Light Point Security CEO Discusses Cybersecurity and Terrorism Prevention
Posted on by Beau AdkinsCategories Computer Security, Opinion, SecurityLeave a comment on Light Point Security CEO Discusses Cybersecurity and Terrorism Prevention

Zuly Gonzalez discusses cybersecurity and terrorismLight Point Security CEO, Zuly Gonzalez, was interviewed on the Emmy Award winning Live TV show Fresh Outlook, which aired on Saturday April 2, 2016 at 2pm ET. Fresh Outlook is a weekly talk show that airs every Saturday Live, and examines a variety of topics and current events.

Zuly discussed Apple vs the FBI, encryption, terrorism, and how to protect yourself from cyber threats, among other topics. For example, she was asked why if less skilled adversaries are able to hack into devices, does the FBI with all of the resources at their disposal have such a hard time getting into the encrypted iPhone of one of the San Bernardino terrorists. Zuly talked about how not all things are equal and that a combination of skill level and protection mechanisms must be taken into account when comparing successful and unsuccessful attacks. She also discussed the importance of the data being protected and how consumers should also value their data. Zuly also touched on the irony of Apple asking the FBI for help in strengthening their protections.

It was an informative segment with several other security experts on the panel. The segment is below for your viewing pleasure.

Two Ways Google Chrome Sacrifices Security in the Name of Speed
Posted on by Beau AdkinsCategories Computer Security, Security, Web SecurityLeave a comment on Two Ways Google Chrome Sacrifices Security in the Name of Speed

Google ChromeGoogle Chrome is now the most popular web browser in the world, with an estimated 45% of all website views. Google claims that security is a top priority, which is why they push frequent, automatic updates and use a sandbox. But an even higher priority for Google is speed.

Sometimes they need to make the choice between speed and security, and this article lists two cases where they chose a minimal speed improvement at the expense of introducing a much larger security risk.

Prerendering

Prerendering is a technology used in Chrome that can make pages appear to load faster. For example, if you browse to http://example1.com and that page includes a link tag like “<link rel=”prerender” href=”http://example2.com”>”, Chrome will automatically and silently load example2.com in the background while you are viewing example1.com. The hope is that the next link you click will be to example2.com, so the browser can display it instantly, making things seem faster.

The most likely place you see this feature in use is on google.com. Based on a user’s search terms, they may decide there is a very high likelihood that they can anticipate which link the user will click next. In that case, they can mark that link to be prerendered, so the page appears to load faster.

Google Chrome itself can also decide to prerender pages. If you start typing “reddit” into the URL bar, there is a decent chance that Chrome will begin prerendering reddit.com in the hopes that is what you were in the process of typing.

What’s so Bad About Prerendering?

  1. Exposure to malware: When a page is prerendered, it has limitations. It can’t initiate downloads, or play audio. But it can execute scripts, and that is all that is needed for a malicious site to infect your computer. Because of prerendering, you can be infected by a site just because a link to it appears in a Google search results page, or you typed something similar to it in the Chrome address bar. You don’t even need to visit the page anymore.
  2. Loss of privacy: When Chrome prerenders a page, it exposes your IP address and browser information to the website. For users performing sensitive online research, this can be a big deal. Some users need to learn about a company or organization without tipping their target off about it. Because of prerendering, just Googling the name of the target will likely expose them.

How to Turn Off Chrome Prerendering

  1. Open the Chrome Settings by clicking the 3 horizontal lines icon in the top-right of Chrome and choose “Settings”.
  2. Scroll to the bottom and click “Show advanced settings”.
  3. Under “Privacy”, uncheck the box labeled “Prefetch resources to load pages more quickly”.

Disable Chrome Prerendering

Automatic Downloads

By default, Google Chrome is configured to automatically download any file that a website decides to push to you. In the interest of speed, instead of asking you if you want to accept a download, it will happily download it immediately, into the “Downloads” folder of your user profile.

The obvious threat here is that malware can get downloaded without your permission. But just downloading a malicious file isn’t actually enough to infect you. You have to execute it somehow.

After the download completes, it will show up in a box in the bottom left corner of Chrome, until the user dismisses it. If the user clicks the box for a download, Chrome will open that file. If this file is malicious, there is a good chance you will be infected.

However, this attack method is weak because it requires the user to decide to click that box. A more sinister approach involves the use of DLL hijacking. When a Windows executable loads, it often also loads a set of DLL files that it requires. These DLLs can be specified with an absolute path (like C:\Windows\System32\user32.dll) or with just a name (like user32.dll). When the DLL is specified with just a name, Windows will search for a DLL with the right name across a few different places. The first place it looks is the same directory as the executable.

An attacker can then create a malicious DLL with the same name as a common Windows DLL, like user32.dll, kernel32.dll, or UxTheme.dll. Chrome will happily automatically download this DLL into the user’s Downloads directory. After that, it’s just a matter of time before the user downloads a legitimate executable (into their Downloads directory) that doesn’t specify an absolute path to the DLL, and when the user executes it, the malicious DLL gets loaded and the user is infected.

How to Turn Off Automatic Downloads

  1. Open the Chrome Settings by clicking the 3 horizontal lines icon in the top-right of Chrome and choose “Settings”.
  2. Scroll to the bottom and click “Show advanced settings”.
  3. Under “Downloads”, check the box labeled “Ask where to save each file before downloading”.

Disable Chrome Automatic Downloads

Light Point Web Protects Against Both of These Threats

Light Point Web protects against these, and other security issues commonly seen in web browsers. Learn how our secure remote browser can protect your home or business.

When NSA employees leave to start their own companies
Posted on by Zuly GonzalezCategories Light Point Security Update, StartupsLeave a comment on When NSA employees leave to start their own companies
Zuly Gonzalez and Beau Adkins founders of Light Point Security and former NSA employees
Zuly Gonzalez and Beau Adkins are co-founders of Light Point Security. (Lloyd Fox / Baltimore Sun)

In October, Ian Duncan, intelligence and military reporter for the Baltimore Sun, interviewed me for a story about former NSA employees that left the Agency to start their own companies. Titled “When NSA employees leave to start their own companies,” the story looks at several Agency entrepreneurs and examines the challenges facing the NSA in retaining the top notch talent they helped to train. It’s an interesting read and I thought it was worth sharing here on the blog. Below is an excerpt from the story.

Adam Fuchs and his small team labored for years inside the National Security Agency on a system that would enable analysts to access vast troves of intelligence data and spot hidden patterns.

“We very much had a startup feel,” Fuchs said. The team worked in an office at Fort Meade with ideas scrawled across whiteboards and old furniture scattered around.

Their work helped analysts identify terrorist groups. But the ordinarily secretive NSA did something else with the technology: Figuring that others could make use of it, too, the agency released it to the world for free.

And that was when those who had built the tool saw an opportunity. Half eventually left the agency to develop it on the outside. Fuchs and others founded a company.

Their departure exemplifies a challenge facing the NSA: The agency spends years training some of the nation’s brightest minds in cutting-edge skills only to watch them take those skills to more lucrative jobs in the private sector.

You can read the full story on the Baltimore Sun’s website here.

Powered By Women: Meet Maryland’s Female Tech Leaders
Posted on by Zuly GonzalezCategories Light Point Security Update, StartupsLeave a comment on Powered By Women: Meet Maryland’s Female Tech Leaders

Zuly Gonzalez CEO Light Point SecurityI’m honored to have been recognized by The Daily Record as one of Maryland’s top female leaders in the tech industry. The Daily Record’s latest edition of the Path to Excellence magazine featured the top female leaders in tech in the State, including myself. They profiled each one of us, and asked us to share quick tips for the upcoming generation of women leaders in Maryland.

Below is an excerpt from the story, but please head on over to The Daily Record’s website to read the full article.

 

 

Women make up roughly 37.9 percent of Maryland’s technology workforce, according to data from the state’s Department of Commerce. Educators and experts attribute the disparity to as far back as middle school, when many young girls lose interest in science and math. You’ll learn more about the reasons for this drop off on page 14. In this issue of Path to Excellence, you’ll meet several of the women who are leading the state’s tech industry. They are leading some of the state’s most innovative companies as they improve cybersecurity, health care and help to grow the next generation of female leadership in the tech industry.

 

Zuly Gonzalez | Light Point Security
Zuly Gonzalez is the co-founder and CEO of Light Point Security, based in Catonsville.
She co-founded the firm to solve the biggest program in cybersecurity today: web-based malware.
Gonzalez has more than 10 years of experience in the U.S. federal government working to secure national security information systems.

CEO Zuly Gonzalez to Speak at the 2015 Entrepreneur Expo
Posted on by Zuly GonzalezCategories Events, Light Point Security UpdateLeave a comment on CEO Zuly Gonzalez to Speak at the 2015 Entrepreneur Expo

TEDCO 2015 Entrepreneur ExpoI am pleased to share that TEDCO has asked me to speak at their annual Entrepreneur Expo on the topic of cybersecurity technology and trends along with CyberPoint CEO Karl Gumtow. TEDCO’s 2015 Entrepreneur Expo will take place Tuesday, November 17, 2015 at the BWI Marriott (1743 W Nursery Rd, Linthicum Heights, MD 21090). TEDCO has put together a great program and line up of speakers, and I hope you will join us for what is sure to be an educational and inspirational day of community building.

My Session Information

Track: Tech Trends
Session Title: Seeing All in Cyber-Security
Time: 1:35 – 2:05

Description: The format will be the smaller company “interviewing” the larger company on cybersecurity technology and trends. We’ll be discussing topics like what is the hottest thing in the market, how do large companies see the market, where do they and other large corporations find technologies, what are they looking for, where do they look and more.

Session Timeline:
Introduction of speakers – 1-2 min
Interview – 15 min
Q&A from the audience – 10 min

Have any cybersecurity technology questions or topics you’d like us to discuss? Tweet us at @LightPointSec using the hashtag #E2E15 with your topics.

To register for the 2015 Entrepreneur Expo click here.

Light Point Security CEO, Zuly Gonzalez, to Speak at CyberMaryland 2015
Posted on by Beau AdkinsCategories Events, SecurityLeave a comment on Light Point Security CEO, Zuly Gonzalez, to Speak at CyberMaryland 2015

Our CEO, Zuly Gonzalez, will be speaking at the CyberMaryland 2015 Conference later this week. She will join other cybersecurity founders on a panel discussion about their experiences with the Northrop Grumman and bwtech@UMBC CYNC Program as part of the conference’s Cyber Innovation Track. If you will be attending the CyberMaryland Conference, stop by Room 303 on Thursday, October 29 from 9:45am – 10:30am to hear about industry partnerships and the benefits they provide to growing cybersecurity companies.

If you plan to attend the conference, but haven’t registered yet, use our discount code SpeakerGuest to receive a 25% discount off of your registration.

Presentation Information

Model of a Successful Industry Partnership – Northrop Grumman at bwtech@UMBC Cyber Incubator: CYNC Program

The Northrop Grumman Cync Program is a unique partnership between Northrop Grumman and the bwtech@UMBC Cyber Incubator, with an eye towards commercializing technology to protect the nation from a growing range of cyber threats. The Northrop Grumman Cync Program builds on bwtech@UMBC’s successful business-incubation framework by offering a scholarship program for companies with the most promising cybersecurity solutions. Selected participants are able to draw on UMBC’s extensive research resources, bwtech’s programming and entrepreneurial services, and Northrop Grumman’s technical and business advisory support to further the development and market readiness of CYNC company technologies. Hear from four innovative product companies currently in CYNC and members of the CYNC Executive Committee.

Moderator
Ellen Hemmerly, Executive Director and President, UMBC Research Park Corporation and Special Assistant to the Vice President for Institutional Advancement at UMBC

Speakers
Mike Gormley, Vice President for Government Services, Ayasdi
Christopher Valentino, Director, Contract Research and Development Cyber Solutions Division, Northrop Grumman Information Systems
Tim Gooch, CEO and Executive Director, iWebGate
Gregg Smith, CEO, OptioLabs
Zuly Gonzalez, Co-founder and CEO, Light Point Security
Dr. Jennifer Reynolds, Director of Venture Creation, bwtech@UMBC

Zuly Gonzalez at the CyberMaryland 2015 Conference

The Cybersecurity 500 Recognizes Light Point Security As One of the Top Innovators in the World
Posted on by Zuly GonzalezCategories Light Point Security Update, SecurityLeave a comment on The Cybersecurity 500 Recognizes Light Point Security As One of the Top Innovators in the World

Light Point Security Top 500 Cybersecurity Company In The WorldI am excited to share that Light Point Security has been named one of the top 500 cybersecurity companies in the world. How exciting and cool is that! Cybersecurity Ventures released their Q3 2015 edition of the Cybersecurity 500, which is a global compilation of the world’s hottest and most innovative cybersecurity companies, and we are thrilled to be included among the best of the best.

The Cybersecurity 500 companies were selected based solely on merit – companies could not apply to get on the list, nor could they pay to get on it. The criteria used to select the 500 companies includes:

  • Cybersecurity Sector (market category)
  • Problem(s) Solved
  • Customer Base
  • Feedback from CISOs and Decision Makers
  • Feedback from IT Security Evaluators & Recommenders
  • Company Growth
  • Media Coverage
  • Notable Implementations
  • Founder and Management Pedigree

The full press release can be found here.

Light Point Security Ranked 471 On The Cybersecurity 500

Why Light Point Security is all about ‘isolation’
Posted on by Zuly GonzalezCategories Light Point Security Update, Security, Web SecurityLeave a comment on Why Light Point Security is all about ‘isolation’

Why Light Point Security is all about ‘isolation’Stephen Babcock, the Lead Reporter for Technical.ly Baltimore, recently interviewed me for a feature story on “Why Light Point Security is all about ‘isolation’” where we discussed Light Point Security’s technology, why isolation is better than detection and our latest partnerships. In case any of you missed it, below is an excerpt from the story.

 

 

Light Point Security is looking to pick up some new customers.

The cybersecurity firm, which is based out of bwtech@UMBC, recently inked a pair of new deals that are designed to grow the customer base, said CEO Zuly Gonzalez.

The five-person company makes a product called Light Point Web, which protects users’ computers from malware by providing a separate server for browsing. That separate server ensures that malware never reaches the users’ computer.

Gonzalez said it’s a different approach from other cybersecurity products, which rely on algorithms to detect potential threats.

“There’s so much new bad stuff being created everyday that these algorithms can’t keep up,” Gonzalez said. “We take a different approach. Our security is based on isolation.”

You can read the full story on Technical.ly Baltimore’s website here.

Light Point Security Partnership With Raven Data Technologies Provides MSPs With Additional Hosting Option
Posted on by Zuly GonzalezCategories Light Point Security Update, Light Point WebLeave a comment on Light Point Security Partnership With Raven Data Technologies Provides MSPs With Additional Hosting Option

Raven Data Technologies and Light Point Security Partner to deliver hosting for MSPsWe are excited to announce our partnership with Raven Data Technologies, an IT Solutions Company serving the MD, DC, VA, and PA region that specializes in providing security services to Managed Service Providers (MSPs). Raven Data Technologies combines decades of IT experience, risk management, and network security to deliver enterprise level IT solutions to businesses of any size, and we are thrilled that they have chosen to include Light Point Web Enterprise among their best-in-class managed security software offerings.

Light Point Web is a browser plugin that provides malware-free web browsing by transparently launching browsing sessions on a server-based virtual environment, thus preventing any website content (and possible malware) from ever reaching your computer.

Light Point Web offers flexible deployment options for every need: a cloud version for those that don’t want to deal with the hassle of maintaining their own servers, an on-premise version for enterprises that want more control, and now with our Raven Data Technologies partnership, a third-party hosted solution for Managed Service Providers that want to provide their clients with unmatched web security but don’t want to set up and maintain their own Light Point Web servers.

After vetting the Raven Data Technologies team we have selected them as our hosting partner for MSPs for their extensive security expertise and their vast knowledge of MSPs and their needs. Raven Data Technologies will now serve as our hosting partner for MSPs by hosting and maintaining the Light Point Web server infrastructure for them. Raven Data will also provide them with value added services, like technical support and client- and server-side upgrades.

To learn more about Raven Data Technologies and how they can help you secure your business, visit their website or follow them on Twitter.

Baltimore County Awards Light Point Security $105,000 Through Their Boost Fund
Posted on by Zuly GonzalezCategories Light Point Security UpdateLeave a comment on Baltimore County Awards Light Point Security $105,000 Through Their Boost Fund

Light Point Security Recipient of Boost Fund ProgramBaltimore County, Maryland announced the winners of their inaugural Boost Fund Program, and we are thrilled to announce that Light Point Security is among them!

The Baltimore County Boost Fund Program provides small, minority-owned, women-owned and/or veteran-owned businesses in Baltimore County with capital to boost their businesses and economic growth in the County.

Light Point Security is happy to have received $105,000 through the Boost program, and we look forward to putting it to good use.

The seven recipients of the Boost Fund were announced by Baltimore County Executive Kevin Kamenetz and UMBC President Dr. Freeman A. Hrabowski, III during a press conference at bwtech@UMBC.

We congratulate the other six winners and wish them much success in growing their companies!

Thank you Baltimore County for your continued support of Light Point Security!

Light Point Security Awarded $105,000 From the Boost Fund

 

Categories
Archives