Security Boulevard

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Stromatolites’ appeared first on Security Boulevard.

A survey of 150 security decision makers in the U.S., published today, finds that close to two thirds of cybersecurity incidents (62%) involved issues that were previously known to be a potential threat. Conducted by ZEST Security, the survey finds half of respondents work for organizations where 56% of risks identified can’t for one reason..

The post Survey Sees Organizations Being Overwhelmed by Remediation Challenges appeared first on Security Boulevard.

Mitre Att&ck as Context

Introduction:

A common theme of science fiction authors, and these days policymakers and think tanks, is how will the humans work with the machines, as the machines begin to surpass us across many dimensions.

In cybersecurity humans and their systems are at a crossroads, their limitations daily exposed by ever more innovative, aggressive, well-funded, and AI-wielding attackers.

The humans are burned out. Dissatisfied by their cybersecurity careers and their day-to-day work.

And the machines are all too often either too literal — a set of if-then statements packaged into thickets of rules — or too brittle — seeing useful patterns from the noise, but only when carefully tuned, oiled, and interpreted by overstretched humans with rare expertise.

For years those of us building tools for defenders have been building point solutions for new attack vectors, and hoping that we could catch up with ever-widening and complex attack surfaces of enterprises, utilities, governments, service providers, and all of us humans.

We have built DeepTempo and our LogLMs to buttress the eroding foundations of cybersecurity. Our results thus far show accuracy and resilience superior to that of rules and traditional ML-based incident identification both in terms of accuracy and adaptability.

In this blog, I turn my attention to another dimension — explainability. We must bring along with us humans, and give the professionals protecting us all a way to interpret the results of these deep learning models. Otherwise, our human defenders will not trust the insights of the models.

As one of our first advisors, Chris Bates — who helped build SentinellOne as CISO and chief trust officer — reminds us:

“A smart black box could be useful — but it risks becoming a curiosity.”

We won’t buttress our defenses’ foundations with only curiosity.

Explainability: by design

If you get the data model wrong — a rewrite is in your future.

Technical debt is inevitable, but the wrong data layer and data model will quickly bankrupt even the most overfunded start-up.

So before we built our LogLMs — and in so doing created a new vocabulary and approach to tokenization — we thought a lot about several key attributes including explainability.

Explainability is built into the foundations of our Tempo LogLM. Much like the construct of a sentence can be useful in certain LLMs, we use human interpretable sequences within our model. When our Tempo LogLM suggests that a particular set of events is worrisome, it gives you a UID that maps back to a conversation between entities in your environment — it shows which sentence seems to have a grammatical error and this conversation is saved by the model. This enables a user experience our early users enjoy. It fits very well into their existing SIEMs, and allows them to use those SIEMs to add a lot of relevant context, including external and internal threat intelligence.

You can see the value of this UID tying back to the underlying data on our free-to-try Snowflake Tempo NativeApp. You can see our partner and user exploring this capability in the following demo video:

https://medium.com/media/20e20a4796f38786882dbe4ff9a8253f/href

We also realized that deep learning could help us to solve the explainability challenges of deep learning. We decided to use deep learning to translate the insights of the model back into the language of the security operations center. So far we have done this translation in two ways:

• Entity resolution and grouping
• Mitre Att&ck mapping

I’ll leave the internals of entity resolution and grouping for a later date; we have an engineering-focused blog on the way and are hopeful that these blogs will help others consider building and adapting their own purpose-built models. The short summary is foundation models like our Tempo learn the meaning of the nouns within each sentence of communications they examine. Just as an LLM can distinguish between a Queen ruling a country vs. the most powerful piece in Chess, so too can our LogLMs learn which sort of mail server might be in a given sequence, and inform its expectations about the behavior of that mail server based on its experience with hundreds of thousands of mail servers. Concretely, we tag our sequences with the types of entities included, helping our end users to understand what they are looking at — is it email servers, or just a particular few email servers, for example that are behaving strangely.

Mitre Att&ck mapping:

Today we are announcing that our Tempo LogLM now maps concerning anomalies to the most likely Mitre Att&ck sequence.

Using only network logs, which themselves are of course metadata, the model can see whether a particular type of reconnaissance is occurring, or perhaps lateral movement, or even exfiltration. Starting today our Tempo NativeApp on Snowflake now adds the closest Mitre Att&ck or Att&cks to all stored sequences and the underlying embeddings, which are massively smaller than the underlying logs.

This allows the security operations teams to run workflows and investigations informed in part based on their understanding of Mitre Att&ck. Many organizations have prepared plans to respond to particular attack methods. They now can invoke these plans quickly once the alert is fired from Tempo to their SIEM, cutting minutes or hours off of their meantime to respond.

We are in the course of providing an additional free way to try out Tempo — focused Mitre Att&ck mapping — and we will shortly be open-sourcing the raw materials we used to add these capabilities. Please watch this space — stay tuned.

Conclusion:

The future is here now. The need to help the humans to keep up with the machines has already arrived.

In cybersecurity we need to get much more intelligent — immediately — since we know our attackers are too often winning and are increasingly using LLMs to do so. Sometimes it seems like the dystopian future of Leave the World Behind is unfolding on our front pages.

The collective wisdom embedded in Mitre Att&ck — the many thousands of hours of effort that went into collecting and designing this taxonomy — offers a way for us to use deep learning to explain the insights of deep learning-based LogLMs.

Try it out today. As always — you can find Tempo on the Snowflake NativeApp marketplace where we even make available an example data set for initial evaluation.

https://app.snowflake.com/marketplace/listing/GZTYZOYXHP3/deeptempo-cybersecurity-tempo

We hope you’ll see that collective defense via deep learning is useful today as a cost-effective way to provide more defense in depth, making better sense out of streams of logs than traditional rules-based indicators or brittle ML models allow.

Anomalies are not Enough was originally published in DeepTempo on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Anomalies are not Enough appeared first on Security Boulevard.

In today’s thoroughly digital world, technology decisions are business decisions, with cybersecurity standing out as a crucial area where this dynamic unfolds. It’s no longer just a box for IT

Read More

The post Why Every Enterprise Needs a Cybersecurity System of Record appeared first on Axio.

The post Why Every Enterprise Needs a Cybersecurity System of Record appeared first on Security Boulevard.

In a world in which cyberattacks have become both more frequent and costly, organizations are under growing pressure to manage digital threats more effectively. Cyber Risk Quantification (CRQ), a means

Read More

The post Why Traditional CRQ Falls Short — and How Modern Solutions Fill the Gaps appeared first on Axio.

The post Why Traditional CRQ Falls Short — and How Modern Solutions Fill the Gaps appeared first on Security Boulevard.

This week, AttackIQ acquired DeepSurface to broaden its vulnerability and attack path management capabilities to help enterprises identify and mitigate the most pressing vulnerabilities in their environments. The acquisition enables AttackIQ to add automated vulnerability prioritization within complex IT environments. Founded in 2017 and headquartered in Portland, Oregon, DeepSurface’s RiskAnalyzer platform contextualizes, using roughly 50..

The post AttackIQ Bolsters Cyber Defenses with DeepSurface’s Risk-Analysis Tech appeared first on Security Boulevard.

The latest wave of artificial intelligence (AI) improvements significantly improved the quality of models for image and text generation. Several companies, such as OpenAI (ChatGPT) and Claude provide services, often in the form of software as a service (SaaS) that make it easy for users to interact with these AI

The post How bots and fraudsters exploit free tiers in AI SaaS appeared first on Security Boulevard.

How to strengthen your executive protection program to address and mitigate the impacts of stalking aimed at executives A customer becomes obsessed with an executive due to their relatable social media presence and desperately wants their attention. An anonymous admirer sends love letters and gifts to the CEO. A former employee holds a grudge and…

The post When Stalking Looks Like Affection, Admiration, or Anger — The Challenge for EP Teams appeared first on Ontic.

The post When Stalking Looks Like Affection, Admiration, or Anger — The Challenge for EP Teams appeared first on Security Boulevard.

Authors/Presenters: Panel

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – D0N0H4RM Cyber STEM Storytime appeared first on Security Boulevard.

Explore the top 15 cloud compliance tools in 2025 that you can leverage to protect your organization and customer data.

The post Top 15 Cloud Compliance Tools in 2025 appeared first on Scytale.

The post Top 15 Cloud Compliance Tools in 2025 appeared first on Security Boulevard.

Austin, TX, USA, 4th February 2025, CyberNewsWire

The post SpyCloud Pioneers the Shift to Holistic Identity Threat Protection appeared first on Security Boulevard.

In an era marked by high-profile cyber breaches, ransomware attacks, and violence committed against high-profile enterprise employees, the imperative for focused cybersecurity training for executives has escalated dramatically.  For CISOs and enterprise cybersecurity specialists, crafting a tailored cybersecurity training program for your organization’s executives is not just a precaution—it is a strategic imperative. Here’s how […]

The post Cybersecurity Training for Executives: What Business Leaders Need to Know appeared first on BlackCloak | Protect Your Digital Life™.

The post Cybersecurity Training for Executives: What Business Leaders Need to Know appeared first on Security Boulevard.

Malicious employees and insider threats pose one of the biggest security risks to organizations, as these users have more access and permissions than cybercriminals attacking the organization externally. 

The post How to Root Out Malicious Employees appeared first on Security Boulevard.

Decentralized identity (DCI) is emerging as a solution to the significant challenges in verifying identities, managing credentials and ensuring data privacy.

The post Decentralized Identity: Revolutionizing Identity Verification in The Digital World appeared first on Security Boulevard.

What 2025 HIPAA Changes Mean to You
madhav
Tue, 02/04/2025 - 04:49

Thales comprehensive Data Security Platform helps you be compliant with 2025 HIPAA changes.

You are going about your normal day, following routine process at your healthcare organization, following the same business process you’ve followed for the last twelve years. You expect Personal Health Information (PHI) to be protected, thankfully due to HIPAA Compliance.

HIPAA forces organizations to build a security system for personal health information. You certainly wouldn't print your personal health information and pass it out to anyone. HIPAA ensures that businesses treat your personal health information with extra care, encrypting it, restricting who can access it, and ensuring systems that store it are secure and continuously tested. Every time you receive medical care, HIPAA is working behind the scenes to keep your PHI safe from cybercriminals.

According to the Thales Data Threat Report, Healthcare and Life Sciences Edition, in 2023, among healthcare and life sciences respondents, human error (76%) is the leading reported cause of cloud data breaches, well ahead of a lack of MFA, the second highest, at 11%. To compound issues, identity and encryption management complexity is a serious issue. 60% of healthcare respondents have five or more key management systems in use.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that created the national standards when it was first published to protect sensitive patient health information (PHI) from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.

Who does it apply to?

Covered Entities: All entities accessing protected personal health information (PHI), including health plans, health insurance organizations, hospitals, clinics, pharmacies, physicians, and dentists, among others.

Business Associates: Third-party service providers that create, receive, maintain, or transmit ePHI on behalf of covered entities. Examples include IT contractors or cloud storage vendors.

Key Dates

On December 27, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule to strengthen cybersecurity protections for electronic protected health information (ePHI), which is expected to go into effect on March 7, 2025 following a comment period. HIPAA is not a static regulation. Since its original publication, it has been periodically updated to remain relevant.

What Changed?

The changes are extensive. They focus on new written policies and procedures, technical safeguards, and updated business associate agreements, which are summarized below.

• Elimination of "Addressable" Standards: The distinction between "required" and "addressable" implementation specifications has been removed. This means that HIPAA-regulated entities are now required to comply with all security standards, with specific, limited exceptions.
• Strengthened Security Measures:
  • Mandatory Encryption: Encryption is now a mandatory requirement for all ePHI, both at rest and in transit, with limited exceptions.
  • Multi-factor Authentication: Clear definitions to enhance security when accessing sensitive systems.
  • Enhanced Risk Analysis: More stringent requirements for conducting and documenting risk analyses.
  • Vulnerability Scanning and Penetration Testing: Regular vulnerability scanning and penetration testing are now mandatory.
  • Improved Incident Response: Clearer guidelines and expectations for responding to security incidents.
  • Alignment with NIST Guidelines: Incorporates well recognized cybersecurity best practices.
  • Stronger Penalties: Increased consequences for negligence and repeated breaches.

Failure to be HIPAA Compliant

The penalties for non-compliance with HIPAA vary based on the perceived level of negligence and can range from $100 to $50,000 per individual violation, with a maximum penalty of $1.9 million per calendar year. Additionally, violations can also result in jail time of 1–10 years for the individuals responsible.

Thales Solution for HIPAA Compliance

No single tool enables organizations to be 100% compliant, but thankfully, Thales has comprehensive data security solutions that align to HIPAA requirements. Thales is driven by a vision to protect data and all paths to it, enabling you to become more compliant and more secure. Thales helps organizations address the requirements for safeguarding PHI necessary to comply with HIPAA by analyzing risk, reducing risk from third parties, access control and authentication, encrypting PHI at rest and in transit, protecting encryption keys, and de-identifying PHI in databases.

How Thales’s Helps with HIPAA Compliance

It's been one year since Thales and Imperva joined as two data security leaders. Although there is no silver bullet for improving your data security posture, Thales’s comprehensive data protection and monitoring strategy is now a clear solution to assist with HIPAA compliance. It offers remarkable encryption, multi-factor authentication, and cybersecurity solutions that enable healthcare organizations to find industry leading solutions for their data security, monitoring, and compliance needs.

With Thales’s solution depth, you can now be HIPAA compliant without investing in a confusing set of tools through multiple vendors. Thales’s Application Security, Data Security, and Identity and Access Management Solutions have the advanced security and compliance features that enable you to address new HIPAA requirements.

Summary

Thales is a major solution provider for organizations that want to achieve HIPAA compliance, remain HIPAA compliant, or adhere to new HIPAA requirements published in January 2025. HIPAA requirements are complex, and changed for the first time in 12-years, prompting organizations to look to Thales for application security, data security, and identity and access management solutions to help with HIPAA compliance.

Download our Thales Data Threat Report, Healthcare and Life Sciences Edition, to learn more about how data protection solutions and shorten your time to becoming HIPAA compliant.

Doug Bies | Product Marketing Manager
More About This Author > basic

The post What 2025 HIPAA Changes Mean to You appeared first on Security Boulevard.

A 22-year-old Canadian man is indicted by the U.S. DOJ for using borrowed cryptocurrency and exploiting vulnerabilities on the KyberSwap and Indexed Finance DeFi platforms to steal $65 million in digital assets in two schemes between 2021 and 2023.

The post Canadian Man Stole $65 Million in Crypto in Two Platform Hacks, DOJ Says appeared first on Security Boulevard.

Today, my Senator — Susan Collins — failed in her oath and duty to uphold the Constitution. She voted for the appointment of a traitor to head national intelligence, and is supporting someone for director of the Office of Management and Budget (OMB) who openly wants to dismantle the foundations of American government. She has […]

The post When Checks and Balances Fail: The State’s Role in Preserving Constitutional Order appeared first on rud.is.

The post When Checks and Balances Fail: The State’s Role in Preserving Constitutional Order appeared first on Security Boulevard.

Team Code reviews are essential to the development process. They ensure that the code meets the required standards before being merged into the main branch. Tools like SonarQube are key to making the reviews productive and valuable.

The post Enhancing Team Code Reviews with AI-Generated Code appeared first on Security Boulevard.

Orca Security has extended the reach of its agentless cloud native application protection platform (CNAPP) to include multiple options that eliminate the need to aggregate data in a software-as-service (SaaS) platform. Cybersecurity teams can now take advantage of a hybrid cloud computing through which metadata is processed using the Orca Security Cloud Platform as a..

The post Orca Security Adds Additional CNAPP Deployment Options appeared first on Security Boulevard.

Leverage Infrastructure as Code, APIs, and automations to natively remediate exposures at scale for AWS Azure and GCP, while maintaining business continuity.  TEL AVIV, Israel – February 4, 2025, Veriti, a leader in exposure management solutions, is proud to announce the launch of Veriti Cloud, an expansion of its Exposure Assessment and Remediation platform that […]

The post Veriti Expands Exposure Assessment Platform with Industry First Proactive Cloud Native Remediation Solution  appeared first on VERITI.

The post Veriti Expands Exposure Assessment Platform with Industry First Proactive Cloud Native Remediation Solution  appeared first on Security Boulevard.