 |
The DOE's Smart Grid snapshot
While the benefits of moving the current antiquated electric grid into the future are many, there are a number of challenges still dogging the effort.Chief among them is cybersecurity but getting the country’s utility community onboard without costing them an arm and a leg is another.Such issues were apparent in the Department of Energy’s recent report to Congress on the status of the smart grid effort.To read this article in full or to leave a comment, please click here Read More
WHITE PAPER: Skyhigh Networks
Cloud Adoption & Risk Report Reveals Top 20 Cloud Services
Based on anonymized data from over 10 million users across over 200 companies, the Skyhigh Cloud Adoption and Risk Report has become the de-facto data source on cloud adoption and risk View Now>>
WHITE PAPER: OpenMarket
How CIOs Can Guide the Enterprise to Mobile Success
In this paper we look at the new, front-line role of IT and security, specifically within enterprises using mobile messaging technologies, and suggest ways to mitigate risk and avoid costly mistakes and pitfalls. View Now>>
Bypassing hardware firewalls in 20 seconds
Zoltan Balazs, aka @zh4ck and CTO at MRG Effitas, presented “Bypass firewalls, application whitelists, secure remote desktops under 20 seconds” at Def Con 22. The slides are now available (pdf), as well a tool to help bypass hardware firewalls.Pen testers, or black hats, sometimes come up against a firewall that blocks backdoor Command and Control (C&C) communications. The problem, according to Balazs, is that bad guys can sometimes get around this, but white hats sometimes cannot.To read this article in full or to leave a comment, please click here Read More
Home Depot investigates possible payment data breach
Home Depot said Tuesday it was investigating a possible breach of its systems holding customer payment information tied to credit and debit cards.“We’re looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Home Depot spokeswoman Paula Drake said via email.The source of the possible breach, as well as the number of people who might be affected, was not immediately clear.Home Depot is “aggressively gathering facts” and will notify customers immediately if it determines there was a breach, she said.If there was, it would be the latest in a string of high-profile attacks this past year that have hit companies including Target, P.F. Chang’s China Bistro and Neiman Marcus.To read this article in full or to leave a comment, please click here Read More
WHITE PAPER: Citrix
Extending benefits of desktop virtualization to mobile users
Desktop virtualization is attractive to organizations of all types and sizes because of its many compelling benefits, such as significantly reducing operating costs while strengthening data security and enhancing IT responsiveness to rapidly changing business conditions. However, there is a gap in coverage that exists for mobile laptop users. Learn More
Apple blames leaked nude celebrity photos on 'targeted attack'
A targeted attack focused on user names, passwords and security questions of Apple accounts gave hackers access to nude photos of celebrities that were then leaked over the weekend on the Internet, the company said Tuesday.None of the cases of leaked photos resulted from a breach in any of its cloud systems including iCloud or Find my iPhone, the company said in a statement.“We are continuing to work with law enforcement to help identify the criminals involved,” Apple said.The company advised users of its cloud software to use a strong password and enable two-step verification, a process that requires users to type in a numerical code sent to their mobile device after they’ve entered their user name and password.To read this article in full or to leave a comment, please click here Read More
Hackers make drive-by download attacks stealthier with fileless infections
Cybercriminals are increasingly infecting computers with malware that resides only in memory in order to make their attacks harder to detect.Recent attacks launched with the Angler exploit kit—a Web-based attack tool—injected malicious code directly into other processes and did not create malicious files on affected computers, an independent malware researcher known online as Kafeine said Sunday in a blog post.Fileless malware threats are not new, but their use is rare, especially in large scale attacks, because they don’t persist across system reboots when random access memory (RAM) is cleared.To read this article in full or to leave a comment, please click here Read More
WEBCAST: IBM Corporation
See what Security, Reliability and Efficiency looks like
The new System x servers with Intel ® Xeon ® processors offer innovative technology, offer innovative technology with exclusive new advanced security features to provide enterprise class data protection. Learn More
Witness the future: The 1955 Video Phone
The National Archives blog recently featured a pretty cool clip showing one of the first “futuristic” video phones – from 1955, manual rotary dial and all. According to the blog: “Demonstrated for the first time, the videophone, with two-way picture screens enabling the parties to see, as well as speak to, each other. As simple to operate as today’s dial tone. The videophone included a small screen so that women could ‘primp’ before placing their calls. A mirror would have been less costly and more effective.” +More on Network World: The IRS uses computers?! The horror!+To read this article in full or to leave a comment, please click here Read More
11 Steps Attackers Took to Crack Target
Despite the massive scale of the theft of Personal Identifiable Information (PII) and credit card and debit card data resulting from last year's data breach of retail titan Target, the company's PCI compliance program may have significantly reduced the scope of the damage, according to new research by security firm Aorato, which specializes in Active Directory monitoring and protection.Leveraging all the publicly available reports on the breach, Aorato Lead Researcher Tal Be'ery and his team catalogued all the tools the attackers used to compromise Target in an effort to create a step-by-step breakdown of how the attackers infiltrated the retailer, propagated within its network and ultimately seized credit card data from a Point of Sale (PoS) system not directly connected to the Internet.To read this article in full or to leave a comment, please click here Read More
Network Security Challenges in the Enterprise
ESG recently published a new research report titled, Network Security Trends in the Era of Cloud and Mobile Computing (note: I am an ESG employee). In this project, ESG surveyed 397 IT security professionals working at enterprise organizations (i.e. more than 1,000 employees) and asked a multitude of questions about their current and future network security policies, practices, and technologies.Here is a list of the top 5 network security challenges at enterprise organizations: 39% of organizations say that, “IT initiatives are being adopted without the proper network security oversight or controls in place.” Sound familiar? I’ve had lots of CISOs tell me about this very problem, especially around mobile computing. Sounds like an opportunity for Bradford Networks, Cisco, and ForeScout. The Trusted Computing Group (TCG) may also have a play here. 31% of organizations say that, “network security policies and controls are not cohesive as they must be implemented across many different security and networking technologies.” In other words, network security is addressed with network devices when it should be applied to network flows. This leads to network complexity and many, many associated challenges. 28% of organizations say they are challenged by, “too many overlapping controls and processes tend to cause trouble.” When the networking and security teams are subnetting, VLANing, firewalling, and applying ACLs to network devices, there’s bound to be a lot of redundancy and wasted resources. I get the need for layered defenses, but there must be a better way to isolate network traffic. SDN? NFV? Cisco ACI? VMware NSX? Something is needed. 27% of organizations say that the, “security staff is too busy responding to alerts/events and not enough time with training, planning, or network security strategy.” This points to the global cybersecurity skills shortage that I’ve been screaming about for years (in other ESG research, 25% of organizations said that they have a “problematic shortage” of IT security skills). With too much work and too little staff, CISOs need network security technologies that can help them work smarter, not harder. 26% of organizations are challenged by, “security policies that are too complex and can’t be enforced with the current network security processes and controls.” Everyone talks about “contextual security” where network access is governed by user identity, device identity, location, time-of-day, etc. The problem is that this requires central management, common data, data exchange, and technology integration. Alas, these things haven’t happened yet in many enterprises. Summarizing this list presents a scary scenario. While business units are doing their own IT projects, the security team is hampered by mismatched policies, tactical technologies, and an overburdened staff. Not a very good recipe for success. To read this article in full or to leave a comment, please click here Read More
| |
No comments:
Post a Comment