With simple viruses and Trojans were all the rage, life was simpler for the average CSO. Now, threats of all types abound and the methods cyber attackers enlist to infiltrate networks have only become more varied, often a bit more sophisticated and most assuredly more frequent. One of the most problematic has proven to be APTs.
Today's networks are far-reaching and consist of many disparate configurations - from basic local area networks to cloud environments to mobile. Obviously, the need to know what's going on is imperative. SIEM tools - which gather, analyze and present information to offer a holistic view of an organization's information technology - have been around for about a decade. There have been a lot of changes in what constitutes a SIEM product, but the challenge for many has been what can be done with the logs and reports so as to be made aware of anomalies that may indicate threats.
Today's enterprise networks are far-reaching with innumerable devices accessing assets. The challenge for security practitioners is gaining a clear idea of who's using what, knowing how many devices are touching their network, and then making sure operations run smoothly - while proprietary information stays where it belongs.
Back when mainframes ruled the corporate computing environment it was far easier to manage critical data. After all, most folks used "dumb" terminals. However, distributed computing quickly made its way into the enterprise, so now, computers with more storage power than ever have become commonplace. Data, as a result, has become widely distributed. And, with the rapid adoption of cloud computing, that data is even more widely distributed - and a challenge to control. The explosion in mobile device use, too, has introduced more stored data. Given the swiftness of these changes and the seeming ubiquitous reliance on cloud storage and myriad mobile devices, just how can all this data be controlled and secured? We learn more.
No one can argue that the bring-your-own-device (BYOD) movement is changing the way workers undertake business activities. Most employees nowadays are tethered to a mobile device of some sort that leaves them checking email or communicating with someone for work at any given hour of any given day. This always-on mentality, then, certainly should be informing how executives ensure that their companies' risk management and security plans are updated and managed. However, most organizations are still trying to get their hands around just how employees are using mobile devices and for what tasks, according to a recent SC Magazine survey that saw participation from 220 readers.
By leveraging the terabytes of information and data feeds that too frequently overwhelm organizations' security departments, cyber criminals already have gained entry into many an organization's network, exfiltrating critical data that likely could bring victimized entities to their knees. Many executive leaders still have yet to implement the best practices, strategies, policies and tools that could help their enterprises. Indeed, some still try to make sense of anomalous behavior happening on their networks with too few resources, little internal expertise and no increases in funding. On top of this, the amount of critical data itself is accumulating exponentially. But, no doubt, Big Data is here to stay and the many issues surrounding its security and how to harness it to address risk management needs are only growing. We explore the relevant problems around safeguarding some data and enlisting segments of other data to thwart today's bad guys, providing practical steps on how to embrace Big Data of all types and how well-thought-out strategies can enrich existing security programs.
Cloud services have become ubiquitous. Many organizations, though, having embraced their various benefits, sometimes have overlooked some of their problems - including those that can arise because of security weaknesses, as a recent SC Magazine survey, which was sponsored by McAfee, has further affirmed. There are a slew of worries respondents noted as top of mind - from data loss, access control, incident monitoring and endpoint security to shared technology risks with customers, service provider access to data and cloud account hijacking. Add to these operational concerns, issues around keeping compliant with regulatory mandates or signing and monitoring service-level agreements and stress levels for information security professional like you can skyrocket. Through this latest 20/20 we hope to assuage some of your concerns by arming you with sound and practical steps you can take to address security-related problems in the cloud and ultimately keep your organization and its sensitive information safe from harm.
Some industry stats show that about 2.5 quintillion bytes of data are created every day. Even more astounding is that about 90 percent of this data was just created in just the last two years, according to IBM experts. The phenomenon of Big Data is here and not only does it mean that organizations have much to sift through to determine just what information is critical and calls for protections, but also that they can leverage some of this data to help them in their fight against the attackers who are trying to seize it. We talk to RSA experts to find out just how Big Data is transforming security and privacy requirements and what this means for organizations' security and risk management plans going forward.
Join us for a 20/20 webcast during which we talk to Chris Merritt about the challenges associated with these pervasive storage devices, and what steps your company can take to prevent the misuse - whether inadvertent or malicious - of data transfer.
Once an anomaly with which government agencies and some private companies that work with them had to deal, advanced persistent threats (APTs) are becoming a considerable problem for a spate of larger organizations and public entities alike. Now, it is no longer a matter of if sophisticated cyber criminals have infiltrated your systems, say many experts, but when they hit and for how long they've lingered.
There's a saying in the security business these days: Either you've been compromised or you don't know you've been compromised. As advanced adversaries continually penetrate organizations of all sizes to serve persistent threats that siphon data over a period of days, weeks, months and even years, victims must learn how to spot the attack and decide their next action. Should they force the miscreants out the door, monitor their activities a bit or take another option? For certain, building up security mechanisms that make it harder for these attackers to lob APTs at their organization is a must, but just what should this entail. We learn more.
Our sixth-annual data breach survey, which polled IT security pros in the U.S. as well as those working in the U.K. and Australia, yielded interesting insights on how organizations are dealing with today's data security threats. And, while the majority of pros are optimistic about the steps they're taking to safeguard critical data from getting lost or stolen, many still cite plenty of challenges with which they must contend.
Cyber criminals are evolving their tactics to take advantage of organizations' most obvious weakness: employees. As such, organizations must be concerned more than ever before about how users interact with the technologies on which they rely everyday. Mobile devices, email, third-party apps, web browsers and more, all have major risks associated with them. And one wrong interaction with any one of these can lead to major attacks on critical and intellectual property, as well as overall brands and bottom lines
Enterprise data is increasingly becoming available on mobile devices. All the while, the storage and sharing of it must conform to sometimes strict requirements put forth in any number of government and industry compliance mandates. Getting in line with even the strictest of regulations may still allow important information to be breached, as many organizational leaders surely can attest.
With the economy flailing still, the threat of seemingly trusted insiders exposing or stealing critical data is more intense than ever. In addition, to a disgruntled worker recently having been laid off maliciously exposing sensitive information, there is also the lure of quick money to be made by acting on behalf of cyber thieves to steal certain bits of customer data.
As networks grow more complex, the process of securing and managing endpoints, applications and confidential information has become a stiffer challenge than ever before. The attackers know most organizations are like Swiss cheese when it comes to finding a way in and then exporting out sensitive data. The traditional defenses aren't working to the degree that companies demand, so as security becomes more and more tied to business operations, corporations are finding that the best defense is a solid risk management plan that speaks to both asset protection and compliance. But we all need help getting there. In this webcast, we'll ask the questions to which you want answers..
Professionals all over the globe rely on email daily to communicate with their colleagues, partners and customers. Indeed, according to research firm Radiacati Group, most email traffic is from the corporate space, with the number of business emails sent and received per day in 2012 globally hitting 89 billion. By the end of 2016, this should rise to 143 billion. No wonder, then, that alongside mobile security solutions and tools that provide a more holistic view of their networks, 43 percent of the 488 respondents to SC Magazine's annual Guarding Against a Data Breach are considering deployments of email management and content filtering tools in 2012.
Tablets, mobile phones, laptops are in most every executive's arsenal of business tools. Protecting these and the information transfers they enable therefore is critical. Challenges, though, abound - especially since many office workers are blurring the lines between their work and personal lives by embracing the BYOD movement.
The number of data breaches skyrocketed in the last year. Cyber thieves bent on obtaining personally identifiable information stole reams of it in hopes of getting rich quick by using the details themselves or selling it off to others. Hacktivists having goals to make examples of this or that government agency or corporate entity broke into various networks siphoning off data to expose on Pastebin.
There have been a slew of breaches lately. From Citi to Lockheed, no company is safe. But, what exactly does this uptick in criminal activity mean for organizations hoping to shore up their defenses, and just how should they be prepared when they get hit next? What sorts of areas should they account for in not only their security/risk management plans, but also their incident response programs?
Smartphones, tablets and personal devices are on your corporate network. Your users want personal connectivity and executives wants added productivity, but security must be maintained. What is the prudent path to satisfy all constituents? Lead by Illena Armstrong and Gil Freidrich VP of Technology at ForeScout, this timely webcast will examine: key mobile security risks, pertinent policies and alternative countermeasures, 5 proven scenarios for effective guest management, and phased steps for effective visibility and seamless enforcement.
The Payment Card Industry's Data Security Standard (DSS) is known as one of the most prescriptive industry regulations in the marketplace. Yet, even with all the details provided on ways to keep critical corporate assets secure, while, at the same time, get compliant with DSS, it still proves confounding to many executive leaders. Questions around the proper technologies to implement, the best strategies to focus on or the right security measures for newer IT technologies now being adopted by many organizations still abound.
Weaknesses in the software and applications used by corporations are the prime source for hackers to breach infrastructures, steal choice critical data and turn a profit in the sale or use of it. The exploitation of vulnerabilities that crop up because of corrupted websites or malicious content isn't new, but there are various ways to confront the problems.
Increasingly, attackers are having success by targeting weaknesses within client-oriented applications, exploiting these weaknesses through corrupted web sites and malicious content.IBM's Jack Danahy reviews some of the newer threats over the last several months and discusses ways to mitigate against them.
The media is chock full of news detailing incidents of cyberespionage, such as what China is accused of doing with IPs based in the United States and how criminals are infiltrating systems and stealing not just money, but patented trade secrets. And then, of course, there are attacks on the government. But, what the news reports don't reveal are the facts behind this growing criminal and state-sponsored trend.
Security budgets are holding their own in a tough economy, but IT security personnel charged with protecting networks and company information face increasing responsibilities - from fears of having the company's brand tarnished by a data breach, compliance demands, threats from insiders anxious about losing their jobs, and a slew of other drivers.
In this webcast, we learn what defines successful CSOs in 2010 as they battle tightened budgets, a sophisticated threat landscape and continued compliance hurdles.
In this special webcast, we find out just how cybercriminals are taking advantage of unprotected virtual environments and what practical steps companies can take to protect against these.
SC Magazine is pleased to introduce a unique webcast series celebrating its 20th Anniversary this year. The free 20-minute webcasts will feature a member of the SC Magazine editorial team in conversation with various industry thought leaders discussing the past, present and future of IT security.