2024 CISO cyber security predictions: Must-attend webinar – CyberTalk

EXECUTIVE SUMMARY:

The new year is fast-approaching. Check Point’s community of global CISOs is eager to share reflections on 2023 and to identify a variety of key cyber threats and cyber criminal tactics that could influence your cyber security plans in the year ahead.

As you prepare for 2024, leverage strategic, evidence-backed insights from top voices in the field. Tap into the expertise of seasoned professionals to untangle complexity and to stay ahead of the curve.

On December 14th, join Check Point’s six global CISOs as they engage with the latest research, provide incisive analyses, and empower the audience to confidently navigate the evolving cyber threat landscape.

In this must-attend CISO webinar, discover how to keep up with artificial intelligence trends, cloud security challenges and cyber security solutions that can cancel attacks faster than you can say ‘distinctive cyber-readiness’.

You’ll also benefit from:

A strategic compass. These insights can serve as a strategic, guiding compass. They can allow you to accurately anticipate trends, identify weaknesses and find no-fail solutions.

Resource optimization. CISO predictions are also intended to help optimize resource allocation. Ensure that your resources are deployed in the right directions, based on the latest real-world insights.

Tech recommendations. Get recommendations regarding cutting-edge tools and solutions that can competently contend with distinctive, emerging cyber threats.

IR planning insights. With the input of leading industry voices, create a more effective IR plan; one that, after an attack, facilitates an expedient return to business as-usual.

Get bold CISO predictions that are designed to improve decision-making and overarching cyber security outcomes.

This global CISO predictions webinar aims to empower forward-thinking cyber security leaders, like you. With fresh ideas and insight, you can optimize your operations, enable your team to excel, and achieve newfound cyber successes. Meet the CISOs participating in this event:

2024 CISO cyber security predictions: Must-attend webinar – CyberTalk
Jonathan Fischbein has served as Check Point’s Chief Information Security Officer for two full decades. He has more than 25 years’ experience in high-tech security markets, shaping security strategies, and in developing ad-hoc solutions to help large corporations mitigate security threats.

Deryck Mitchelson Field CISO EMEA
Deryck Mitchelson, EMEA Field CISO at Check Point. Deryck is a commercially focused C-suite executive distinguished by expertise in cyber security and cloud, with global experience in delivering major secure transformational business-change across both private and public sectors.

Vivek Gullapalli, Check Point Field CISO APAC
Vivek Gullapalli, APAC Field CISO at Check Point. Vivek has a strong record in transforming cyber security in global financial organizations like Citibank, Bank of Montreal and Singlife with Aviva. He brings more than two decades of experience in roles spanning multiple geographies, and complex regulatory landscapes.

Marco Eggerling_Field CISO EMEA
Marco Eggerling, EMEA Field CISO at Check Point. Marco holds an LL.M. in IT Law from the University of Edinburgh as well as several certifications. He has strong experience in building and leading large-scale security programs, and in enabling organizations to deliver high-value products and services to enhance digital trust.

Field CISO Cindi Carter_Americas
Cindi Carter, Americas Field CISO at Check Point. Cindi is the founding President of Women in Security – Kansas City, was honored in SC Media magazine’s “Women to Watch in Cyber Security”, and was also featured in Cybersecurity Venture’s book, “Women Know Cyber: 100 Fascinating Females Fighting Cybercrime.”

Pete Nicoletti, Field CISO, Americas, Check Point
Pete Nicoletti, Americas Field CISO at Check Point. Pete has 32 years of security, network, and MSSP experience and has been a hands-on CISO for the last 17 years. Pete’s cloud security deployments and designs have been rated by Gartner as #1 and #2 in the world.

Event details: December 14th, 2023 at 2:00 PM GMT/3:00 PM CET/9:00 AM EST.

We hope to see you at the webinar. Register today!

Wishing everyone a safe and secure 2024.

Boosting faith in the authenticity of open source software

Boosting faith in the authenticity of open source software

Open source software — software that is freely distributed, along with its source code, so that copies, additions, or modifications can be readily made — is “everywhere,” to quote the 2023 Open Source Security and Risk Analysis Report. Ninety-six percent of the computer programs used by major industries include open source software, and 76 percent of those programs consist of open source software. But the percentage of software packages “containing security vulnerabilities remains troublingly high,” the report warned.

One concern is that “the software you’ve gotten from what you believe to be a reliable developer has somehow been compromised,” says Kelsey Merrill ’22, MEng ’23, a software engineer who received a master’s degree earlier this year from MIT’s Department of Electrical Engineering and Computer Science. “Suppose that somewhere in the supply chain, the software has been changed by an attacker who has malicious intent.”

The risk of a security breach of this sort is by no means abstract. In 2020, to take a notorious example, the Texas company SolarWinds made a software update to its widely used program called Orion. Hackers broke into the system, inserting pernicious code into the software before SolarWinds shipped the latest version of Orion to more than 18,000 customers, including Microsoft, Intel, and roughly 100 other companies, as well as a dozen U.S. government agencies — including the departments of State, Defense, Treasury, Commerce, and Homeland Security. In this case, the product that was corrupted came from a large commercial company, but lapses may be even more likely to occur in the open source realm, Merrill says, “where people of varying backgrounds — many of whom are hobbyists without any security training — can publish software that gets used around the world.”

Now, she and three collaborators — her former advisor Karen Sollins, a principal research scientist at the MIT Computer Science and Artificial Intelligence Laboratory; Santiago Torres-Arias, an assistant professor of computer science at Purdue University; and Zachary Newman SM ’20, a research scientist at Chainguard Labs — have developed a new system called Speranza, which is aimed at reassuring software consumers that the product they are getting has not been tampered with and is coming directly from a source they trust.

“What we have done,” explains Sollins, “is to develop, prove correct, and demonstrate the viability of an approach that allows the [software] maintainers to remain anonymous.” Preserving anonymity is obviously important, given that almost everyone — software developers included — values their confidentiality. This new approach, Sollins adds, “simultaneously allows [software] users to have confidence that the maintainers are, in fact, legitimate maintainers and, furthermore, that the code being downloaded is, in fact, the correct code of that maintainer.”

So how can users confirm the genuineness of a software package in order to guarantee, as Merrill puts it, “that the maintainers are who they say they are?” The classical way of doing this, which was invented more than 40 years ago, is by means of a digital signature, which is analogous to a handwritten signature — albeit with far greater built-in security through the use of various cryptographic techniques.

To carry out a digital signature, two “keys” are generated at the same time — each of which is a number, composed of zeros and ones, that is 256 digits long. One key is designated “private,” the other “public,” but they constitute a pair that is mathematically linked. A software developer can use their private key, along with the contents of the document or computer program, to generate a digital signature that is attached exclusively to that document or program. A software user can then use the public key — as well as the developer’s signature, plus the contents of the package they downloaded — to verify the package’s authenticity.

Validation comes in the form of a yes or a no, a one or a zero. “Getting a one means that the authenticity has been assured,” Merrill explains. “The document is the same as when it was signed and is hence unchanged. A zero means something is amiss, and you may not want to rely on that document.”

Although this decades-old approach is tried and true in a sense, it is far from perfect. One problem, Merrill notes, “is that people are bad at managing cryptographic keys, which consist of very long numbers, in a way that is secure and prevents them from getting lost.” People lose their passwords all the time, Merrill says. “And if a software developer were to lose the private key and then contact a user saying, ‘Hey, I have a new key,’ how would you know who that really is?”

To address those concerns, Speranza is building off of “Sigstore” — a system introduced last year to enhance the security of the software supply chain. Sigstore was developed by Newman (who instigated the Speranza project) and Torres-Arias, along with John Speed Meyers of Chainguard Labs. Sigstore automates and streamlines the digital signing process. Users no longer have to manage long cryptographic keys but are instead issued ephemeral keys (an approach called “keyless signing”) that expire quickly — perhaps within a matter of minutes — and therefore don’t have to be stored.

A drawback with Sigstore stems from the fact that it dispensed with long-lasting public keys, so that software maintainers instead have to identify themselves — through a protocol called OpenID Connect (OIDC) — in a way that can be linked to their email addresses. That feature, alone, may inhibit the widespread adoption of Sigstore, and it served as the motivating factor behind — and the raison d’etre for — Speranza. “We take Sigstore’s basic infrastructure and change it to provide privacy guarantees,” Merrill explains.

With Speranza, privacy is achieved through an original idea that she and her collaborators call “identity co-commitments.” Here, in simple terms, is how the idea works: A software developer’s identity, in the form of an email address, is converted into a so-called “commitment” that consists of a big pseudorandom number. (A pseudorandom number does not meet the technical definition of “random” but, practically speaking, is about as good as random.)

Meanwhile, another big random number — the accompanying commitment, or co-commitment — is generated that is associated with a software package that this developer either created or was granted permission to modify. In order to demonstrate to a prospective user of a particular software package as to who created this version of the package and signed it, the authorized developer would publish a proof that establishes an unequivocal link between the commitment that represents their identity and the commitment attached to the software product. The proof that is carried out is of a special type, called a zero-knowledge proof, which is a way of showing, for instance, that two things have a common bound, without divulging details as to what those things — such as the developer’s email address — actually are.

“Speranza ensures that software comes from the correct source without requiring developers to reveal personal information like their email addresses,” comments Marina Moore, a PhD candidate at the New York University Center for Cyber Security. “It allows verifiers to see that the same developer signed a package several times without revealing who the developer is or even other packages that they work on. This provides a usability improvement over long-term signing keys, and a privacy benefit over other OIDC-based solutions like Sigstore.”

Marcela Mellara, a research scientist in the Security and Privacy Research group at Intel Labs, says, “This approach has the advantage of allowing software consumers to automatically verify that the package they obtain from a Speranza-enabled repository originated from an expected maintainer, and gain trust that the software they are using is authentic.”

A paper about Speranza was presented at the Computer and Communications Security Conference in Copenhagen, Denmark.

MIT Generative AI Week fosters dialogue across disciplines

MIT Generative AI Week fosters dialogue across disciplines

In late November, faculty, staff, and students from across MIT participated in MIT Generative AI Week. The programming included a flagship full-day symposium as well as four subject-specific symposia, all aimed at fostering a dialogue about the opportunities and potential applications of generative artificial intelligence technologies across a diverse range of disciplines.

“These events are one expression of our conviction that MIT has a special responsibility to help society come to grips with the tectonic forces of generative AI — to understand its potential, contain its risks, and harness its power for good,” said MIT President Sally Kornbluth, in an email announcing the week of programming earlier this fall.

Activities during MIT Generative AI Week, many of which are available to watch on YouTube, included:

MIT Generative AI: Shaping the Future Symposium

The week kicked off with a flagship symposium, MIT Generative AI: Shaping the Future. The full-day symposium featured welcoming remarks from Kornbluth as well as two keynote speakers. The morning keynote speaker, Professor Emeritus Rodney Brooks, iRobot co-founder, former director of the Computer Science and Artificial Intelligence Laboratory (CSAIL), and Robust.AI founder and CTO, spoke about how robotics and generative AI intersect. The afternoon keynote speaker, renowned media artist and director Refik Anadol, discussed the interplay between generative AI and art, including approaches toward data sculpting and digital architecture in our physical world.

The symposium included panel and roundtable discussions on topics such as generative AI foundations; science fiction; generative AI applications; and generative AI, ethics, and society. The event concluded with a performance by saxophonist and composer Paul Winter. It was chaired by Daniela Rus, the Andrew (1956) and Erna Viterbi Professor of Electrical Engineering and Computer Science (EECS) and director of CSAIL, and co-chaired by Cynthia Breazeal, MIT dean for digital learning and professor of media arts and sciences, and Sertac Karaman, professor of aeronautics and astronautics and director of the Laboratory for Information and Decision Systems.

“Another Body” Screening

The first day of MIT Generative AI Week concluded with a special screening of the documentary “Another Body.” The SxSW Special Jury Award-winning documentary follows a college student’s search for answers and justice after she discovers deepfake pornography of herself circulating online.

After the viewing, there was a panel discussion including the film’s editor, Rabab Haj Yahya; David Goldston, director of the MIT Washington Office; Catherine D’Ignazio, associate professor of urban science and planning and director of the Data + Feminism Lab; and MIT junior Ananda Santos Figueiredo.

Generative AI + Education Symposium

Drawing from the extended MIT community of faculty, research staff, students, and colleagues, the Generative AI + Education Symposium offered thought-provoking keynotes, panel conversations, and live demonstrations of how generative AI is transforming learning experience and teaching practice from K-12, post-secondary education, and workforce upskilling. The symposium included a fireside chat entitled, “Will Generative AI Transform Learning and Education?” as well as sessions on the learner experience, teaching practice, and big ideas from MIT.

This half-day symposium concluded with an innovation showcase where attendees were invited to engage directly with demos of the latest in MIT research and ingenuity. The event was co-chaired by Breazeal and Christopher Capozzola, senior associate dean for open learning and professor of history.

Generative AI + Health Symposium

The Generative AI + Health Symposium highlighted AI research focused on the health of people and the health of the planet. Talks illustrated progress in molecular design and sensing applications to advance human health, as well as work to improve climate-change projections, increase efficiency in mobility, and design new materials. A panel discussion of six researchers from across MIT explored anticipated impacts of AI in these areas.

This half-day symposium was co-chaired by Raffaele Ferrari, the Cecil and Ida Green Professor of Oceanography in the Department of Earth, Atmospheric and Planetary Sciences and director of the Program in Atmospheres, Oceans, and Climate; Polina Golland, the Sunlin and Priscilla Chou Professor in the Department of EECS and a principal investigator at CSAIL; Amy Keating, the Jay A. Stein Professor of Biology, professor of biological engineering, and head of the Department of Biology; and Elsa Olivetti, the Jerry McAfee (1940) Professor in Engineering in the Department of Materials Science and Engineering, associate dean of engineering, and director of the MIT Climate and Sustainability Consortium.

Generative AI + Creativity Symposium

At the Generative AI + Creativity Symposium, faculty experts, researchers, and students across MIT explored questions that peer into the future and imagine a world where generative AI-enhanced systems and techniques improve the human condition. Topics explored included how combined human and AI systems might make more creative and better decisions than either one alone; how lifelong creativity, fostered by a new generation of tools, methods, and experiences, can help society; envisioning, exploring, and implementing a more joyful, artful, meaningful, and equitable future; how to make AI legible and trustworthy; and how to engage an unprecedented combination of diverse stakeholders to inspire and support creative thinking, expression, and computation empowering all people.

The half-day symposium was co-chaired by Dava Newman, the Apollo Program Professor of Astronautics and director of the MIT Media Lab, and John Ochsendorf, the Class of 1942 Professor, professor of architecture and of civil and environmental engineering, and founding director of the MIT Morningside Academy for Design.

Generative AI + Impact on Commerce Symposium

The Generative AI + Impact on Commerce Symposium explored the impact of AI on the practice of management. The event featured a curated set of researchers at MIT; policymakers actively working on legislation to ensure that AI is deployed in a manner that is fair and healthy for the consumer; venture capitalists investing in cutting-edge AI technology; and private equity investors who are looking to use AI tools as a competitive advantage.

This half-day symposium was co-chaired by Vivek Farias, the Patrick J. McGovern (1959) Professor at the MIT Sloan School of Management and Simon Johnson, the Ronald A. Kurtz (1954) Professor of Entrepreneurship at the MIT Sloan School of Management.

5 Things to Consider When Bringing Speech AI Into Your Business

Imagine a world where mundane tasks, consuming 60-70% of our work hours, vanish into thin air. According to a McKinsey report, thanks to its evolving grasp of natural language, Generative AI has the potential to make this dream a reality quite soon. It’s no wonder that…

Speak AI Transcription Software Review (December 2023)

For many marketers, researchers, and organizations who spend hours manually transcribing interviews, podcasts, and meetings, finding an efficient and reliable transcription software saves significant time and money. Lucky for you, Speak AI is the perfect solution! With its advanced AI technology, Speak AI aims to streamline…

Disney Illusion Island ‘Keeper Up’ Update Includes Time Trial Challenges And More, Out This Week

Disney Illusion Island ‘Keeper Up’ Update Includes Time Trial Challenges And More, Out This Week

Developer Dlala Studios and publisher Walt Disney Games released Disney Illusion Island, a 2D Metroidvania-esque platformer, exclusively on Switch earlier this year. It was nominated for Best Family Game at The Game Awards 2023 – check out all the winners here – and now, Dlala has revealed it is launching new content this week. 

More specifically, the Keeper Up update will go live in Disney Illusion Island for free on Wednesday, December 13. It includes new time trial challenges, quality of life updates like an improved map, and more. 

“In this fast-paced new experience, players must try and beat the clock and show off their parkour prowess, thanks to a set of new challenges arranged by the ‘Mavens of Monoth,’ a group of ‘old Monoth’ enthusiasts who want to see if anyone knows how to navigate these lands better (and faster) than them,” a press release reads. “Upon entering a course, a timer will tick away as players scramble to grab collectibles through remixed areas of the world, making their way to the finish line in the best time possible.” 

Elsewhere in the Keeper Up update, Dlala studios says Disney Illusion Island will receive “a host of quality of life updates, including new accessibility features, new gallery unlocks, and an updated map.” 

Disney Illusion Island is available exclusively on Switch, and the new Keeper Update goes live this week on December 13. 

[embedded content]

For more about the game, read Game Informer’s Disney Illusion Island review and then check out this behind-the-scenes feature about the making of Disney Illusion Island. After that, read this feature about how the Disney Illusion Island team created one of the best musical scores of the year

Are you jumping into the Keeper Up update for Disney Illusion Island? Let us know in the comments below!