivity, wired or wireless, battery-powered or mains options, video capture, night vision, audio feeds of varying quality, and the ability to check-in, in real-time, are all on offer and can be tailored depending on the requirements of your business.  To make navigating the variety of hardware and vendor ecosystems available to today’s company owners less of a challenge, we have assembled our top ten picks for businesses. 

Flexible, mobile security solution without spending a fortune

Ring

It was once the case that to protect a business premise, heavy-duty, wired surveillance systems were the only options available. Times have changed and with the explosion in mobile solutions and the increased bandwidth offered by broadband and 4G/5G, there are mobile-friendly options for SMBs seeking a budget-conscious security option.  The benefit of the Ring camera range, including indoor, outdoor, stick-up, and floodlights, lies within its flexibility. Each camera can be connected to the same account and accessed via smartphone, alerting users to motion from all areas.  Of particular note are Stick Up Cams, which can be placed inside or outdoors and on flat surfaces or walls. Battery and wired options are available, as well as devices that come with a solar panel and backup battery pack. The Spotlight and Floodlight models, too, are of interest given their inbuilt security sirens.  As there are a variety of different cameras users can pick from, a mix-and-match set up to protect a premise is possible.Pros:Flexible and quick setupsProfessional monitoring availableBolt-on ecosystem additions available including outdoor camerasCons:Long shipping timeMultiple camera costs are high

Discreetly keep an eye out for intruders outside of hours

Nest

Google Nest cameras will be of interest to business owners already in the Nest ecosystem — including users of the Nest Thermostat, Nest CO2 alarms, as well as Nest X Yale Locks. The Nest Cam Indoor and Outdoor cameras are mobile options for on-premise security. They are best suited for budget-friendly users that need basic security measures in place. The cameras can record footage in 1080p HD, and when it comes to the outdoor version, this quality is maintained at night through infrared LEDs.  Both versions have inbuilt speakers and will alert users via their mobile devices if suspicious activity or visitors are detected by motion and noise sensors. Once the app has been installed and an account has been set up, monitoring begins.  The Nest Aware and Nest Aware Plus services will record everything 24/7 on a monthly or annual subscription basis. Nest Indoor cameras are priced at $129.99, whereas you can expect to pay $199 for an Outdoor camera. However, if you want a cheaper alternative, Google is set to roll out more budget-friendly, wired options.Pros:Easy setupMobile device monitoring and accessData analytics implemented to monitor hot spotsCons:Wired options not yet availableExpensive for single cameras

A cheap home security camera

Wyze

If you want to dip a toe into the world of IoT and intelligent home security devices, you may want to consider the Wyze Cam v3, one of the most affordable options on the market today.The Wyze Cam v3 is a $35 internet-connected camera offering 1080p recording, IP65 quality for indoor or outdoor use, a CMOS sensor designed to improve nighttime vision, a siren, and two-way communication.The camera can be part of a wider Wyze security ecosystem including outdoor cameras, motion sensors, leak sensors, keypads, and entry monitors. Pros:Additional security products on offer to create a wider security networkSmall, compact designCons:Only 14 days of cloud storage included (rolling), unless subscribed

Wireless monitoring for the workplace

Arlo

Another option is the Arlo Pro 4. This slimline, business-ready option can be used either in or outdoors, being a weather-resistant model with a variety of mounting options that can detect both sound and motion. The Arlo Pro 4, available in black or white, can work as a day-to-day camera on the shop floor; a discreet camera placed outside to act as a night watchman, or as a part of a full network of cameras in a large workplace. A spotlight to improve low-light recording is included alongside object scanning and detection.Arlo’s camera is compatible with Amazon Alexa, Google Assistant, and Apple HomeKit. Users will receive real-time alerts whenever motion or sound is detected and footage is captured in up to 2K HDR resolution. The vendor has also implemented Activity Zones which can be set to reduce unwanted or nuisance notifications.Pros:Six months of battery lifeMagnetic mountsCons:An Arlo Secure subscription is required for premium features 

Protection for multiple outdoor zones

Netatmo

The Netatmo Smart Outdoor Camera should be considered if outside security is the priority for your business.  This option is a weather-resistant camera substantial enough to be seen — and may potentially deter unwanted visitors by its presence alone — and does not purely rely on night vision. Instead, the camera is equipped with a floodlight that can be remotely enabled, disabled, or set to power up when motion is detected.  Users can also set up specific zones for immediate alerts and snapshots are taken to give users the option to check in further. The camera is compatible with iOS and Android, Apple HomeKit, Amazon Alexa, and Google Assistant. In addition, there is no subscription fee as users can choose to store recorded HD footage locally.Pros:Customizable alert preferences, useful for petsNo subscription requiredCons:Some users have reported long-term weather exposure issues

360-degree, panoramic coverage of your business premises

D-Link

The D-Link Vigilance DCS-4605EV will suit business users who want panoramic security coverage of the shop floor.  This camera is best suited for businesses concerned about vandalism as the camera has been specifically housed in a rugged casing to prevent tampering or damage. Another advantage of this camera is how weatherproof it is; being able to operate in a range of conditions and temperatures from 30 degrees C to 50 degrees C. The D-Link Vigilance includes a fixed 5-megapixel lens with a focal length of 2.8 mm and is able to record Full HD 2560 x 1920 pixel footage at a 20-foot range. Each camera can be connected to D-ViewCam, free surveillance software to manage a network of up to 32 cameras simultaneously. The camera also supports Power over Ethernet (PoE), to make deployment possible with a single cable.  The D-Link Vigilance is currently on offer for $256.Pros:Customizable video compression formatsRugged casingCons:Wired only

A must for do-it-yourself fans

Scout

Scout should be considered if you are a DIY fan and want to apply your hobby to home security.The company’s DIY system allows customers to pick the components they want — such as a hub, door panels, access and motion sensors, indoor cameras, and water detection devices. In addition, you can pick the color and finish suitable for your home (black or white) as well as the level of remote support you want. Scout’s product line is focused on mobility. Users pick their components, connect them to their mobile device, and then you’re good to go. Features include remote real-time access to activity feeds; false alarm checks; arming and disarming, and choosing how the DIY system reacts in different situations — such as how you want to be notified of motion at your front door. Packages range from a $229 starter kit containing a hub, door panel, one motion sensor, two access sensors, and two key fobs, to a large $549 package offered with a hub, door panel, one motion sensor, four access sensors, two key fobs, a smart lock, and glass break sensor. Customers can also pick-and-mix different components if they prefer.A 4G backup system is in place if home Wi-Fi cuts out and subscription-based professional monitoring is also available. Pros:FlexibilityNo hard-wiring requiredCons:Expensive start-up cost

Best for small homes and apartments

SimpliSafe

SimpliSafe is another worthy addition to our list and would suit users who need a flexible solution for smaller homes and apartments. SimpliSafe is a Wi-Fi-connected security solution backed by real-time monitoring in remote centers. While wired, in the case of a blackout, devices in the SimpliSafe range have backup batteries. The basic ‘Essentials’ package, starting at $181 (currently on sale), includes a base station, keypad, three entry sensors, and one motion sensor. At the time of writing, a free HD camera is also included in the bundle.Other packages and bolt-on options include panic buttons, freeze and water sensors, smoke detectors, and sirens. Pros:No drilling requiredStylish, discreet designCons:Assistance on offer for setup, but priced at $79

How did we choose these security cameras?

The requirements of home and business security cameras vary: the average consumer may lean toward an easy-to-install, budget-conscious product, whereas a company may be more inclined to invest in a more powerful alternative to protect valuable assets. In each case, we have considered as many aspects of a security system as possible, including recording capabilities, environmental use, and cost — both upfront and due to ongoing subscriptions.

Which is the right security camera for you?

When you are selecting your home security camera, you should consider the pain points at home or at your business location. What areas are the most important when it comes to monitoring? What assets do I need to protect? When might my home or premises be most vulnerable?If you’re working from home, for example, you might forgo constant video capture and a subscription, settling instead for clips and the ability to check-in while you’re away. However, if there is valuable stock in an office that is shut at night, you might pivot toward an option including night vision and constant video/audio feeds.

Are there alternatives worth considering?

While our top picks have included a variety of functions and uses, the below are still worth consideration.

Is it necessary to subscribe to a monitoring service?

No, but technology services now — ranging from streaming to IoT — will not usually stop at hardware: revenue models are pivoting to subscriptions, too. If you want constant monitoring and footage to be stored beyond a specific period of time, you may need to sign up.

Do I have to connect my camera to assistants like Amazon Alexa?

This bolt-on integration is usually added to make products more appealing and for the convenience for users, but you do not need to connect your home security system to anything else in your IoT ecosystem.

Will pets trigger alerts on a home security camera?

This was once a common problem with earlier forms of IoT and smart cameras, but vendors are constantly improving false-positive rates through improved object detection and the implementation of features such as ‘activity’ zones. 

ZDNet Recommends More

IBM has announced a new Secure Access Service Edge (SASE) solution designed to encourage the zero-trust security approach in the enterprise. 

On Wednesday, the tech giant said that the new service, IBM Security Services for SASE, will leverage technology provided through a partnership with cybersecurity firm Zscaler, announced in May. The new offering has been “designed to help accelerate organizations’ adoption of cloud-delivered security at the edge, closer to the users and devices that access corporate resources,” according to IBM, as well as to promote zero-trust network access (ZTNA) in the enterprise. IBM Security Services for SASE includes the firm’s zero-trust strategy protocols, SASE blueprints, a modern network architecture, and Zscaler capabilities, including the creation of processes and policies for managing SASE, as well as support for IBM Managed Security Services.  According to the company, IBM Security Services for SASE will help support a now-hybrid workforce, third-party access systems, merger acquisition execution, and network upgrades to facilitate the cloud, 5G, and Internet of Things (IoT) devices.  “Traditional approaches to network security are no longer viable in a digital world where users and applications are distributed,” commented Mary O’Brien, General Manager at IBM Security. “We’re seeing this transformation happen right before our eyes as many organizations plan to operate in a hybrid model for the foreseeable future. This new approach requires a shift in culture, processes and collaboration across teams alongside a new technology architecture.”The new solution is now commercially available. 

Earlier this year, IBM and Zscaler announced its alliance alongside the creation of a Software-as-a-Service (SaaS) implementation of IBM Cloud Pak for Security, focused on streamlining the development of zero-trust architectures in the enterprise.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

StackCommerce
Apparently, the COVID-19 pandemic is driving the next big wave of IT outsourcing. And since security is such a huge chunk of IT responsibilities, the affordable self-paced 2021 All-in-One Ethical Hacking & Penetration Testing Bundle would be an excellent choice for anyone considering a career change. Best of all, all nine courses are designed for beginners, so no previous knowledge or experience is required.

You can jump right in with “Applications & Penetration Testing: Fast Start” to find out all about the main aspects of ethical hacking. Or you might prefer to begin with the crowd favorite, “Ethical Hacking with Metasploit: Exploit & Post Exploit”, which takes you from novice to expert as a white hat hacker. Former students have given this course an impressive 4.8 out of 5 stars rating. However, that’s not completely surprising since Oak Academy was created by elite tech experts and specializes in critical skillsets for cybersecurity, game development, mobile app monetization, and more.You will learn all about spoofing, sniffing, password cracking and much more in “Ethical Hacking: Network Fundamentals & Network Layer Attacks” and “Wi-Fi Hacking & Wireless Penetration Testing Course”, which also teaches about WPS Cracking and other topics specific to Wi-Fi. You’ll get more familiar with password cracking, as well as network scanning and a variety of other useful tips in “Free Tools for Penetration Testing & Ethical Hacking”. And then you dive deeper into network scanning with “Ethical Hacking: Network Scan by Nmap & Nessus”.Find out how hackers use social engineering to access the Windows, Linux, and Android platforms in “The Complete Social Engineering, Phishing, OSINT & Malware”. You’ll learn how black hat hackers compromise applications on the web and how to fight them in “Complete Web Application Hacking & Penetration Testing”. “Cloud Security with Microsoft Azure For Beginners” covers cloud computing fundamentals and how to secure your infrastructure when working in Microsoft Azure Cloud Computing Services.Don’t pass up this opportunity to start training for a hot new career as a cybersecurity expert. Get The 2021 All-in-One Ethical Hacking & Penetration Testing Bundle today while it’s on sale for just $29.99.

ZDNet Recommends More

Cybersecurity researchers have warned of four emerging families of ransomware that could pose a significant cybersecurity threat to businesses.  Ransomware remains one of the key cybersecurity threats facing businesses around the world as cyber criminals try to compromise networks and encrypt them to demand ransom payments, which can amount to millions. This lure of potentially easy money attracts cyber criminals of all levels towards ransomware, from specialist ransomware gangs who keep the malware for themselves, to ransomware-as-a-service groups who lease out their illicit product to low-level malicious hackers who want to get in on the action. In recent months, some significant ransomware operators have seemingly disappeared. But that doesn’t mean that ransomware is any less of a problem – new groups are emerging to fill the gaps. Cybersecurity researchers at Palo Alto Networks have detailed four upcoming families of ransomware discovered during investigations – and under the right circumstances, any of them could become the next big ransomware threat. One of these is LockBit 2.0, a ransomware-as-a-service operation that has existed since September 2019 but has gained major traction over the course of this summer. Those behind it revamped their dark web operations in June – when they launched the 2.0 version of LockBit – and aggressive advertising has drawn attention from cyber criminals. According to researchers, LockBit has compromised 52 organisations around the world since June. Perhaps most notably, criminals using LockBit compromised Accenture, although the company was able to restore from back-ups without needing to pay a ransom. 

The rise of LockBit hasn’t gone unnoticed, as Australia’s Cyber Security Centre has posted an alert warning organisations about the threat. But LockBit isn’t the only form of ansomware that’s on the rise – AvosLocker ransomware first appeared in July and offers a ransomware-a-as-service scheme that includes the operators taking care of negotiating ransoms.  The group has compromised several organisations around the world, including law firms in the United States and the United Kingdom. Like other ransomware groups, AvosLocker leaks stolen data if a ransom isn’t paid. SEE: A winning strategy for cybersecurity (ZDNet special report) Ransom demands following AvosLocker attacks are relatively low for ransomware in 2021, standing at between $50,000 and $75,000. But unlike many other ransomware groups that demand a payment in Bitcoin, AvosLocker asks for it in Monero – a cryptocurrency designed to be anonymous. Monero isn’t as high-value as Bitcoin, but the added anonymity means that it’s more difficult to trace cyber criminals who use it. Another new player in the ransomware market is Hive ransomware, which was first seen infecting organisations in June 2021. The attackers behind it also leverage stolen data and double extortion to coerce victims into paying the ransom.  In total, Hive has so far claimed 28 victims –  including healthcare providers – in attacks that have the potential to disrupt patient care. This sort of cavalier attitude to the wellbeing of the general public could make Hive a dangerous ransomware threat. The fourth emerging threat detailed by researchers is a twist on an established form of ransomware. Hello Kitty ransomware first appeared in December 2020 and primarily targeted Windows systems. Now, researchers have identified a new version of Hello Kitty that targets Linux systems, opening a whole new platform for cyber criminals to target. “Ransomware not only is after Windows systems – now with the Hello Kitty variant targeting ESxi, they are trying to get a whole different market that wasn’t explored before,” Doel Santos, threat intelligence analyst at Unit 42, Palo Alto Networks told ZDNet. Organisations around the world have been targeted with this variant of Hello Kitty, which alters ransom demands depending on the target. The criminals have demanded as much as $10 million in Monero from one victim – although the operators are also open to accepting payment in Bitcoin. The rise of these ransomware groups just goes to show that, even as established groups seemingly disappear, new players rise to take their place. Many of these will adopt the tactics and techniques of successful ransomware outfits that came before them to make attacks as effective as possible. “Many more prevalent groups paved the way for these smaller groups to emerge, giving them a business model to follow to carry out operations. That’s another reason why we see these emerging ransomware groups leverage double extortion approaches, which has become the standard since Maze ransomware,” said Santos. No matter what type of ransomware cyber criminals are using, it represents a major threat to businesses. To help protect networks from falling victim to ransomware attacks, it’s recommended that security patches are applied in a timely manner to prevent criminals exploiting known vulnerabilities. Multi-factor authentication should also be applied to all users to provide an extra barrier to attacks exploiting stolen or leaked usernames and passwords as an entry point. It’s also recommended that businesses regularly update and test their backups – and store them offline – so if the network does fall to a ransomware attack, there’s the ability to restore it without having to pay the ransom.MORE ON CYBERSECURITY More

Singapore is looking to widen access to its COVID-19 contact tracing wearable device, which soon can be delivered to the homes of new users. Current users of the TraceTogether token also will be able to replace non-working ones via more vending machines.  A home delivery service would be introduced for new users of the TraceTogether wearable device, as part of “continuous effort to support” the nation’s public health requirements, said the Smart Nation and Digital Government Group (SNDGG) in a statement Wednesday.  The government agency said more vending machines to issue replacement tokens also would be deployed progressively at more than 40 shopping malls, particularly those with high traffic, as well as all 108 community centres across the island, in the coming week. 

It added that manned booths for the collection and replacement of TraceTogether tokens then would be reduced gradually, with such booths in shopping malls to stop operating on August 31. Token counters at community centres would be pulled back at a later date.  SNDGG said it had worked with Temasek Foundation, which deployed mask dispensing machines, to retrofit these vending machines to include TraceTogether tokens.  Each vending machine would be able to hold 1,400 tokens and could be used to replace wearables that were out of battery or not working. Specifically, the machine would allow for replacement of tokens only if these were issued at least 60 days ago.  Deployment of the vending machines was slated to complete by end of October, according to SNDGG.

Singapore’s TraceTogether platform, comprising the mobile app and token, currently has a high adoption rate of more than 90%. It is widely used alongside SafeEntry, a digital checkin tool that collects visitors’ personal data when they enter venues such as supermarkets, restaurants, shopping malls, and workplaces.  The government in February 2021 passed a legislation detailing the scope of local law enforcement’s access to TraceTogether data. Then move came amidst public outcry when it was revealed the police could access the information for criminal investigations, contradicting previous assertions the data would only be used when the individual tested positive for the coronavirus.Singapore had issued the TraceTogether wearable device as part of efforts to quell data privacy concerns, touting the token as a “no internet” device that did not have GPS, internet, or cellular connectivity. Data collected only could be extracted when the wearable device was physically handed over to a health official, the government said. It also said the use of TraceTogether would cease once the pandemic was under control and contact tracing no longer necessary.Minister-in-Charge of the Smart Nation Initiative and Foreign Affairs, Vivian Balakrishnan, said last week any decision to stop using the contact tracing platform should be based on “science”, not politics. Referring to doctors, the minister said in an interview with Reuters: “Let the professionals tell us whether contact tracing to that level is necessary or helpful, and whether it secures the safety of our people. I will leave it at that. There is no need to politicise it.”In the week leading up to August 24, unlinked cases accounted for 33% of COVID-19 infections in Singapore, up from 25% two weeks before and 23% the week before, according to figures from the Ministry of Health. It recorded 269 community cases in the week leading to August 24, compared to 551 two weeks before and 372 the week before.RELATED COVERAGE More