Cyber Security Weekly Podcast

  In this episode Morry Morgan visited the ‘Security Exhibition & Conference’ in Melbourne #Security2018 and met a number of Exhibitors providing facial recognition solutions. Canadian company, Senstar (https://senstar.com/products/face-recognition/), highlights white and black lists, as well as the use of facial recognition for both security and retail sales. Imagus (http://www.imagus.com.au/)talks about identifying ‘known associates’ and ‘persons of interest’ in solving crimes, as well as accuracy of recognition, and the use of facial recognition to provide better service to VIPs in hotels and casinos. Morry talks to the Sydney start-up, Image Intelligence (https://imageintelligence.com/), and discusses deep learning and speed of recognition, and with Cognitec (http://www.cognitec.com/), a spinoff from Siemens, we discuss crime prevention and crowd control in airports and stadiums, as well as collection of anonymous marketing demographics. If you have an interest in facial recognition, then you’ll enjoy this interview from the Security Exhibition & Conference 2018 in Melbourne. Recorded 26 July, 2018. #Security2018  

In this interview, we discuss how Data Mining techniques and machine learning algorithms can be extremely useful when applied in covert channel detection and Domain Generation Algorithms (DGA) detection. In the last few years, passive analysis of network traffic has become a challenging task due to the high variability of organisations’ IT networks. This often makes classical signature or even statistical detection approaches not sufficiently accurate in detecting potentially anomalous or malicious traffic, due to the lack of focus on network users’ behavioral analysis. Machine Learning can be considered a powerful tool to extract meaningful information and build models of users’ behaviour but it does have some drawbacks. Data might in fact be corrupted or noisy and models’ creation may bring a high false positive rate. This limitation can be mitigated first by choosing descriptive features to be given to the algorithm, and second by integrating the contribution of different algorithms in order to make the structure more robust. Another possible solution is to create models not only of single network users but also of groups of users sharing some common behavioural characteristics. Daniella is cyber track leader for the Spark Festival (a NSW festival celebrating entrepreneurs and entrepreneurship), a non-executive director and strategic advisor to IoTSec Australia (a not-for-profit organisation influencing IoT cyber security innovation) and a member of the Research Advisory Committee for the Internet Commerce Security Laboratory (ICSL) – a cyber security research unit of Federation University Australia. At aizoOn Australia, Daniella is responsible for setting the strategy and leading the cyber security division across three areas of capability - product development, consulting and R&D for the Asia Pacific region. Federica Bisio is a senior Data Scientist in aizoOn’s Cyber Security Division. Federica’s expertise includes developing data-driven algorithms for anomaly and abnormal behaviour detection, which become codified in aizoOn’s threat detection platform. Federica obtained a PhD in Electronic Engineering, Information Technology, Robotics and Telecommunications at the University of Genoa (Italy), with an exchange program with the Nanyang Technological University of Singapore, and her thesis involved Machine Learning applications in Network Security.

This interview with DAVCOR Group Managing Director Marc Cohen discusses the business decision process around the introduction of the AutoStore Robot warehouse, which resulted in impacts on business efficiencies, cost savings in warehouse space and inspired the use of robotics in other aspects of the business, including the use of two Universal Robot arms for cycle testing on locking mechanisms. Payback on the AutoStore system is less than two years on rental space alone, including 75% reduction in power usage. This interview presents as a very interesting business efficiency and robotics discussion, which will have a broad scope of interest across industry verticals. Recorded courtesy of DAVCOR Group, Minchinbury, NSW, 27 June 2018 Checkout the pictures and video on our Facebook pages: https://www.facebook.com/apsmagazine/ AutoStore in action at  https://www.facebook.com/drasticnews/ (https://www.facebook.com/drasticnews/) Further Reading: Sydney Icon Secured: https://goo.gl/f6qpZV (https://goo.gl/f6qpZV) To find out more and get the EKA CyberLock https://www.linkedin.com/showcase/eka-cyberlock/ (https://www.linkedin.com/showcase/eka-cyberlock/) https://www.facebook.com/ElectronicKeyingAustralia/  

In this interview we speak to Fergus Hanson, co-author with Tom Uren of the Australian Strategic Policy Institute’s (ASPI) Policy Brief #3: Australia’s Offensive Cyber Capability and we discuss the launch and implications of Policy Brief #4 Deterrence In Cyberspace – Spare the costs, spoil the bad state actor by Chris Painter. Recorded at the Australian Computer Society, Sydney, Friday 1 June 2018. Researchers have identified more than 100 states with military and intelligence cyber units, ranging considerably in capability and compliance with international law. The US Cyber Command’s action arm, the Cyber Mission Force, is building to 6,200 military and civilian personnel, or about 10% of the ADF, and for the 2018 financial year requested a US$647 million budget allocation. China has been accused of stealing enormous quantities of intellectual property, North Korea has used cyber tools to steal money, and Russia is accused of using a range of online methods to influence the 2016 US presidential election. This policy brief seeks to further clarify the nature of Australia’s offensive cyber capability. It recommends improving communications, using innovative staff recruitment and retention options, deepening industry engagement and reviewing classification levels in some areas. The report is structured to the following parts: 1. What’s an offensive cyber operation? 2. Organisation, command and approvals 3. Operations against declared targets 4. Risks 5. Checks, balances and compliance with international law 6. Strengths and weaknesses 7. Future challenges and recommendations. Australia’s Capability On 30 June 2017 Australia became the first country to openly admit that its cyber offensive capabilities would be directed at ‘organised offshore cyber criminals’ and the then Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, announced the formation of an Information Warfare Division within the ADF. Australia has declared that it will use its offensive cyber capabilities to deter and respond to serious cyber incidents against Australian networks; to support military operations, including coalition operations against Daesh in Iraq and Syria; and to counter offshore cybercriminals.

This podcast interview with Deepak Nanda, President of the LA Venture Fund, not just delves into venture capital criteria for investing in cutting edge technology, but also the competitive divide between Californian cities of Los Angeles and San Francisco’s reach to Silicon Valley. LA’s version is Silicon Beach, just 20 minutes out of LA, at Marina Del Ray and Playa Vista, with millions of dollars pouring in to create a technology and innovation hub.  We also discuss other American cities re-creating themselves, like Detroit and Atlanta, and the opportunities being created in education, manufacturing and how technology may not be a threat to jobs but a saviour to jobs and creating new industries. What are VC’s looking for? Brain computer interface and augmented reality is only just beginning, where the Internet of Things is a whole new ball game. Cyber security is seeing security protocols being introduced into the market and VCs have the expectation that cryptography and cyber security is embedded into new technology and advancements. This conversation covers unlocking the entrepreneurial passion, acting fast and if you’re a start-up with a strong business model and ready to scale – you will enjoy this interview.  Recorded in Los Angeles, 26 May, 2018. Special thanks to Deepak for making himself available on a Saturday afternoon and his LA hospitality.

  Russ Currie, Vice President Enterprise Strategy and Arabella Hallawell, Senior Director for Strategy discuss their roles in guiding service delivery and instrumentation development for Netscout Systems. The discussion moves into the key tech industry trends of NFV/SDN, IoT and 5G and the critical importance of network visibility and cybersecurity. Netscout assures digital business services against disruptions in availability, performance, and security by providing real-time, pervasive visibility, and insights to customers seeking to accelerate and secure their digital transformation. The Netscout nGenius service assurance solutions provide real-time, contextual analysis of service, network, and application performance. Arbor security solutions protect against DDoS attacks that threaten availability and advanced threats that infiltrate networks to steal critical business assets. Digital transformation makes IT a fundamental line of business, says Arabella Hallawell and creating an agile environment when the DevOps are approaching closer to the operational functions will find better customer satisfaction. Adaptive service intelligence provides the necessary insight into what is happening across the organisation. Recorded at the NetEvents Global Press & Analyst Summit – Innovators in Cloud, IoT AI & Security, Dolce Hayes Mansion, San Jose, California, USA, 26 May 2018. #NetEvents18 Visit www.netscout.com (http://www.netscout.com/) NetEvents Blog: http://www.netevents.org/news/blog (http://www.netevents.org/news/blog)  

In this episode we dive into Intent Based Networking with Mansour Karam, CEO and founder of Apstra, Inc., based in Menlo Park, California. Apstra has pioneered Intent-Based Networking and Intent-Based Analytics to simplify how data centre networks are built and operated. The privately funded company has recently announced a deployment by Awnix, a provider of cloud services and products, for the first AOS supported deployment of OpenSwitch (OPX) on Dell Z9100-ON switches in a Tier 1 service provider production network. AOS is a hardware-inclusive, closed-loop intent-based distributed operating system that automates the full lifecycle of network operations and enables the network to configure itself, fix itself and defend itself. The telecom service provider deployment includes a combined solution as part of a hybrid cloud for OpenStack Deployments and is part of an open IaaS network infrastructure offering. The Awnix, Dell EMC, Apstra solution provides a cloud platform that increases business agility through an autonomous or Self-Operating Network™ that delivers log-scale improvements in CapEx, OpEx and capacity.  Recorded at the NetEvents Global Press & Analyst Summit – Innovators in Cloud, IoT AI & Security, Dolce Hayes Mansion, San Jose, California, USA, 26 May 2018. #NetEvents18 For more information visit www.apstra.com or the Apstra Blog  

In this episode we are joined in Singapore by Ian Yip, APAC CTO at McAfee (https://www.mcafee.com/) and discuss the impact of Singapore’s Cyber Security Act and the key regional trends being observed. We also discuss the business structure and scale of McAfee and dive into McAfee’s latest Threat Report, June 2018 (https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-jun-2018.pdf) with highlights around the latest cyber campaigns - Gold Dragon Expands the Reach of Olympics Attacks: Lazarus Rises Again, Targeting Cryptocurrency Users; and Advanced Data-Stealing Implants GhostSecret and Bankshot Have Global Reach and Implications. Ian also provides valuable advice as to the vulnerabilities of blockchain technology and concludes with insight into communicating to the Enterprise C-Suite and an upcoming McAfee whitepaper. Also in recent news, McAfee’s Advanced Threat Research team (http://www.mcafee.com/) have revealed in an investigation into underground hacker marketplaces, a major international airport’s security system (including building security automation) for sale on the dark web via a Russian ‘RDP shop’. The asking price: just $10. Remote Desktop Protocol (RDP) is a proprietary Microsoft protocol that enables remote administrator access to a PC, something great for solving IT challenges, but potentially devastating if in the wrong hands. In this instance, any hacker wanting to gain control of the airport’s system only needed a few dollars to access to a compromised machine and potentially carry out a myriad of large-scale attacks that could have severe consequences for the airport and its customers. For example, RDP can be used as an entry point to send spam, create false security alerts, steal data, credentials and even mine cryptocurrency. As we saw with the recent SamSam ransomware campaign against several US institutions, RDP was used to enact the attack and claim ransoms as high as $40k. Recent trends in dark web marketplaces are also outlined in the research. One key finding is that RDP shops are growing in their size and abundance on the dark web - ranging from 15 to more than 40,000 RDP connections for sale at Ultimate Anonymity Service (UAS), a Russian business and the largest active shop they researched. You can find further details of the attack in McAfee’s latest blog post (https://securingtomorrow.mcafee.com/mcafee-labs/organizations-leave-backdoors-open-to-cheap-remote-desktop-protocol-attacks/). Recorded in Singapore, July 4, 2018. Special thanks to McAfee for sponsoring the inaugural Cyber Risk Meetup (https://www.cyberriskmeetup.com/) in Singapore on July 3.

In this episode Chris Cubbage speaks with the Hon Christian Porter MP, Australia’s Federal Attorney-General, at the opening of Australia’s fourth Joint Cyber Security Centre (JCSC) in Perth.  The new Perth centre, part of the Turnbull Government’s $47 million JCSC program is the first of its kind in the west. It offers critical support to Australia’s business community, particularly the west’s vast energy and resource sector. We discuss the federal government’s approach to cyber security, both in the protection of government owned and industry infrastructure. Christian Porter highlights the goal of the Perth JCSC, one of four operating in Australian capital cities, as being cooperative arrangement of government, led by the Australian Signals Directorate, or ASD, and a range of trade, commerce and enterprise. Chris Cubbage also questions Christian Porter on regulatory approaches and the importance of balancing the legislation and cooperative approaches. Related reading: Perth Joint Cyber Security Centre protecting West Australians https://australiancybersecuritymagazine.com.au/perth-joint-cyber-security-centre-protecting-west-australians/ (https://australiancybersecuritymagazine.com.au/perth-joint-cyber-security-centre-protecting-west-australians/)

In this episode we speak with Geoff Plummer, Davcor Group’s Business Manager Technical Products and dive deep into Davcor’s twenty year journey from physical keys to cyber locking systems, in particular the CyberLock. CyberLock is an electro-mechanical master key system, effectively combining software, electronic keys, electronic cylinders and communicators. The software can be run locally or in the cloud and just as importantly, the power for the whole system is a battery in the Bluetooth enabled key. As a consequence the system is secure and flexible. If your security needs involve securing areas that are difficult, expensive or impossible to cable due to being in a difficult location or situated across a large geographical area, then you’ll enjoy this interview. PLUS for a chance to win conference tickets and travel expenses to the ASIS International NSW Chapter National Security Conference (http://www.asisaustralia.org.au/nsw-events/asis-australia-2018-conference) visit Davcor Group at Stand E8 at the ASIAL Security Expo, Melbourne Convention Centre (www.securityexpo.com.au), 25  27 July 2018. Further Reading: Sydney Icon Secured: https://goo.gl/f6qpZV (https://goo.gl/f6qpZV) (https://goo.gl/f6qpZV)To find out more and get the EKA CyberLock https://www.linkedin.com/showcase/eka-cyberlock/ (https://www.linkedin.com/showcase/eka-cyberlock/) https://www.facebook.com/ElectronicKeyingAustralia/ (https://www.facebook.com/ElectronicKeyingAustralia/) Recorded courtesy of DAVCOR Group, Minchinbury, NSW, 27 June 2018 Stay tuned for an upcoming Podcast with DAVCOR Group Managing Director Marc Cohen and the AutoStore Robot warehouse installation. Checkuut the pictures and video on our Facebook pages: https://www.facebook.com/apsmagazine/ (https://www.facebook.com/apsmagazine/) https://www.facebook.com/drasticnews/ (https://www.facebook.com/drasticnews/) FULL STORY AVAILABLE AT https://australiansecuritymagazine.com.au/episode-81-deep-dive-into-the-cyberlock-electro-mechanical-master-key-system-courtesy-of-davcor-group/ (https://australiansecuritymagazine.com.au/episode-81-deep-dive-into-the-cyberlock-electro-mechanical-master-key-system-courtesy-of-davcor-group/)    

In this episode Chris Cubbage interviews Dan Pitt, Senior Vice President of MEF, formerly the Metro Ethernet Forum, an industry association of 200 plus member companies. MEF has recently introduced the MEF 3.0 transformational global services framew...

In this episode Chris Cubbage interviews Greg Fitzgerald, Chief Marketing Officer of JASK. Chris and Greg talk artificial intelligence, cloud, and big data in the company of planes, trains, and cutlery. It’s a great interview, and being in California, has some Hollywood-esque special effects. JASK (https://jask.ai/) is the provider of the industry’s first Autonomous Security Operations Centre (ASOC) platform, designed to capture enterprise-wide alert linkages and create analyst workflow efficiency. The JASK Navigator, a visually-driven, contextually-rich investigation console provides SOC analysts a one-click path to situational attack awareness, multi-asset data ingestion; query flexibility and analyst team workflow support. JASK takes in data from any monitoring security tool to help analysts understand if there’s a compromise within their organisation. Using artificial intelligence and machine learning to prioritise the massive amounts of data, JASK reduces the volume, but not the importance, to improve efficiency and effectiveness of cyber security by making it all manageable for the human analyst. Enhancement to the platform allows two major elements, a one click discovery of a compromise, where a signal can be an alert or a combination of an alerts. Once the severity or ranking is done, JASK will create an ‘Insight’ for the SOC Analyst to review. Applications can provide up to 40 per cent improvement in the reduction of alerts and as the machine learns, JASK anticipates to get to 60 – 70 per cent. JASK Navigator Console and Enhanced Team Workflow JASK Navigator is an investigation console that equips analysts with an actionable view of JASK Insights. Investigations are streamlined and logical, offering SOC teams one-click access to better prioritised insights and faster paths to resolution. To further support enterprise analyst workflows, JASK is also developing team support via customisable workflow queues within the ASOC platform. This allows the creation of user groups or teams in order to assign the triage of JASK Insights. The enhanced workflows allow teams to adjust the Insights stage, providing visibility into the overall status of all assigned tasks. JASK also allows analysts to assign and visualise alerts from existing security solutions by user, team and status. Since launching the platform in July 2017, JASK’s vision remains on delivering an asset-independent, open platform that enables an autonomous workflow of what, where, why and how analysts should take action. With its latest enhancements, the JASK ASOC platform improves visibility through unique mapping of data to records linked across devices, users, networks, applications and almost any third-party data source. Off to a strong start in 2018, JASK doubled its customer base in the first quarter of 2018, adding enterprises spanning higher education, financial services, healthcare and retail. Additionally, the company continues to support existing security operations workflows through partnerships and specific integrations with leading solutions in cybersecurity, including Cylance, Demisto, Carbon Black, Microsoft Active Directory, Splunk, ArcSight, among many more. Recorded at the NetEvents Global Press & Analyst Summit – Innovators in Cloud, IoT AI & Security, Dolce Hayes Mansion, San Jose, California, USA, 26 May 2018. #NetEvents18 For more information on the JASK ASOC platform, visit https://jask.ai/solutions/product/ (https://jask.ai/solutions/product/) (https://jask.ai/solutions/product/)Also checkout the JASK at RSA 2018 (https://www.youtube.com/watch?v=j51uGlqtR94) video – loved the Tesla! For the full article - visit the

  This interview with Jarrod Bassan, Practice Partner for Mobility & IoT Lead (Australia/NZ) for DXC Technology discusses the application of Augmented Reality (AR). DXC Technology formed in April 2017 from the merger of CSC and Hewlett Packard and retains technology interests in AR/VR, gamification, blockchain and Internet of Things. Virtual Reality (VR) is an immersive technology and disconnects the person from real interaction. Augmented Reality (AR) is a display of information or audio whilst enabling interaction in the physical environment. The DXC case study on show at National Manufacturing Week concerns an excavator and how parts of the machine can be displayed in an augmented visualisation for damage and maintenance. The use of AR provides a level of insight that may not be otherwise readily available. For headsets and hardware, there is a number of options based on the type of applications. The Daqri and Realware headsets are suitable for industrial use, such as being water and dust proof. Microsoft Hololens is suitable for indoor and training environments. Other hardware may need to be tethered, such as using the Windows MixedReality toolkit and attached to PCs. Each has different capabilities but of most importance is the information being displayed and how it is displayed. Apple has also made a commitment to AR and sees this technology as the next wave of computing and on the scale in magnitude to that of the PC. At some point in the mid 2020s, AR will be the primary method of interacting with computers and devices. Recorded at National Manufacturing Week, Sydney Olympic Park, 10 May 2018  

In this interview, Chris Cubbage talks to Nigel Thompson, Vice President of Product Design at BlackBerry, and Darren Michael, Chief Information Officer of Patersons Securities. BlackBerry, traditionally well known as a hardware company specifically with strengths in security, has successfully transitioned into a software company that secures all end-points and offers cybersecurity services. True to its core, the company is still strong in security, but now expanding into securing multiple and more often than not, third party, end points – such as Apple phones and tablets, motor vehicles, and even medical devices. Patersons Securities, is a BlackBerry client, and in its goal to become more agile, error free and secure, is moving to a paperless workplace and one that is completely digital, and is now using BlackBerry’s Workspaces, a secure collaboration in a cloud solution. In this episode Nigel, of BlackBerry, discusses Workspaces, as well as the BlackBerry Collaboration Suite, and BlackBerry Dynamics, and how these solutions have benefited Darren’s firm, Patersons Securities. If you’re an organisation that has a digital strategy, but has concerns over cyber security, then you’ll enjoy this interview with Chris Cubbage, Nigel Thompson and Darren Michael. For the Full Patersons Securities Case Study – Visit https://www.blackberry.com/content/dam/blackberry-com/Documents/pdf/case-studies/asia-pacific/en/cs-patersons-securities.pdf (https://www.blackberry.com/content/dam/blackberry-com/Documents/pdf/case-studies/asia-pacific/en/cs-patersons-securities.pdf) (https://www.blackberry.com/content/dam/blackberry-com/Documents/pdf/case-studies/asia-pacific/en/cs-patersons-securities.pdf)For more case studies - Visit https://www.blackberry.com/en/customers/success-stories (https://www.blackberry.com/en/customers/success-stories) (https://www.blackberry.com/en/customers/success-stories)Recorded in Sydney, 6 June 2018, courtesy of BlackBerry’s Secure World Tour. For further information about BlackBerry cybersecurity solutions and services, please contact: ehercules@blackberry.com (mailto:ehercules@blackberry.com)

In this interview, Morry Morgan talks with Vumero General Manager, and the creator of the IoT Festival, Thomas Alomes. The two discuss the festival’s role in pushing the IoT agenda in Australia, and moving IoT away from just hype and theory, to real world applications – applications that have shown to improve productivity in traditional industries, like farming and livestock management. The two also discuss the trend towards ‘baked in’ cybersecurity within IoT, partly as a result of the introduction of GDPR regulation, but also the existing limitations of an industry that has ‘lowest bidder’ suppliers. Recorded at the IoT Festival, Melbourne, June 4, 2018. Related podcasts include Episode 74 - Real time data collection & Oracle's IoT Demo featuring Anki Racing Cars (https://www.blubrry.com/mysecurity/34669088/episode-74-real-time-data-collection-oracles-iot-demo-featuring-anki-racing-cars/)