Extreme Networks has taken the wraps off a new security application it says will use machine learning and artificial intelligence to help customers effectively monitor, detect and automatically remediate security issues with networked IoT devices. The application – ExtremeAI security--features machine-learning technology that can understand typical behavior of IoT devices and automatically trigger alerts when endpoints act in unusual or unexpected ways, Extreme said. Extreme said that the ExtremeAI Security application can tie into all leading threat intelligence feeds, and had close integration with its existing Extreme Workflow Composer to enable automatic threat mitigation and remediation. The application integrates the company's ExtremeAnalytics application which lets customers view threats by severity, category, high-risk endpoints and geography. An automated ticketing feature integrates with variety of popular IT tools such as Slack, Jira, and ServiceNow, and the application interoperates with many popular security tools, including existing network taps, the vendor stated.
It is tempting to think that the process of securing a Windows 10 device can be reduced to a simple checklist. Install some security software, adjust a few settings, hold a training session or two, and you can move on to the next item on your to-do list. Alas, the real world is far more complicated than that. There is no software magic bullet, and your initial setup simply establishes a security baseline. After that initial configuration is complete, security requires continued vigilance and ongoing effort.
Outside of a coffee shop, you probably don't spend a ton of time thinking about the security of your Wi-Fi network. Generally we expect that, once you set up your home router with a (hopefully) strong password, things are locked down, and that anyone looking to break into your internet would need to camp out in the yard anyway, so the risk is minimal. The truth is more complicated, even frightening. All kinds of devices now connect to the internet, often in different ways, and with levels of security that can vary wildly. And once a device is connected to a network, most Wi-Fi routers don't do a lot of checking on the kind of traffic it may be generating or receiving.
Windows 10's aggressive data-collection capabilities may concern users about corporate spying, but enterprises have control that consumer-edition Windows users do not: Administrators can decide how much information gets sent back to Microsoft. But enterprises need to think twice before turning off Windows telemetry to increase corporate privacy. That's because doing so can decrease the effectiveness of Windows 10's security features. The company has repeatedly reiterated its stance that Windows 10 does not collect the user's personal data, but rather anonymized file data that is then used to improve overall user experience and Windows functionality. With the current shift to Windows-as-a-service, Microsoft plans to release more updates to the operating system more frequently, and it will use telemetry data to understand how people are actually using Windows and applications.
Microsoft Defender Advanced Threat Protection (ATP) now gives your devices and network a security score that tells admins the health of their environment based on how it's configured. A high score means the collective security configuration is in a good state across applications, operating systems, network, accounts, and security controls. Microsoft calls the configuration score the'Microsoft Secure Score for Devices', which is visible in the Threat and Vulnerability Management service dashboard component of Microsoft Defender Security Center. The tool will be useful for security operations centers to scour a network for vulnerabilities that could be mitigated through appropriate configuration changes – for example, the use of highly privileged Administrator rights on accounts that don't need that level of freedom. Microsoft promises the data in the score card is the product of "meticulous and ongoing vulnerability discovery", which involves, for example, comparing collected configurations with collected benchmarks, and collecting best-practice benchmarks from vendors, security feeds, and internal research teams.