Live Webinar | Using Automation to Augment the SOC - EMEA bankinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from bankinfosecurity.com Daily Mail and Mail on Sunday newspapers.
LinkedIn
Four years ago, it was argued that software would replace Tier One Security Analyst roles across the industry. But at Secureworks, we view the infusion of automation into the SOC differently. Kevin Hanes, Secureworks Chief Operations Officer, believes the SOC of the future will bring together the best of data science with intelligent, proactive human input. Learn how an industry leader is utilizing technology not to extinguish the Tier One role, but to ignite a new generation of analysts with the blend of technical and human analysis that meets customer needs as cybersecurity transforms to stay ahead of ever-changing threat actors.
BankInfoSecurity
May 5, 2021
Compliance
Compliance Twitter Get Permission
PayPal has patched a cross-site scripting - or XSS - vulnerability in its currency conversion endpoint that, if exploited, could enable malicious JavaScript injection.
The PayPal vulnerability was discovered in February 2020 by a security researcher who goes by the name Cr33pb0y, who was paid $2,900 as part of HackerOne s bug bounty program.
Responding in the HackerOne forum, PayPal notes the vulnerability resulted in its currency conversion URL improperly handling user input. An attacker exploiting the vulnerability could perform JavaScript injection or add other malicious code to the URL to access the document object model on the victim s browser. By loading a malicious payload into a victim s browser, hackers could steal data or take control of a device.
Joseph Blankenship, vice president, research director, security and risk, Forrester
Organizations must adopt a new approach to security automation that s tailor-made to address today s threats, says Joseph Blankenship, a vice president and research director at Forrester.
SIEM tools provide SOC analysts with limited contextualized data as well as a disproportionate amount of false positives, he says. So the analysts need to use security analytics and other tools. “One of the things that we want the analytics to do for us is give us a better picture of what s real and what s not real,” Blankenship says.
He advises organizations to liken security automation to an architecture and engineering exercise. “That requires that we examine what workflows look like, understand the types of threats that we re dealing with on a regular basis, know what kind of technology we have and design the automation to fit that.”
Israel’s cyber ecosystem starts with conscripts in specialist military units. Picture Israel Defense Force
Israel s cybersecurity sector continues to thrive, with investments pouring in and exports increasing, according to the Israel National Cyber Directorate, the government agency responsible for advancing the county’s cyber capabilities and ensuring national cyber defense.
The directorate reports that pre-IPO investments in domestic cybersecurity firms totaled $2.9 billion in 2020, up 70% from the previous year. Plus, there were more than 20 acquisitions of Israeli cybersecurity companies last year with a total value of $4.7 billion.
Meanwhile, Israeli exports of cybersecurity products and services hit $6.85 billion in 2020, up from $6.5 billion in 2019, according to the directorate.