The European Commission has moved to allocate the supervision of crypto companies and their activities under the sole jurisdiction of the European Securities and Markets Authority (ESMA).  This move will end the application of different regulatory styles in several member states operating under the EU’s Markets in Crypto-Assets regulation (MiCA).

ESMA’s Single Crypto Authority To Boost Competitiveness, Innovation – EC

In a Thursday announcement, the European Commission, the executive arm of the European Union (EU), rolled out a series of regulatory measures aimed at creating a singular financial service market. This initiative centers around creating a competitive, innovative, and efficient financial system that offers EU citizens better options for wealth growth and business financing. 

A statement from the announcement read: 

Deeper integration of financial markets is not an end, but a means to create a single market for financial services greater than the sum of its national parts. Simplified access to capital markets reduces costs and makes the markets more appealing for investors and companies across all Member States, irrespective of size.

In particular, the EC’s new regulatory package will move the oversight of Crypto-Asset Service Providers (CASPs), among other groups of businesses to under the sole authority of the ESMA. Interestingly, the EC’s recent move comes just three months after the French, Austrian, and Italian market authorities pushed for a stronger European framework for cryptocurrencies, citing major differences in each national implementation of the MiCA regulations. 

Presently, crypto regulation across the 27 EU member states operates under MiCA, resulting in a patchwork of national approaches which the EC claims is hindering competition and effective cross-border operations. The ESMA’s singular regime aims to eliminate these discrepancies in order to provide a better integrated EU financial market. 

The EC said:

Improvements to the supervisory framework are closely linked to the removal of regulatory barriers. The package aims to address inconsistencies and complexities from fragmented national supervisory approaches, making supervision more effective and conducive to cross-border activities, while being responsive to emerging risks. 

Alongside the new singular regime, the European Commission has also expressed plans to create a friendly environment for the adoption of distributed ledger technology, e.g, blockchains, to spur innovations in the financial sector. However, all these regulatory changes still remain subject to negotiation and approval by the  European Parliament and European Council.

Crypto Market Overview

At the time of writing, the total crypto market cap is valued at $3.04 trillion, following a slight 0.25% loss in the past day. Meanwhile, total trading volume is valued at $135.47 billion.

The Bitcoin market continues to experience high levels of investor uncertainty, as indicated by the unstable price action of the past week. In the last month alone, the leading cryptocurrency has lost about 14% of its value, strengthening fears of an impending bear market. Notably, renowned market expert Ali Martinez has shared some insight on this speculation, highlighting a key technical development that historically precedes an extended downtrend.

Bitcoin Winter Phase To Start Only When Price Loses 730-Day SMA – Analyst 

In an X post on Friday, Martinez presents an on-chain analysis that identifies a key price zone for determining Bitcoin’s price trajectory amid current market volatility. Using data from the Bitcoin Investor Tool metric from Glassnode, the analyst has discovered that extended downtrends in Bitcoin often start once the price falls below its 730-day Simple Moving Average (SMA), a level currently sitting at $82,150. For context, the chart below shows that the 730-day SMA (green), an important long-term indicator, has historically acted as a structural support level during major market cycles. When Bitcoin decisively loses this line, momentum tends to shift, leading to deeper corrections and lengthier bearish periods as seen between 2015-2016, 2019, and 2022-2023.

However, the chart also presents some bullish insights. Larger cyclical metrics, including the 730-day SMA × 5 band (pink) sitting at $410,771, remain well above the current price, indicating that macro overvaluation is not yet a concern, as the leading cryptocurrency remains far from an overheated zone. According to Ali Martinez, as long as Bitcoin holds above $82,150, the potential for any prolonged downtrend synonymous with a bear market remains minimal, ensuring the bull structure remains intact.

Bitcoin Weekly Net Outflows Hit $800M As Accumulation Rises

In other developments, on-chain analytics firm Sentora reports that the Bitcoin market recorded an $805 million increase in weekly exchange net outflows, indicating that a significant portion of market investors are unfazed by the recent price correction. Instead, they are opting to transfer more of their investment off crypto exchanges, suggesting an intention to hold in anticipation of future price appreciation. Meanwhile, total Bitcoin network fees reached $1.96 million, representing a 7.69% gain from the previous week and indicating an increase in transactions and network activity during this period. At the time of writing, Bitcoin trades at $89,693 following a 2.71% price decline in the last 24 hours.

As a technology, eSIM has been around for a decade now. However, global eSIM adoption was around 3% last year and will only cross 5% this year. Despite these figures, analysts, eSIM-providing startups, and investors are bullish about eSIM's upward trajectory, largely thanks to travel.

XRP may be holding above the $2 price mark for a brief period, but the leading altcoin is still facing heightened bearish pressures at that level due to a broader market pullback on Monday. Even with the ongoing downward trend in price, XRP is still experiencing robust engagement as evidenced by the massive surge in activity on the XRP Ledger.

An Explosive uptick In XRP Ledger’s Activity

Prices are constantly dwindling along with the entire crypto market, but the XRP Ledger is seeing sharp engagement within the bearish period. After months of quiet and reduced adoption, the Ledger has roared back to life, recording one of its strongest growth waves yet.

Arthur, a community member and official partner of the BingX cryptocurrency exchange, shared this surge in activity on the social media platform X. This isn’t a mild rise; it’s a growth wave with significant weight behind it, the kind that indicates an expanding utility rather than fleeting speculation.

Furthermore, the sharp growth in activity suggests that more investors are choosing to conduct their day-to-day XRP operations on the Ledger, reflecting a renewed conviction in the network. The Ledger’s current activity spike is centered around the rise in Account Set transactions to a point not seen in years.

After navigating through XRPL metrics, the expert revealed that more than 40,000 Account Set transactions were carried out on the Ledger, marking its highest level in years. Such a massive wave of transactions to a new peak suggests that the Ledger may be speeding into its next phase in a market where many chains find it difficult to sustain momentum.

At the same time, there was also a surge in Automated Market Maker (AMM) bids just after November 23 concluded, indicating that preparations are taking place on the network. With Ripple’s stablecoin RLUSD approvals, AMM rollout, and the onboarding of institutional investors at an accelerated rate, it simply implies that the Ledger is picking up pace. 

Open Interest Suffers A Steep Decline

While the price of XRP has pulled back, the decline appears to be heavily impacting investors’ sentiment toward the altcoin. Its derivatives market has significantly lost its weight in a single and steep decline as Open Interest (OI) experiences a sharp drop.

In a report from Glassnode, a leading on-chain data analytics platform, the token’s futures open interest fell from 1.7 billion XRP in early October to 0.7 billion XRP by the end of November. This figure represents a more than 59% flush out from October to November alone.

The funding rates have also followed suit, recording a drop from 0.001% to 0.001% in the 7-day Simple Moving Average (SMA). A combination of the drop in open interest and funding rates marks a structural pause in the altcoin’s speculators’ appetite to bet heavily on an upward direction. At the time of writing, the altcoin was trading at $2.02 after falling by over 1% in the last 24 hours.

The developers of the popular KDE Connect application for desktop computers and mobile phones issued a security advisory this weekend stating you should stop using certain versions of the app on untrusted networks. A security flaw allows devices running those versions to interact with devices pretending to be ones you authenticated in the past.

With over two decades of experience in the cyber security industry, I specialize in advising organizations on how to optimize their financial investments through the design of effective and cost-efficient cyber security strategies. Since the year 2000, I’ve had the privilege of collaborating with various channels and enterprises across the Latin American region, serving in multiple roles ranging from Support Engineer to Country Manager. This extensive background has afforded me a unique perspective on the evolving threat landscape and the shifting needs of businesses in the digital world.

The dynamism of technological advancements has transformed cyber security demands, necessitating more proactive approaches to anticipate and prevent threats before they can impact an organization. Understanding this ever-changing landscape is crucial for adapting to emerging security challenges.

In my current role as the Channel Engineering Manager for LATAM at Check Point, I also serve as part of the Cybersecurity Evangelist team under the office of our CTO. I am focused on merging technical skills with strategic decision-making, encouraging organizations to concentrate on growing their business while we ensure security.

The Cyber Security Mesh framework can safeguard businesses from unwieldy and next-generation cyber threats. In this interview, Check Point Security Engineering Manager Angel Salazar Velasquez discusses exactly how that works. Get incredible insights that you didn’t even realize that you were missing. Read through this power-house interview and add another dimension to your organization’s security strategy!

Would you like to provide an overview of the Cyber Security Mesh framework and its significance?

The Cyber Security Mesh framework represents a revolutionary approach to addressing cyber security challenges in increasingly complex and decentralized network environments. Unlike traditional security models that focus on establishing a fixed ‘perimeter’ around an organization’s resources, the Mesh framework places security controls closer to the data, devices, and users requiring protection. This allows for greater flexibility and customization, more effectively adapting to specific security and risk management needs.

For CISOs, adopting the Cyber Security Mesh framework means a substantial improvement in risk management capabilities. It enables more precise allocation of security resources and offers a level of resilience that is difficult to achieve with more traditional approaches. In summary, the Mesh framework provides an agile and scalable structure for addressing emerging threats and adapting to rapid changes in the business and technology environment.

How does the Cyber Security Mesh framework differ from traditional cyber security approaches?

Traditionally, organizations have adopted multiple security solutions from various providers in the hope of building comprehensive defense. The result, however, is a highly fragmented security environment that can lead to a lack of visibility and complex risk management. For CISOs, this situation presents a massive challenge because emerging threats often exploit the gaps between these disparate solutions.

The Cyber Security Mesh framework directly addresses this issue. It is an architecture that allows for better interoperability and visibility by orchestrating different security solutions into a single framework. This not only improves the effectiveness in mitigating threats but also enables more coherent, data-driven risk management. For CISOs, this represents a radical shift, allowing for a more proactive and adaptive approach to cyber security strategy.

Could you talk about the key principles that underly Cyber Security Mesh frameworks and architecture?

Understanding the underlying principles of Cyber Security Mesh is crucial for evaluating its impact on risk management. First, we have the principle of ‘Controlled Decentralization,’ which allows organizations to maintain control over their security policies while distributing implementation and enforcement across multiple security nodes. This facilitates agility without compromising security integrity.

Secondly, there’s the concept of ‘Unified Visibility.’ In an environment where each security solution provides its own set of data and alerts, unifying this information into a single coherent ‘truth’ is invaluable. The Mesh framework allows for this consolidation, ensuring that risk-related decision-making is based on complete and contextual information. These principles, among others, combine to provide a security posture that is much more resilient and adaptable to the changing needs of the threat landscape.

How does the Cyber Security Mesh framework align with or complement Zero Trust?

The convergence of Cyber Security Mesh and the Zero Trust model is a synergy worth exploring. Zero Trust is based on the principle of ‘never trust, always verify,’ meaning that no user or device is granted default access to the network, regardless of its location. Cyber Security Mesh complements this by decentralizing security controls. Instead of having a monolithic security perimeter, controls are applied closer to the resource or user, allowing for more granular and adaptive policies.

This combination enables a much more dynamic approach to mitigating risks. Imagine a scenario where a device is deemed compromised. In an environment that employs both Mesh and Zero Trust, this device would lose its access not only at a global network level but also to specific resources, thereby minimizing the impact of a potential security incident. These additional layers of control and visibility strengthen the organization’s overall security posture, enabling more informed and proactive risk management.

How does the Cyber Security Mesh framework address the need for seamless integration across diverse technologies and platforms?

The Cyber Security Mesh framework is especially relevant today, as it addresses a critical need for seamless integration across various technologies and platforms. In doing so, it achieves Comprehensive security coverage, covering all potential attack vectors, from endpoints to the cloud. This approach also aims for Consolidation, as it integrates multiple security solutions into a single operational framework, simplifying management and improving operational efficiency.

Furthermore, the mesh architecture promotes Collaboration among different security solutions and products. This enables a quick and effective response to any threat, facilitated by real-time threat intelligence that can be rapidly shared among multiple systems. At the end of the day, it’s about optimizing security investment while facing key business challenges, such as breach prevention and secure digital transformation.

Can you discuss the role of AI and Machine Learning within the Cyber Security Mesh framework/architecture?

Artificial Intelligence (AI) and Machine Learning play a crucial role in the Cyber Security Mesh ecosystem. These technologies enable more effective and adaptive monitoring, while providing rapid responses to emerging threats. By leveraging AI, more effective prevention can be achieved, elevating the framework’s capabilities to detect and counter vulnerabilities in real-time.

From an operational standpoint, AI and machine learning add a level of automation that not only improves efficiency but also minimizes the need for manual intervention in routine security tasks. In an environment where risks are constantly evolving, this agility and ability to quickly adapt to new threats are invaluable. These technologies enable coordinated and swift action, enhancing the effectiveness of the Cyber Security Mesh.

What are some of the challenges or difficulties that organizations may see when trying to implement Mesh?

The implementation of a Cyber Security Mesh framework is not without challenges. One of the most notable obstacles is the inherent complexity of this mesh architecture, which can hinder effective security management. Another significant challenge is the technological and knowledge gap that often arises in fragmented security environments. Added to these is the operational cost of integrating and maintaining multiple security solutions in an increasingly diverse and dynamic ecosystem.

However, many of these challenges can be mitigated if robust technology offering centralized management is in place. This approach reduces complexity and closes the gaps, allowing for more efficient and automated operation. Additionally, a centralized system can offer continuous learning as it integrates intelligence from various points into a single platform. In summary, centralized security management and intelligence can be the answer to many of the challenges that CISOs face when implementing the Cyber Security Mesh.

How does the Cyber Security Mesh Framework/Architecture impact the role of traditional security measures, like firewalls and IPS?

Cyber Security Mesh has a significant impact on traditional security measures like firewalls and IPS. In the traditional paradigm, these technologies act as gatekeepers at the entry and exit points of the network. However, with the mesh approach, security is distributed and more closely aligned with the fluid nature of today’s digital environment, where perimeters have ceased to be fixed.

Far from making them obsolete, the Cyber Security Mesh framework allows firewalls and IPS to transform and become more effective. They become components of a broader and more dynamic security strategy, where their intelligence and capabilities are enhanced within the context of a more flexible architecture. This translates into improved visibility, responsiveness, and adaptability to new types of threats. In other words, traditional security measures are not eliminated, but integrated and optimized in a more versatile and robust security ecosystem.

Can you describe real-world examples that show the use/success of the Cyber Security Mesh Architecture?

Absolutely! In a company that had adopted a Cyber Security Mesh architecture, a sophisticated multi-vector attack was detected targeting its employees through various channels: corporate email, Teams, and WhatsApp. The attack included a malicious file that exploited a zero-day vulnerability. The first line of defense, ‘Harmony Email and Collaboration,’ intercepted the file in the corporate email and identified it as dangerous by leveraging its Sandboxing technology and updated the information in its real-time threat intelligence cloud.

When the same malicious file tried to be delivered through Microsoft Teams, the company was already one step ahead. The security architecture implemented also extends to collaboration platforms, so the file was immediately blocked before it could cause harm. Almost simultaneously, another employee received an attack attempt through WhatsApp, which was neutralized by the mobile device security solution, aligned with the same threat intelligence cloud.

This comprehensive and coordinated security strategy demonstrates the strength and effectiveness of the Cyber Security Mesh approach, which allows companies to always be one step ahead, even when facing complex and sophisticated multi-vector attacks. The architecture allows different security solutions to collaborate in real-time, offering effective defense against emerging and constantly evolving threats.

The result is solid security that blocks multiple potential entry points before they can be exploited, thus minimizing risk and allowing the company to continue its operations without interruption. This case exemplifies the potential of a well-implemented and consolidated security strategy, capable of addressing the most modern and complex threats.

Is there anything else that you would like to share with the CyberTalk.org audience?

To conclude, the Cyber Security Mesh approach aligns well with the three key business challenges that every CISO faces:

Breach and Data Leak Prevention: The Cyber Security Mesh framework is particularly strong in offering an additional layer of protection, enabling effective prevention against emerging threats and data breaches. This aligns perfectly with our first ‘C’ of being Comprehensive, ensuring security across all attack vectors.

Secure Digital and Cloud Transformation: The flexibility and scalability of the Mesh framework make it ideal for organizations in the process of digital transformation and cloud migration. Here comes our second ‘C’, which is Consolidation. We offer a consolidated architecture that unifies multiple products and technologies, from the network to the cloud, thereby optimizing operational efficiency and making digital transformation more secure.

Security Investment Optimization: Finally, the operational efficiency achieved through a Mesh architecture helps to optimize the security investment. This brings us to our third ‘C’ of Collaboration. The intelligence shared among control points, powered by our ThreatCloud intelligence cloud, enables quick and effective preventive action, maximizing the return on security investment.

In summary, Cyber Security Mesh is not just a technological solution, but a strategic framework that strengthens any CISO’s stance against current business challenges. It ideally complements our vision and the three C’s of Check Point, offering an unbeatable value proposition for truly effective security.

The post Synergy between cyber security Mesh & the CISO role: Adaptability, visibility & control appeared first on CyberTalk.

By Dan Mulvey, Regional Vice President, Federal

Enabling Continuous Penetration Testing at Scale for Federal Agencies 

Synack has paved the way as a trusted leader in Cybersecurity testing and vulnerability disclosure management. Now, Synack is raising the bar even higher by achieving the FedRAMP Moderate “In Process” milestone, helping to make federal data secure. Synack’s sponsoring agency for FedRAMP is the U.S. Department of Health & Human Services (HHS). Synack’s Discover, Certify, Synack365 and Synack Campaigns offerings are now available on the FedRAMP Marketplace. 

 

FedRAMP and Synack 

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government-wide program that provides a standardized approach to security assessment, authorization and monitoring for cloud services. As part of its FedRAMP designation, Synack will be implementing 325 controls across 17 NIST 800-53 control families. Not only will this greatly enhance current protections for federal customer data, but it will also provide assurance to all our customers that Synack is reducing risk and providing government-grade data privacy protections. 

 

The Growing Importance of Security Testing

Organizations spend on average $1.3M per year on erroneous or inaccurate alerts, and sadly, while the average company gets 1 million alerts per year, only 4% are ever investigated. During a time when attacks are at an all-time high, it’s more important than ever to have security protections in place with results you can trust. Synack’s new FedRAMP Moderate “In Process” designation underlines the company’s commitment to providing a high level of security across the board and quality results, speeding vulnerability management efforts and reducing risks to government assets. 

Federal agencies have already been engaged with crowdsourced security testing solutions since such solutions were endorsed by the 2020 National Defense Authorization Act (NDAA), the National Cyber Strategy, and the Cybersecurity and Infrastructure Agency Binding Operational Directive (BOD) 20-01. Notably, as part of BOD 20-01, agencies are now required to develop vulnerability disclosure programs (VDPs). 

 

The 5 Benefits of Synack FedRAMP for Federal Agencies

Through partnering with Synack and leveraging Synack’s FedRAMP Moderate “In Process” designation, agencies can be reassured that their data is in safe hands. Synack will now provide the following benefits to federal agencies:

• Easy and quick procurement: Saves agencies time, 30 percent or more of costs, and effort by allowing them to leverage the existing assessments and authorization under FedRAMP.

• Risk mitigation: A security assessment at the Moderate level contains 3x the security controls in an ISO 27001 certification. These protections provide assurance that Synack is handling your data and the pentesting process with extra care. 
• FISMA compliance: Agencies are required to maintain FISMA compliance and FedRAMP provides a more affordable path to FISMA compliance. Many of the NIST 800-53 controls in FedRAMP overlap with those in FISMA, which means you don’t have to spend extra resources implementing these controls with vendors during an annual audit.
• Data security: Unlike FedRAMP LI-SaaS, FedRAMP Moderate is designed for agencies handling both external and internal applications. Additionally, if an agency works with sensitive data, they should be working with providers at the Moderate level. 
• Continuous monitoring: In order to comply with FedRAMP, agencies and software providers must continuously monitor certain controls and go through an annual assessment, which ensures they are always working with a fully-compliant testing provider.

 

Why the FedRAMP Designation Matters

Synack is the only crowdsourced security company that has achieved the “In Process” status at the Moderate level. FedRAMP levels vary across the number of controls required, the sensitivity of the information, and the network access for government applications. Cloud service providers (CSPs) are granted authorizations at four impact levels: LI-SaaS (Low Impact Software-as-a-Service), Low, Moderate and High. 

The stark difference in the control required is particularly apparent when you compare each of the 17 NIST 800-53 control families side by side. There are drastically more requirements for certain control families like access control, identification and authentication, and system and information integrity. These additional controls that Synack is adhering to ensure that your government assets—whether external or internal—stay secure. 

If you’d like to learn more about Synack’s FedRAMP environment or solutions for your Federal SOC, click here to book a meeting with a Synack representative.

The post Synack Achieves FedRAMP Moderate In Process Milestone appeared first on Synack.