Security Roundup: World Password Day, Qualys, Infosec, Innovation via Aquisition

… home router or a system that manages smart light bulbs if the vendors that make those products do not provide that feature themselves. It’s an unfortunate catch-22 that the devices which could stand to benefit the most from MFA are also the ones which are least likely to allow users to set that up.”

Sophos’ Andrew Brandt

In studying the passwords most often used by criminals, Brandt said what struck him was that even complex-looking passwords that floated to the top of the list appeared to be default passwords assigned to large ranges of devices from particular vendors.

“I think it’s safe to say that even if the factory-installed password is long and complex looking, if each device does not have a unique password, then even those long, complex passwords will eventually make it into the lists of criminals who throw everything at the wall just to see what sticks,” he said.

Gavin Millard, Tenable‘s vice president of intelligence, said World Password Day originally was introduced to raise awareness of the importance of creating strong passwords, and “that worked!”

Tenable’s Gavin Millard

“However, with the sheer volume of data breaches where users’ passwords are stolen and sold on the dark web, the issue is less about creating strong passwords or phrases and more about educating people of the need for a unique code for each online account,” he said. “Considering millions are still using 123456 as a password, the chances of changing password behavior is nothing short of a miracle. Instead, I advocate the use of password managers that create and store complex passwords, with some capable of alerting users when compromised passwords are found in data breaches. So on World Password Day, instead of improving your complex recipes for password success, do yourself a favor and automate.”

Qualys Strengthens Cloud Agent Platform

Qualys has unveiled its new Cloud Agent Gateway (CAG), a major extension of its Cloud Agent Platform aimed at simplifying large-scale deployments across on-premises and hybrid cloud environments.

The release of CAG enables customers to: secure connectivity of cloud agents on assets in restricted networks to the Qualys platform without need to open access for each asset to the platform; eliminate the deployment, management and maintenance of third-party proxies or secure web gateways for cloud agent installations at scale; and optimize the bandwidth utilized by large cloud agent deployments.

Karun Malik, Qualys‘s vice president of strategic alliances and channel development, tells us the platform will get MSSPs to scale their security services to large-scale cloud agent deployments, and extend their monitoring services into security enforcement with Qualys patch management.

Qualys’ Karun Malik

“MSSP’s have large scale multitenant deployments across global customers, and our gateway architecture fundamentally addresses bandwidth optimization across such large complex deployments,” he said.

The recently introduced Qualys PM Cloud App uses cloud agents to deliver operating system and more than 300 third-party application patches on IT assets across on-premises, cloud and endpoint infrastructure. CAG allows fast delivery of these patches to these assets in their environment by caching the downloaded patches and locally delivering them to the assets in the local network, according to the company.

Acquiring vs. Developing Innovation

A new hypothesis by Strategic Cyber Ventures (SCV), a cybersecurity venture capital firm, shows an increasing amount of …