The Blog

Portugal participated in Cyber Coalition 2015, largest NATO cyber defense exercise

During the period from 16 to 20 November there was the exercise of cyber defense NATO Cyber Coalition 2015. Portugal integrated the exercise represented by the Cyber Defense Centre (CCD), elements of cyberdefense capability of the three branches of the Armed Forces, as well as of civil organizations that have integrated a response cell in CCD installations in the General HQ building of the Portuguese Armed forces in Lisbon.

This exercise, which took place simultaneously in several countries belonging to NATO and some partners, aims to collaboration between the various nations and partners in solving many real challenges that have been posed to the participants, including computer attacks in various environments of the cyberspace.

In the Portuguese case, beyond the three branches of the military (Navy, Army and Air Force) CCD conducted the exercise, which included the participation of civilian companies like Redshift Consulting, Edisoft, FireEye and Checkpoint, which with its resources and experience in the field, collaborated in resolving incidents that have been placed during the event.
On the 19th, the CCD received the visit of several national and international entities such as the Deputy for Planning and Coordination, Lieutenant General Pimenta Sampaio, the Director General of the National Security Office, Vice Admiral Torres Sobral, the Coordinator National Cyber Security Center, Dr. José Carlos Martins, the Technical Directors of the branches, among others, receiving the a presentation of the exercise organization and the scenario created for it. Then they visited the operating room, where received information about ongoing operations in the analysis and resolution of incidents.

Cyber Coalition is the main NATO cyber defense exercise, was created in 2008, and Portugal participate in this exercise since 2011.

Read More

Redshift hosted 9 European Partners

Redshift is proud for having hosted last week 9 European Partners from Azerbaijan, Check Republic, Croatia, Finland, France, Germany,  Lithuania, Romania and Turkey in a total of 13 attendees for a 2 days training course on the product RED.scan, the all-in-one multichannel capture platform.

Read More

The Network Doesn’t Lie

In his March 26, 2015 Network World opinion piece, In Cybersecurity, the Network Doesn’t Lie, Jon Oltsik, principal analyst with Enterprise Strategy Group (ESG) outlines some of the reasons why security professionals are increasingly turning to continuous network monitoring to enhance cybersecurity.

Oltsik begins with some numbers from an ESG Group survey report, in which 40% of respondents claim they plan to move toward continuous monitoring of all assets on the network, while 30% plan to capture more network traffic for security analytics.

While gaining comprehensive network visibility is critically important, it’s also just a piece of what’s required for a truly effective continuous network monitoring solution

Contrast the ESG findings with the recently released 2015 Cyberthreat Defense Report from the CyberEdge Group. In this report, 32% of respondents are already using continuous monitoring for network asset discovery, and 62% indicated their organizations have implemented continuous monitoring (either alone or in conjunction with periodic, ad hoc scanning/monitoring).

So, why are organizations pursuing continuous network monitoring? Oltsik suggests:

As the old network security adage states, “the network doesn’t lie.” Yes, networks may hold secrets within encrypted traffic, but network traffic analysis can inevitably expose the Tactics, Techniques, and Procedures (TTPs) used in cyberattacks.

Along with secrets held in encrypted traffic, with growing use of the cloud, mobile and virtual systems, many organizations are challenged to get a comprehensive and continuous view of all their IT assets. And while gaining comprehensive network visibility is critically important, it’s also just a piece of what’s required for a truly effective continuous network monitoring solution.

Do you need continuous network monitoring?

We could answer the above question by asking whether you need to continuously identify vulnerabilities, reduce risk and ensure compliance with security regulations and policies. Instead, we recommend that you read the Definitive Guide to Continuous Network Monitoring.

It’s a quick, but detailed read that will get you up to speed on:

  • Why there is a growing interest in continuous network monitoring
  • How continuous network monitoring works, and
  • What’s required to implement continuous network monitoring

If you’re attending RSA, you can get a printed paperback edition of the Definitive Guide by visiting Tenable’s booth #N3228. (You can check out our entire RSA schedule here.)
You can also download a copy of the Definitive Guide to Continuous Network Monitoring ebook.

A network security tell-all

For additional insight into continuous network monitoring, register for our April 16, 2015 webinar featuring Steve Piper, author of the Definitive Guide to Continuous Network Monitoring, and Narayan Makaram, Sr. Product Marketing Manager with Tenable. During this 2 pm ET session titled, Measure and Demonstrate Security Effectiveness with Continuous Network Monitoring, we will explain, among other things, how continuous network monitoring can help you answer the $1B question: “What is our risk?” We’ll also provide an overview of Tenable’s SecurityCenter Continuous View 5.0 and answer your questions.

Read More

Acunetix clamps down on costly website security

London, March 2, 2015 – As cyber security continues to hit the headlines, even smaller companies can expect to be subject to scrutiny and therefore securing their website is more important than ever. In response to this, Acunetix are offering the online edition of their vulnerability scanner at a new lower entry price. This new option allows consumers to opt for the ability to scan just one target or website and is a further step in making the top of the range scanner accessible to a wider market.

A vulnerability scanner allows the user to identify any weaknesses in their website architecture which might aid a hacker. They are then given the full details of the problem in order to fix it. While the scanner might previously have been a niche product used by penetration testers, security experts and large corporations, in our current cyber security climate, such products need to be made available to a wider market. Acunetix have recognised this which is why both the product and its pricing have become more flexible and tailored to multiple types of user, with a one scan target option now available at $345. Pricing for other options has also been reduced by around 15% to reflect the current strength of the dollar. Use of the network scanning element of the product is also currently being offered completely free.
Acunetix CEO Nicholas Galea said:

“Due to recent attacks such as the Sony hack and the Anthem Inc breach, companies are under increasing pressure to ensure their websites and networks are secure. We’ve been continuously developing our vulnerability scanner for a decade now, it’s a pioneer in the field and continues to be the tool of choice for many security experts. We feel it’s a tool which can benefit a far wider market which is why we developed the more flexible and affordable online version.”

About Acunetix Vulnerability Scanner (Online version)

User-friendly and competitively priced, Acunetix Vulnerability Scanner fully interprets and scans websites, including HTML5 and JavaScript and detects a large number of vulnerabilities, including SQL Injection and Cross Site Scripting, eliminating false positives. Acunetix beats competing products in many areas; including speed, the strongest support of modern technologies such as JavaScript, the lowest number of false positives and the ability to access restricted areas with ease. Acunetix also has the most advanced detection of WordPress vulnerabilities and a wide range of reports including HIPAA and PCI compliance.

Users can sign up for a trial of the online version of Acunetix which includes the option to run free network scans.

About Acunetix
Acunetix is the market leader in web application security technology, founded to combat the alarming rise in web attacks. Its products and technologies are the result of a decade of work by a team of highly experienced security developers. Acunetix’ customers include the U.S. Army, KPMG, Adidas and Fujitsu. More information can be found at

Read More

On-Demand Webinar – Secure Development Without Disruption

Redshift and Checkmarx created a on-demand webinar to dive deeper on how to Secure Development without Disruption.

We live in an era of digital transformation, and software is the backbone of this transformation. Development practices and architecture are changing at an unprecedented pace. This also includes the realm of more sophisticated hacking. Therefore, it is more important than ever for security to keep up with the changing times, and better manage total software exposure across the entire SDLC.

During this webinar, Checkmarx Lead Sales Engineer, Andrew Thompson, will review the following:

  • Today’s realm of infrastructure as code
  • The move from monolithic applications to microservices
  • How software complexity and speed of delivery lead to software exposure
  • Why security clashes with the DevOps key requirements
  • How developers and integrated automation can help us to shift left

Acess the webinar here.

Read More

Redshift was present at the Luxembourg Internet Days

Diogo Carou was present at the Luxembourg Internet Days.

The event offered a wide range of conferences, interactive workshops and panel discussions to address in a technical and pragmatic way the main Internet-related challenges resulting from IT & OT convergence.

Read More