Brazil - Hot Market for Surveillance Technology

Brazil Becomes Hot Market for Surveillance Technology Ahead of World Cup

Written by Bruno Fonseca, Jessica Mota, Luiza Bodenmüller and Natalia Viana, by Agência Pública

Giants of the surveillance sector get contracts in a number of Brazilian cities during the games of 2014 – from security scanners to remote tracking software.

Shortly after being informed of US National Security Agency (NSA) spying, President Dilma Rouseff asked ministers Paulo Bernardo (Communication) and José Eduardo Cardozo (Justice) to include in the Marco Civil da Internet, a charter of Brazilian Internet users, a mechanism that allows the suspension of operation of companies that cooperate with international spying schemes. “It could apply to banks, or telephone companies,” said the Minister of Communication.

But the security of sensitive data could also be guaranteed by multinational surveillance companies, given that a large part of the increasing demand for surveillance in the World Cup will be supplied by sector giants – the same companies that provide equipment and software to police forces all over the world, including the American government and the NSA.

Most of them are mentioned in the recent publication by Wikileaks, part of the Spy Files 3 project , a compilation of 249 documents from 92 companies, among them brochures, contracts and metadata referring to some of the business leaders of the sector. They show that, in relation to mega-events, Brazil has become priority for the global surveillance industry.

The Extraordinary Secretariat for Large Events (SESGE) has been acquiring a number of technologies for public security. Two hundred million Brazilian reais [nearly 87 million US dollars] have been spent on national-level contracts. And the industry of surveillance equipment is betting heavily on taking advantage of this opportunity. In recent years, a number of industry fairs have taken place in the country.

When surveillance specialists get together 

In July, in Brasilia it was ISS World s turn, bringing together policy, security officials and intelligence analysts for training in legal interception, high tech electronic investigations and networked data collection. Financed by the biggest in the sector, like Gamma Group, Hackingtean, Cobhan Surveillance, Hidden Technology, GlimmerGlass and the Brazilian firm Suntech, the directors of these companies lead workshops.

For example, some courses taught participants how to use social networks as open sources in criminal investigations, or how to better use Facebook: from security on Facebook through to retention of data and interaction with security forces. Another training, given by the firm Group 2000 Netherlands, looked at the how interception of data works at a national level, combined with LBS (location-based service) – a computer programming service that allows for inclusion of place and time in a system as it is used. The firm IPS also featured social media and webmail: the architecture of Big Data for mass interception, beyond the course on “expert intrusion” of social networks and webmail. The Brazilian company Suntech, which is now part of the American group Verint, funded a whole day of training, with special focus on interception of telecommunications.

Beyond the ISS, the LAAD (Latin American Aerospace & Defence), one of the main fairs of security and defense companies in Latin America, has been held in Brazil since 1995, with support from the Ministry of Defense and the Ministry of Justice. In recent years, mega-events have been the principal focus of this fair, home for a great deal of business in the sector.

In 2011, for example, the Ministry of Defense announced a project for the Integrated Border Monitoring System (SISFRON), based on a network of sensors interlinked with control and command systems. The military wanted to accelerate the construction of the system because of the World Cup and the Olympics. The estimated cost, $6-7 billion reais [between $2.7 and 3.1 billion US dollars], enthused international markets. The reason: in spite of national firm Embraer being given the construction of the system, the Saab Group of Sweden, made it be known that its German subsidiary MEDAV will supply, as a subcontractor, the mobile and static sensor systems for the program, allowing for the monitoring and identification of HF, VHF, and UHF frequencies.

This year more than 30,000 visitors attended LAAD, which hosted 720 exhibitors from 65 countries, among those present representatives from the Ministries of Defense of the Ukraine, United Kingdom, Argentina and South Africa. In 2014, year of the World Cup, a smaller version, only on security, is set for April 8-10, in Riocentro.

August Newsletter - Advanced persistent threat (APT)

Vega newsletter is published monthly by Vega BI, and distributed to our partners to facilitate pursuit of a common interest in top-notch technologies. 

Once rare and sophisticated, the APT is now becoming a common attack.

 Is your organization ready?   Any organization linked to the Internet is at risk. To protect your organization against APTs, it’s important to know what an APT is.

 

Typically, the intention of an APT attack is to steal data rather than to cause damage to the network or to the organization. APT attacks target organizations in sectors with high-value information, such as national defense, manufacturing and the financial industry.

In an APT attack, the goal is to achieve ongoing access, therefor it is characterized as a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period. In order to maintain access without discovery, the intruder must imitate a normal user’s behavior and thus continuously rewrite code and employ sophisticated evasion techniques. Advanced Persistent Threat (APT) actors follow a staged approach, as articulated in the “APT-life Cycle” diagram , to target, penetrate and exploit the organization.

For more .... See Vega's August Newsletter

APT - Advanced Persistent Threat

APT - Highlights 

Advanced persistent threat (APT) refers to a planned and assembled activity of an entity (usually an organized group) with both the capability and the intent to determinedly and effectively attack a specific target. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information.

Typically, the intention of an APT attack is to steal data rather than to cause damage to the network or to the organization. APT attacks target organizations in sectors with high-value information, such as national defense, manufacturing and the financial industry. In an APT attack, the goal is to achieve ongoing access, therefor it is characterized as a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period. In order to maintain access without discovery, the intruder must imitate a normal user’s behavior and thus continuously rewrite code and employ sophisticated evasion techniques. Advanced Persistent Threat (APT) actors follow a staged approach, as articulated in the “APT-life Cycle” diagram , to target, penetrate and exploit the organization. APTs present a greater threat based on their intense attention to preparations and their desire to expand access across the organization’s networks.

Although APT attacks are difficult to identify, the intruder can never be completely invisible. Detecting anomalies in outbound data is perhaps the best way for an administrator to discover that his network has been the target of an APT attack.

There’s a lot we know about advanced persistent threats, but there’s a lot we don’t know. This is due, in large part, to the complexity of the attacks and the stealth of the attackers. Our knowledge about APTs is growing, but, unfortunately, that’s because the attacks themselves are growing in frequency. Criminals using APTs want data, so the more valuable an organization’s data, the more likely it is to be targeted. Government agencies and organizations in industries such as finance, energy, IT, aerospace, and chemical and pharmaceuticals are the most likely to be the victims of APT infections, as are those involved in international trade. Users and organizations with access through business relationships to organizations holding valuable data, such as smaller defense contractors, are also beginning to be targeted in order to be used along time as entry gate into their valuable partners’ networks.

Any organization linked to the Internet is at risk. 

To protect your organization against APTs, it’s important to know what an APT is !!!

The World's 20 Hottest Startup Scenes

Entrepreneur, By Kathleen Davis

Sure, Silicon Valley is still No. 1, but some surprising cities like Sao Paulo, Brazil and Bangalore, India have become successful startup hubs over the past decade. Startup Genome's Startup Ecosystem Report 2012 ranked the top 20 most active startup scenes in the world based on criteria including funding, entrepreneurial mindset, trendsetting, support, talent and more.

According to data compiled by financial-software firm Intuit, some of the cities even outshine entrepreneurial darling Silicon Valley. For example, 20 percent of Santiago, Chile's entrepreneurs are women compared with a paltry 10 percent in the Valley.

For the full list and more about the top 20 entrepreneurial cities around the world, take a look at the infographic below.
Click to Enlarge+

Israel's startups are catching the eye of tech heavyweights

Shopping for security: Israel's startups are catching the eye of tech heavyweights

Summary: When it comes to IT security, big tech firmskeep looking to Israel for their next buy.

By David Shamah for Tel Aviv Tech 

Thanks to the growth in mobile and cloud computing, and the more porous borders it brings to the enterprise, the security industry is growing, and Israel's is no exception.

IBM's  recent purchase of Israeli security company Trusteer is just one example of the new popularity of security in the startup nation. Earlier in August, GE announced it was investing in Israel's Thetaray, the company's first security investment here. And in May, Cisco CEO John Chambers announced that the company is starting its own incubator in Israel, specifically to help security startups come to market.

Elsewhere, digital vault Cyber-Ark announced this week that it was increasing its staff by 50 percent, due to a rise in new business (nearly half the companies on the Fortune 50 list are among Cyber-Ark's 1,400 or so clients, including 17 of the 20 largest banks worldwide). The company's sales, according to its Israeli centre manager Chen Bitan, have risen 40 percent annually year on year for the past several years, and today the company is the largest private IT security company in Israel.

But the road from security startup to acquisition or investment by an IBM or a GE is a long one.

Why would multinationals think to go shopping in Israel altogether? Because, said Gadi Tirosh, a general partner at VC firm Jerusalem Venture Partners (JVP), multinationals already know Israel and are comfortable here. Many of them already have R&D facilities in Israel, and in a sort of virtuous cycle, they meet entrepreneurs and innovators who work in or with startups.

Security to deal with the new class of security attacks — advanced persistent threats (APT) or highly-destructive zero day attacks is very much on the mind of enterprise and tech companies, Tirosh said, making security startups attractive targets. And very often, companies use their new acquisitions or investments to open up new R&D labs in Israel, dedicated to working on security.

"Once a company has a beachhead in Israel it is much easier for them to search among startups for the technologies they need," Tirosh said. One example of this trend was the 2011 acquisition of Israeli security firm Navajo Systems by Salesforce.com. Navajo's encryption platform for SaaS was just what Salesforce needed, and in order to continue to draw on Israeli security technology, Salesforce turned the Navajo offices into its first Israeli R&D center (Navajo, Cyber-Ark, and ThetaRay are or were part of JVP's portfolio).

And there's NDS, the largest security firm in Israel, acquired by Cisco. "Although most people don't think of it as such, NDS, which develops systems to ensure that cable and satellite TV premium broadcasts can only be viewed by paying customers, it is, operating at the junction of security and digital media," Tirosh said.

Acquiring NDS opened up a new vista for Cisco — laying the foundations for the decision to open an incubator specifically geared towards security. The field is so hot, in fact, that JVP itself is opening its own security incubator, Tirosh said.

IBM, too, is jumping on the bandwagon, and will use its recent acquisition of security firm Trusteer — for which IBM is rumoured to have paid in the neighbourhood of $1bn, possibly even besting the Waze-Google deal — to open up its own IT security R&D centre.

IBM already has numerous labs in Israel, and the new one will consist of, to begin with, more than 200 Trusteer and IBM researchers and developers to focus on mobile and application security, advanced threat, malware, counterfraud, and financial crimes. And there are dozens of potential Trusteers out there, ripe for exits. Expect more big deals in the Israeli security space, Tirosh said.