One of the most dangerous security vectors facing enterprises is also one of the least understood. Research into Encrypted Traffic Threats shows that 41 per cent of businesses do not have a solid understanding of the existence and nature of encrypted traffic threats, and the harm that they can cause. However, gradually, encryption has become one of the most substantial vehicles for cyber threats organizations now have to deal with.

Encrypted traffic became a potential hazard precisely because so much data is now encrypted. In 2016 just over a half (53 per cent) of all web traffic was encrypted, but by 2019, that percentage had grown to a massive 87 per cent, opening an opportunity that is almost the size of the entire Internets data for hackers to slip malicious code into enterprise networks.

The risk that encrypted traffic threats pose is simple; they are hard to see. Cyber criminals find this pathway to be one of the most effective ways to bypass firewalls, intrusion prevention systems, unified threat management, secure web gateways, data loss prevention, anti-malware, and most other security solutions.One way to protect against this is to deploy decryption solutions, but even here there are some concerns, with 36 per cent of those surveyed citing a concern over data privacy, 29 per cent worried about decryption causing performance bottlenecks, and 18 per cent worried about having a lack of available skills to manage such a security solution.

Consequently, nearly one half (48 per cent) of organisations have yet to implement decryption solutions.

How to manage the threatThe best way to address these issues is to have an automated solution that can proactively monitor and analyse encrypted data.

When the Czech Republics National Cyber and Information Security Agency sought a more robust way to fortify the countrys selected government institutions against modern advanced threats, it turned to Flowmon and the Flowmon Anomaly Detection System for threat-hunting capability. The system uses 44 detection methods comprising 200+ algorithms to immediately spot and alert the IT teams of any anomalies that had been hidden in network traffic, encrypted or not.

This application of AI became a valuable source IT expertise that multiplied staff bandwidth to manage the solution and allowed for a full and complex monitoring of the entire networked environment. With Flowmon ADS in place, the institute has a comprehensive, yet noise-free overview of suspicious behaviours in the partner networks, flawless detection capability, and a platform for the validation of indicators of compromise.

Flowmons solution works at scale, too. GANT a pan-European data network for the research and education community is running one of the worlds largest data networks, and transfers over 1,000 terabytes of data per day over the GANT IP backbone. For something of that scale there is simply no way to manually monitor the entire network for aberrant data. With a redundant application of two Flowmon collectors deployed in parallel, GANT was able to have a pilot security solution to manage data flow of this scale live in just a few hours. With a few months of further testing, integration and algorithmic learning, the solution was then ready to protect GANTs entire network from encrypted data threats.

Why cross-team collaboration accelerates encrypted threat responseUncertainty and a lack of understanding is driving the hesitancy for enterprises to adopt encrypted traffic threat response solutions. Furthermore, for a response to this threat to be effective, it is critical that network operations and security operations (NetOps + SecOps = NetSecOps) work in collaboration, but according to the study, 40 per cent of enterprises do not currently have these teams working closely together.

By adopting tools that are built with the NetSecOps philosophy in mind in order to foster collaboration between the two teams, companies can greatly cut down on incident resolution time and save expenditure on tools with functional overlap.

In 2020, Kemp Technologies announced the acquisition of Flowmon. In doing so, the company has been able to bring together holistic solutions that allow partners to become a one-stop-shop for robust network security.

We are excited to extend the value offered to customers in the areas of infrastructure security, network observability and automated incident response by welcoming Flowmon to the Kemp family, Ray Downes, CEO of Kemp Technologies, said at the time. The expansion of Kemps portfolio to include Flowmons solutions will provide customers the ideal combination of network analysis, pre-emptive threat detection and workload delivery for optimal, uninterrupted user and application experience.Kemps two product families comprising the LoadMaster load balancer and the Flowmon NetSecOps suite allows companies to take full control of their digital environment, with load balancing, network performance monitoring, and response solutions. The solution is easy to deploy and configure and boasts data on the dashboard within 30 minutes. With government regulation and privacy concerns demanding that corporations show ever-greater responsibility around data and encryption, Flowmon and Kemp are proving to be an essential response in also protecting the network from cyber-crime.

For more information on of encrypted traffic threats, Kemp Technologies and Flowmon contact [emailprotected]

Kemp is currently offering Free Network Assessment. Go to Kemp.ax

Case Studies https://www.flowmon.com/en/our-customers

If you have an interesting article / experience / case study to share, please get in touch with us at [emailprotected]

The rest is here:
Encryption: Why security threats coast under the radar - Express Computer

IRVINE, Calif.--(BUSINESS WIRE)--XSOC CORP, a leading developer of extensible, secure, optimized cryptographic tools, platforms and protocols was named the winner of the Overall Encryption Solution of the Year award in the fifth annual CyberSecurity Breakthrough Awards program conducted by CyberSecurity Breakthrough. CyberSecurity Breakthrough is a leading independent market intelligence organization that recognizes the top companies, technologies and products in the global information security market.

XSOC Cryptosystem is a purpose-built, customizable, encryption engine designed to provide Quantum-Safe information security, using FIPS 140-2 validated functionality, for any data stored or any data sent, shared, transferred, migrated, or streamed regardless of size or format, and can be integrated into new or existing cybersecurity applications or workflows.

XSOC CORP provides cyber-resilient solutions that are designed to safeguard and preserve the confidentiality and integrity of information, critical software technologies and intellectual property at all data points of an infrastructure by preventing unauthorized access and use by person or devices.

We are honored and elated to be recognized by the Cybersecurity Breakthrough Awards, said Richard Blech, XSOC CORP Founder & CEO. This acknowledgement shows our users that our mechanism can and will be used across a wide spectrum to securely exchange and decrypt information. Achieving this level of acknowledgement within the first year of launch is a grand slam.

The mission of the CyberSecurity Breakthrough Awards is to honor excellence and recognize the innovation, hard work and success in a range of information security categories, including Cloud Security, Threat Detection, Risk Management, Fraud Prevention, Mobile Security, Email Security and many more. This years program attracted more than 4,000 nominations from over 20 different countries throughout the world.

Additional Resources

For more information on CyberSecurity Breakthrough: https://cybersecuritybreakthrough.com/

For more information on XSOC CORP: https://www.xsoccorp.com/

About CyberSecurity Breakthrough

Part of Tech Breakthrough, a leading market intelligence and recognition platform for global technology innovation and leadership, the CyberSecurity Breakthrough Awards program is devoted to honoring excellence in information security and cybersecurity technology companies, products and people. The CyberSecurity Breakthrough Awards provide a platform for public recognition around the achievements of breakthrough information security companies and products in categories including Cloud Security, Threat Detection, Risk Management, Fraud Prevention, Mobile Security, Web and Email Security, UTM, Firewall and more. For more information visit CyberSecurityBreakthrough.com.

About XSOC CORP

Founded in 2018, XSOC CORP is based in Irvine, CA, with a senior management and technology engineering team that has developed four ground-breaking products in the areas of advanced, optimizable, symmetric cryptosystem encryption, both local and global symmetric key exchange mechanisms, and an optimized, high-performance, secure transmission protocol.

These four products; XSOC, SOCKET, WAN-SOCKET, and EBP are ideal for OEMs, systems integrators, military/law enforcement/government markets, IoT, IIoT, ICS/ Critical infrastructure environments, or in any environment where the security, integrity or availability of data are critical. The company goes to market via OEM partnerships, ISVs, Systems Integrators, Cybersecurity Resellers, via modular license agreements.

To become a sales partner, email info@xsoccorp.com and use sales partner in the subject field.

For more information on XSOC CORP, email info@xsoccorp.com, on the web at https://www.xsoccorp.com or via Twitter @XSOC_CORP

See the original post:
XSOC CORP Recognized by CyberSecurity Breakthrough Awards Program for Overall Encryption Solution of the Year - Business Wire

Data Encryption Standard uses a single key for encrypting and decrypting a message. This means that the sender and receiver both must have the same key to access the message. At one point in time, DES was the go-to encryption technology. However, over a period, DES was overpowered by the more sophisticated AES (Advanced Encryption Standard).

Here are some of the important features that impact the working of the Data Encryption Standard.

Block cipher This means that the entire Data Encryption Standard is a cryptographic key, which is applied to a block of data and not on a single bit. For instance, to encrypt a plain text message, DES will put the message into blocks of 64 bits and then encrypt it.

Multiple rounds of encryption The DES methodology is a process of encryption that is done 16 times. This is done in four different modes, by encrypting blocks individually or creating a relationship of each cipher block with all previous blocks. Decryption is just the opposite of encryption, where you must follow the same steps but in reverse order.

64-bit Key DES actually uses a 64-bit key, however, eight of those bits are utilized for checks making the effective length to only 56 bits. The algorithm for encryption products 16 different subkeys of 48 bits each. Each of these subkeys is used for 16 encryption rounds.

Replacement & Permutation The algorithm also helps in defining the sequence of replacement and permutation that the cipher undergoes during the process of encryption.

Backward Compatibility DES also provides this compatibility in some cases.

The following diagram explains how encryption converts a plain text message into an encrypted message

Source: https://searchsecurity.techtarget.com/definition/Data-Encryption-Standard

The rest is here:
Data Encryption Standard (DES)? - All You Need to Know | Techfunnel - TechFunnel

Global Hardware Encryption Devices MarketReport 2021 2027 is a believable source for gaining the market research that will exponentially accelerate your business. SWOT and Porters five analysis are also effectively discussed to analyze informative data such as cost, prices, revenue, and end-users. The Report initially provides an overview of the industry that covers definition, applications and technology, post which the report explores into the international players in the market. The report profiles the key players in the industry, along with a detailed analysis of their individual positions against the global landscape. The report also entails the Covid-19 and post-Covid dynamics in the global Hardware Encryption Devices market.

In 2020, the global Hardware Encryption Devices market size was US$ 29870 million and it is expected to reach US$ 149750 million by the end of 2027, with a CAGR of 25.9% during 2021-2027.

The Top Major Competitive Players are :Western Digital Corp, Seagate Technology PLC, Samsung Electronics, Micron Technology Inc, Intel, Kingston Technology Corp, Toshiba, Gemalto (Thales), Certes Networks Inc., Kanguru Solutions,

Click the link to Get a Free Sample Copy of the Report:

https://www.marketinsightsreports.com/reports/08123167800/global-hardware-encryption-devices-market-size-manufacturers-supply-chain-sales-channel-and-clients-2021-2027/inquiry?mode=69

Market Overview:

Hardware-based encryption devices offer the security of strong encryption with the ease of minimal configuration and platform interoperability. Hardware encryption can offer several benefits beyond those provided by software encryption. These include faster algorithm processing, tamper-proof or tamper-resistant key storage, and protection against unauthorized code.United States Hardware Encryption Devices key players include Western Digital Corp, Seagate Technology PLC, Samsung Electronics, Thales, etc. Top four companies hold a share over 50%. In terms of product, Encrypted Hard Disk Drives is the largest segment, with a share over 55%. And in terms of application, the largest channel is IT & Telecom.

Market Segmentation:

Segmentation By Type:

Encrypted Hard Disk Drives

Encrypted Solid-State Drives

Hardware Security Module

Others

Segmentation By Application:

IT & Telecom

BFSI

Government & Public Utilities

Manufacturing Enterprise

Others

Regional Analysis:

The regional analysis segment covers all the regions in the world contributing towards the growth of the global Hardware Encryption Devices market. The section offers insights on the market size, volume, and value of each region for the forecasted period to help our clients find a better position in the global market. The competitive landscape section includes strategies followed by leading market players along with the in-depth case studies on how to overcome the challenges in the Hardware Encryption Devices market.

North America (United States, Canada and Mexico)Europe (Germany, France, UK, Russia and Italy)Asia-Pacific (China, Japan, Korea, India, Southeast Asia and Australia)South America (Brazil, Argentina, Colombia)Middle East and Africa (Saudi Arabia, UAE, Egypt, Nigeria and South Africa)

The study objectives of this report are:

-To study and analyze the global Hardware Encryption Devices Market size (value and volume) by the company, key regions/countries, products and application, history data from 2020to 2026, and forecast to 2026.

-To understand the structure of Hardware Encryption Devices by identifying its various sub-segments.

-To share detailed information about the key factors influencing the growth of the market (growth potential, opportunities, drivers, industry-specific challenges and risks).

-Focuses on the key global Hardware Encryption Devices manufacturers, to define, describe and analyze the sales volume, value, market share, market competition landscape, SWOT analysis, and development plans in the next few years.

-To analyze the Hardware Encryption Devices with respect to individual growth trends, future prospects, and their contribution to the total market.

-To project the value and volume of Hardware Encryption Devices submarkets, with respect to key regions (along with their respective key countries).

-To analyze competitive developments such as expansions, agreements, new product launches, and acquisitions in the market.

-To strategically profile the key players and comprehensively analyze their growth strategies

Browse Complete Report details with Table of Content:

https://www.marketinsightsreports.com/reports/08123167800/global-hardware-encryption-devices-market-size-manufacturers-supply-chain-sales-channel-and-clients-2021-2027?mode=69

Reasons to buy this Report:

-We share detailed and exact information about the market forecast.

-Our reports have been examined by professional experts of the industry, which makes them beneficial for the company to maximize their return on investment.

-The analysis acknowledges that the sector players & key drivers of both conflicts and growth assess the impact of limitations as well as the opportunities on the sector.

-Data regarding the industry share by every item fragment, alongside their reasonable worth, have been served in the report.

-We provide statistic information, strategic and analysis tool results to provide a sophisticated landscape and target key market players. This will help the company to increase its efficiency.

-Our report helps readers decipher the current and future constraints of the market and optimal business strategies to enhance market development.

Customization of this Report:This report can be customized as per your needs for additional data up to 5 companies or countries or 40 analyst hours.

Contact Us:

Irfan Tamboli (Head of Sales) Market Insights Reports

Phone: + 1704 266 3234 | +91-750-707-8687

Email:[emailprotected] |[emailprotected]

This Press Release has been written with the intention of providing accurate market information which will enable our readers to make informed strategic investment decisions. If you notice any problem with this content, please feel free to reach us on [emailprotected]

Excerpt from:
Hardware Encryption Devices Market 2021 Technology Development, Key Manufacturers, Forecast Based on Major Drivers and Trends Up to 2027 - Digital...

U.S. Border Patrol agents, part of Customs and Border Protection, as they detain Central American asylum seekers near McAllen, Texas in June 2018.Photo: John Moore (Getty Images)

U.S. Customs and Border Protection (CBP) is deploying the Amazon-owned encrypted chat app Wickr across all components of its operations, Motherboard reported on Tuesday, citing procurement documents from the agency.

Whereas previously CBP had signed a contract worth $700,000 with Wickr, the new agreement is valued at around $900,000. According to Motherboard, the documents on the contract date to Sept. 18 and state its purpose as to renew and procure additional Wickr software licenses and professional support to deploy a secure instant messaging platform for multi-purpose applications across all CBP components. While Wickr offers a free version of its app, it also offers various paid services to the private sector and the government, including Wickr Pro, Wickr Enterprise, and Wickr RAM, the last of which is designed for use by the military.

Wickr uses end-to-end encryption, meaning messages and calls sent via the app are fully encrypted in transit and can only be decoded by the devices involved in a conversation. Short of the discovery of a flaw in the encryption protocol, this effectively makes them impossible for a third party to intercept and view. Motherboard noted that Wickr RAM, which the company advertises as providing complete security from both foreign and domestic cyber threats, claims to be accredited by the Department of Defense. Wickr also says that RAM is the only collaboration service with full functionality to meet all security criteria outlined by the National Security Agency. Wickr also touts a feature allowing all messages sent via the app to be automatically destroyed after a set period of time, after which they can supposedly never be recovered by any method.

CBP previously declined to identify to Motherboard which product was involved in the $700,000 contract.

Amazon Web Services (AWS) announced the acquisition of Wickr in June. Previously, its only real entry in the messaging space was Chime, a videoconferencing software that doesnt have end-to-end encryption.

G/O Media may get a commission

However, AWS has moved aggressively into contracting for federal police and intelligence agencies, as well as the military. Its no stranger to doing business with CBP or its sister agency Immigration and Customs Enforcement despite the protestations of immigration rights activists, as well as its own employees, many of whom demanded AWS stop doing business with Peter Thiel-owned ICE contractor Palantir in 2019. Many Amazon workers and some shareholders have also protested the companys sale of its face recognition software, Rekognition, to police.

Current face recognition technology is inherently riddled with racial and other biases. In response to widespread, nationwide protests against police brutality and racism in 2020, Amazon conceded and imposed a moratorium on police sales of face recognition tech to cops, which it recently extended until further notice.

Amazon also operates what has been described as the U.S.s largest civilian surveillance network via its Ring smart doorbell cams, which police and fire departments in at least 48 states have taken advantage of by joining an Amazon program to share recordings with government officials. AWS tried to win a massive cloud computing contract for the military named JEDI, but the program was scuttled in July 2021 amid a long-running fight with fellow bidder Microsoft that had dragged on so long the Defense Department declared the plan obsolete. Instead, the military is soliciting bids from both companies for another cloud computing initiative, the Joint Warfighter Cloud Capability.

While CBP sees the need for technology like Wickr, federal agencies like the FBI have attacked end-to-end encryption for years, claiming it enables criminals to hide their activity from the cops. On numerous occasions, the feds have tried to force companies to build surveillance backdoors into their products to enable wiretapping, a practice that security experts are virtually unanimous would create major security vulnerabilities.

More recently, federal authorities have aimed to simply undermine confidence in encrypted communications with operations designed to send the message no platform is trustworthy. In June, the Department of Justice announced a massive bust of drug traffickers and money launderers it had tricked under a program called Trojan Shield, in which it used an informant to create a honeypot app (ANOM) posing as an encrypted messaging platform. Acting U.S. Attorney Randy Grossman said during a press conference that authorities had aimed to shatter any confidence in the hardened encrypted device industry with our indictment and announcement that this platform was run by the FBI, adding to anyone who believes they are operating under an encrypted cloak of secrecy, your communications are not secure.

Today, public sector customers use Wickr for a diverse range of missions, from securely communicating with office-based employees to providing service members at the tactical edge with encrypted communications, Stephen Schmidt, AWS vice president and chief information security officer, wrote in a statement after Amazons acquisition of Wickr. Enterprise customers use Wickr to keep communications between employees and business partners private, while remaining compliant with regulatory requirements.

More:
Customs and Border Protection Signs Major Contract With Amazon-Owned Encrypted Chat App Wickr - Gizmodo

Encryption cannot be an excuse for not sharing details in such cases.

The government on Tuesday reiterated its position that while it respects the right to privacy, in certain cases law enforcement agencies need assistance and in such instances, technology companies need to share information. Encryption cannot be an excuse for not sharing details in such cases.

Ministry of electronics and IT (Meity) secretary Ajay Prakash Sawhney said, While encryption is a welcome thing 99.99% of the time, 0.01% of the time when it is necessary to come to the assistance of law enforcement agencies to bring perpetrators of wrongdoing to justice, then we expect that encryption will not be held up as an excuse or as a sort of a silly excuse to deny that.

The secretary, who was speaking during the Global FinTech Fest 2021, hosted by the Internet and Mobile Association of India (IAMAI), said that in a civilised society, law enforcement is a function that is entrusted by the society to a few people, to act on their behalf, to make sure that lawbreakers dont get away with. He added that breaking down of safe encryption comes in as an excuse and it is being used to mystify digital technologies.

Sawhney said encryption is wonderful when people chat on a day-to-day basis, but asked what if something seriously wrong, or a crime, occurs, like terrorists talking to each other, and that communication resulting in something untoward happening in the middle of a city. Then someone says no, no, no, that is encryption, you know its so sacrosanct. It is such a sacrosanct thing that it doesnt matter what happens, that encryption is more important than law enforcement itself, I think I have a quarrel with that, the secretary said.

The government has already notified new intermediary guidelines that make it mandatory for firms like WhatsApp to provide the first originator of what is deemed as mischievous messages. This issue of traceability has been a bone of contention between WhatsApp and the government. WhatsApp has even challenged the new guidelines in the Delhi High Court, particularly the clause which requires it to provide the first originator of what is deemed as mischievous messages by the government.

The new intermediary rules, which were notified on February 25, are aimed at regulating all social media intermediaries like Twitter, Facebook, Instagram, Google, YouTube, etc, as as well as over-the-top platforms like Netflix, Amazon Prime Video and stand-alone digital media outlets. While the guidelines relating to intermediaries were already in force from earlier, through the addendum, the government has tightened some clauses such as reducing the time provided to some platforms to remove what is deemed by it as unlawful content, under Section 69A of the IT Act.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know markets Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

See original here:
Encryption cant be used as excuse to deny sharing details to law enforcement: Govt - The Financial Express

Whatsapp is going to bring an end to end encryption for the cloud backup, as revealed by Mark Zuckerberg in his recent post on Facebook. The feature will be offering both the security and privacy in the cloud backup.

Whatsapp is now going to bring End to end encryption cloud backup very soon in the market. End to end encryption cloud backup will be going to be released as an optional feature. It is a new feature that is going to protect the chat backup of users and give them strong security as well as privacy from any third party attacks.

As WhatsApp has been offering end-to-end encryption (E2EE) in messages since 2016, this new latest recent update is much-needed growth for the company. It will bring much-needed security features for the users in backing up their private chat and data via an end to end encrypted backup to the cloud-like Google Drive. The feature is password protected as well. With the help of an end to end encryption, no third parties can look into the users private Whatsapp data backup even if the backup is created or stored in Google Drive or iCloud.

The CEO of Facebook, Mark Zuckerberg, has informed in his recent Facebook post. He shared

Were adding another layer of privacy and security to WhatsApp: an end-to-end encryption option for the backups people choose to store in Google Drive or iCloud. WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.

WhatsApp global chief executive officer, Will Cathcart took to Twitter to say, This has been years in the making. Were taking advantage of development in hardware storage to safely store your backup encryption key in a vault no one else can access. Were providing options to remember a 64-bit key or choose a password we do not know and cannot access. Neither can Apple or Google.

This new backup encryption brings on a brand new coating of security, protection and privacy for Whatsapp users. This coating will soon be in working and will be adding more thickness to the security and privacy of users.

This new feature is an optional feature. It will be offered as an option to which users will going to have permit manually on the chat messaging application, Whatsapp. It is going to be available for both iOS and Android users in the upcoming weeks, as Facebook CEO Mark Zuckerberg revealed in a blog post.

This secured coating of privacy is to be permitted via password by the users on Whatsapp. The users have to create a password while enabling end to end encryption cloud backup. The password needs to be highly remembered by the users; it will be unknown to Whatsapp. Both users would be able to recover the data in case the device is either lost or stolen; there is an option for recovering through the hardware security module (HSM) backup key vault. HSM carries out several encrypted password verification attempts and making it persistently inaccessible on the multiple unsuccessful attempts to access it.

This security measures provide protection against brute force attempts to retrieve the key, says Mark Zuckerberg. If the user uses a 64-bit encryption key, they have to remember it correctly; this key is not sent to the HSM backup vault key.

End-to-End Encryption Backup Alike Messages

This end to end encryption backup will be going to be working a like end to end encrypted messages security. This end to end encryption will be protecting chat messages as well as videos and photos.

Furthermore, Whatsapp will also going to duplicate your key five times, storing each and every copy in five different data centres across the several geographies, effectively ensuring that if one data centre suffers an outage, you can still access your chat history.

Although Whatsapp latest privacy and security measure is welcome, concerns still swirl over the kind of information it shares with Facebook and Facebooks third-party companies specifically relating to the metadata it collects.

Some other messaging applications like Signal, for instance, have entirely circumvented the issue of users chats becoming compromised by not storing any of them on cloud backups at all. Moreover, for those insistent on having a secure and safe backup of their chats, Whatsapp represents the best option.

The rest is here:
Facebook announces WhatsApp end-to-end encrypted (E2EE) backups - Techiexpert.com - TechiExpert.com