Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

Botnets: The backdoor to the enterprise network

Tomer Teller, security researcher and evangelist at Check Point Software Technologies May 21, 2012

Compromising anywhere from a few thousand to well over a million systems, botnets are used by cyber criminals to take over computers and execute illegal and damaging activities.
 

BYOD savings may be lost by security and admin costs

Rainer Enders, CTO of the Americas, NCP Engineering May 15, 2012

Before flocking to a mobile policy in which employees are permitted to connect their smartphones and tablets to the corporate network, consider that the return on investment may not be all it is cracked up to be -- security being a big reason why.
 

Why aren't customers dropping Oracle?

Josh Shaul, CTO, Application Security Inc. May 04, 2012

In light of a controversial zero-day flaw that was never patched, customers should pressure database giant Oracle into being more dependable, transparent and timely when it comes to fixing security problems.
 

Skills in demand: Database and mobile device programming

Jerry Irvine, CIO, Prescient Solutions May 01, 2012

software developers with skills in collaboration software, databases and mobile device programming are needed.
 

New election, same risks

May 01, 2012

While guidelines on the federal and state level aid in the overall security of e-voting machines, there is still potential for insider attacks in the manufacturing process.
 

Debate: Identifying culprits behind Koobface disrupts the gang's activity

Daniel Wood, Phase One Consulting Group | Roel Schouwenberg, Kaspersky Lab May 01, 2012

Debate: Identifying the culprits behind Koobface will diminish the gang's activity.
 

Can't we just ignore PCI DSS?

Mark Kedgley, chief technical officer, New Net Technologies May 01, 2012

Adopting PCI DSS is a sensible thing to do from a security perspective, says New Net Technologies' Mark Kedgley.
 

Avoiding the need to disclose

Bradley Anstis, VP of technical strategy, M86 Security May 01, 2012

Many companies simply are unable to keep up with the evolving exploits, says M86 Security's Bradley Anstis.
 

Mitigating the next WikiLeaks: Insider threats

Dan Geer, chief scientist emeritus at Verdasys May 01, 2012

The operating environment itself must be altered, says Verdasys' Dan Geer.
 

Bridging corporate and personal

Michael Scovetta, director of advanced technology at a large media/entertainment company May 01, 2012

There is increasing pressure to make corporate resources available to users on any device.
 

When signature-less security requires signatures

Gunter Ollmann, vice president of research, Damballa April 25, 2012

The recent outbreak of the Flashback trojan on Mac computers is a case study in how unprepared security professionals are for dealing with malware that's not specific to Windows.
 

Network visibility: Your PR department's best friend

Tim Nichols, VP of global marketing at Endace April 17, 2012

For a large-listed corporation, a security breach is arguably one of your worst, although inevitable public relations nightmares.
 

The new e-discovery playing field

Andy Teichholz, senior e-discovery consultant for Daegis April 16, 2012

Risks exist in the e-discovery process, as sensitive information frequently moves and is stored outside a company's firewall.
 

Are security basics getting lost under the cover of cloud and mobile?

Sean Martin, founder, Imsmartin Consulting April 12, 2012

Be wary of vendor messaging in light of today's threats, as it may be misguided. Organizations can cope with the latest concerns by applying tried-and-true security best practices.
 

Is the latest Global Payments breach just one several others out there?

Avivah Litan, VP, distinguished analyst at Gartner April 09, 2012

 

Attention executives: Make sense of security (finally)

Michael Fey, SVP of advanced technology and field engineering at McAfee April 03, 2012

Boardrooms are finally buzzing with serious discussion around cyber security as countless high-profile breaches have produced massive loss.
 

Will Bill C-11 make backups illegal in Canada?

Steven Rodin, CEO of Storagepipe Solutions April 02, 2012

Canada's Bill C-11 leaves us with a few concerns and unanswered questions when it comes to rules and restrictions on the process of data backup.
 

Manage your risk, not somebody else's

Ben Tomhave, principal consultant, LockPath April 02, 2012

The primary driver for security should be to cut risk rather than attempting to churn through an unending string of audit and compliance exercises.
 

Debate: Anti-virus is essential

David Harley, ESET | Jeremiah Grossman, WhiteHat Security April 02, 2012

Debate: Anti-virus is essential.
 

A Monitoring Solution: Smart network management

Ken Sanofsky, general manager, North America, Paessler April 02, 2012

Network monitoring solutions for the enterprise should be holistically integrated with the complete security suite...
 

Shutting access to passwords

David Pfeiffer, marketing director, mSeven Software April 02, 2012

Imagine a mobile device falling into the wrong hands - resulting in the draining of bank accounts co-opting of identities.
 

David can be Goliath

Michael Potters, CEO of Glenmont Group April 02, 2012

Be patient and give staffers a real chance to show their stuff, says Michael Potters, CEO of the Glenmont Group.
 

PCI: Getting older, wiser, and more effective

Mike Mitchell, VP, global network operations, American Express April 02, 2012

Over the past few years, adoption of and compliance with PCI standards has made it more challenging for criminals to steal large volumes of credit card data.
 

Making risk management more manageable

Anthony Di Bello, product marketing manager, Guidance Software March 23, 2012

Most businesses don't understand how to manage risk, yet, we live in a world full of risks, says Guidance Software's Anthony Di Bello.
 

The state of BYOD

Tyler Lessard, CMO, Fixmo • March 22, 2012

Enterprises are being exposed to multiple operating systems, models and operators - requiring IT teams to support the safe deployment of personal devices used for work purposes.
 

Never off duty when malware infects the weekend

Ross Kinder, senior security researcher, Dell SecureWorks March 08, 2012

A researcher recounts an all-too-familiar tale for many security professionals: a recent weekend afternoon spent trying to purge rogue anti-virus software from his brother's computer -- all before his daughter wakes up from a nap.
 

Opinion: The password is dead

Curtis Staker, president and CEO, Confident Technologies • March 01, 2012

The massive fallout from the breaches of Gawker, Sony and others involving weak password authentication schemes show that the current password system is dead.
 

Protecting information today for a secure future

Enrique Salem, president and CEO, Symantec Corporation February 27, 2012

The consumerization of IT and trends such as cloud, virtualization and mobility are changing the way we do business.
 

Do you need to worry about the advanced persistent threat?

Wolfgang Kandek, CTO, Qualys February 26, 2012

Yes, advanced persistent threats are stealthy and difficult to stop, but organizations should remember that the most common attack type facing them is mass malware.
 

Why big business is dealing with big security concerns

Jeremiah Grossman, chief technology officer, WhiteHat Security • February 23, 2012

Businesses are forced to implement specific security mandates even if they don't support their actual security goals.
 

What's the Big Deal about Big Data?

Sean Martin, founder, Imsmartin Consulting February 22, 2012

The ability by organizations to collect mountains of data offers a dream scenario for hackers, but if managed properly, large volumes of information also can present IT staff with unique and valuable insight into an organization's security posture.
 

Can you stamp out spambots? No, but you can help

Michelle Drolet, founder and CEO, Towerwall February 16, 2012

Trying to solve the spam epidemic? It might be time for organizations to look inward, as machines that are unknowingly seeded with malware are the reason for the botnet scourge.
 

Don't let Wi-Fi hotspots get the best of you

Swen Baumann, product manager, NCP Engineering February 06, 2012

Securing wireless connectivity for roaming employees is not as simple as instituting corporate policy. It also requires the education of both administrators and end-users -- and some technology help.
 

The five new laws of anti-malware

Zulfikar Ramzan, chief scientist, Sourcefire • January 23, 2012

Today, the best overall security solution includes technologies that can help you quickly respond to an inevitable attack.
 

Make the first 24 hours of data breach resolution count

Ozzie Fonseca, senior director, Experian Data Breach Resolution January 19, 2012

If your company doesn't have a response plan, the unending spate of recent breaches is surely motivation enough to create one.
 

The next remote access challenge: Seamless VPN roaming

Patrick Oliver Graf, general manager, NCP engineering • January 19, 2012

In today's mobile world, it's not uncommon to be faced with a multitude of connection types on any given day.
 

APTs in critical infrastructure organizations

Dave Amsler, President and CIO, Foreground Security January 18, 2012

Many managers of utilities companies don't understand or appreciate the value of IT security...at their, the facilities' and the community's peril.
 

Enterprise app stores can reduce mobile security threat

Liam Lahey, online community manager, Partnerpedia January 17, 2012

With BYOD, there's a confluence of people bringing in potential dangers from the outside that in turn presents a new class of security concerns that businesses haven't had to consider before.
 

Breaking down Duqu: The not-so-lost son of Stuxnet

Andrew Browne, malware labs team leader, Lavasoft January 13, 2012

It's been several months since the Duqu trojan arrived on the scene, allowing researchers to take a deep look at the threat and what it means going forward.
 

Encryption bans in the name of fighting terrorism hurt security

Rainer Enders, CTO of Americas, NCP Engineering December 28, 2011

Governments need to fight terrorism in ways other than prohibiting the encryption of networks, a technology that is essential to locking down business' private communication.
 

'Tis the season for consumerization of IT

Nathan McNeill, co-founder and chief strategy officer, Bomgar December 19, 2011

With the holidays right around the corner, expect many workers to soon be returning from their breaks with shiny new personal devices, like an iPad, in hand -- and wanting to connect them to the corporate network. IT departments must have a response plan in place.
 

On creating an IAM governance body

Ash Motiwala, CTO, Identropy December 13, 2011

Identity and access management programs are quite tricky to scale across an organization, but implementing a governance team can go a long way to effectively using the technology to meet compliance and manage user permissions.
 

Online privacy and security breeds customer confidence

Chris Babel, CEO, TRUSTe December 09, 2011

Studies show that online consumers are concerned about security and privacy. That means web retailers must ensure they are taking all the steps necessary to ensure a safe and transparent shopping experience.
 

Getting serious about health care security

Peter Spier, manager of professional services, Fortrex Technologies December 06, 2011

Health care providers and their patients both have parts to play in the high-stakes game of protecting sensitive medical information, especially as technology becomes easier to implement and enforcement of regulations intensifies.
 

We are our own worst enemy

Michael Tanji, CSO at Kyrus December 01, 2011

To avoid past mistakes, one should appeal to outside experts, says Kyrus CTO Michael Tanji.
 

Preparing for mobile security emergencies

Lysa Myers, director of research, West Coast Labs November 29, 2011

Mobile malware authors have skipped the rudimentary phase and are immediately creating threats that mimic complex malicious code common in the traditional PC environment. But defense technologies are countering with sophistication of their own.
 

Holiday folly for retailers with DNS glitches

Sean Leach, vice president of strategy, VeriSign Network Intelligence and Availability Group November 22, 2011

Proper DNS management by organizations is critical to protecting against threats and staying online during the busy holiday months.
 

Part Two: Duqu: father, son, or unholy ghost of Stuxnet?

Jeremy Sparks, Robert M. Lee, and Paul Brandau, cyberspace officers November 09, 2011

Three U.S. Air Force information security experts, independent of their role in the military, studied the Duqu trojan, and you might be surprised by what they found. This is the second article in a two-part series that examines the sophisticated threat that everyone is talking about.
 

The security industry that cried wolf

Lysa Myers, director of research, West Coast Labs November 04, 2011

The security industry, and the media that covers it, would be better served focusing on the tried-and-true motives for cybercrime, not conspiracy theories.
 

The virus problem is worse than you think

Dan Emory, leader, information assurance practice, TKC Global November 03, 2011

With record numbers of threats and the increasing inability to detect them through traditional means, the time is now for the anti-virus industry to reinvent itself.
 

Duqu: father, son, or unholy ghost of Stuxnet?

Jeremy Sparks, Robert M. Lee, and Paul Brandau, cyberspace officers November 02, 2011

Three U.S. Air Force information security experts, independent of their role in the military, studied the Duqu trojan, and you might be surprised by what they found. This is the first article in a two-part series that examines the sophisticated threat that everyone is talking about.
 

Your security will fail, but is this the right attitude?

Sean Martin, founder, imsmartin consulting October 27, 2011

IT professionals wishing to protect their systems from sophisticated attacks are receiving mixed messages of how to combat the problem. Their confusion is understandable, but the most important takeaway message is to not accept failure.
 

Keep your PCs closed to online criminals

Mike Cote, vice president, Dell SecureWorks October 14, 2011

Small and midsize businesses have been hit hard by corporate bank account takeovers. But there are easy-to-implement techniques to ensure the criminal passes them over in favor of a lower-hanging fruit.
 

Overcoming America's lost decade of IT security

Anup Ghosh, founder and chief scientist, Invincea October 10, 2011

An overreliance on compliance and limited information sharing between the federal government and the private sector have resulted in attackers holding a firm edge over security professionals. How do we take back a decade of losing?
 

What iCloud means to enterprise IT

Andres Rodriguez, CEO, Nasuni • October 06, 2011

When Steve Jobs announced iCloud at the Apple Worldwide Developer Conference, many in enterprise IT dismissed the broader relevance of consumer cloud services, but they do so at their peril.
 

Who's listening to your conference calls?

Alan Brill, senior managing director for Kroll’s Computer Forensics & Secure Information Services Practice October 05, 2011

While phone conference lines vary, they don't provide for a lot of security.
 

Can we stop hacktivism?

Matthew Pascucci, information security analyst, financial services firm October 04, 2011

The answer is "no," but that doesn't mean security professionals are hopeless in defending their networks against politically minded intruders. Not to mention, you have more in common with them than you might think.
 

Cloud management practices

Michael Ginsberg CEO, Echoworx October 03, 2011

Developers can now turn to third-party platforms to meet their credential management needs, says Michael Ginsberg, CEO, Echoworx.
 

Bring Android to work, safely

Gareth Maclachlan COO, AdaptiveMobile October 03, 2011

Securing Android - or any mobile device - will go beyond standard protection methods, says Gareth Maclachlan COO, AdaptiveMobile.
 

Cloud: A risk/reward proposition

October 03, 2011

Assessing what level of risk is acceptable to one's business is key to any move to the cloud, says Siobhan Byron, president of Forsythe Technology Canada.
 

Breaking down the updated FFIEC guidance

Sarah Fender, vice president, PhoneFactor September 15, 2011

As attackers have found a way to break traditional online banking security controls, recently issued guidelines offer some new advice for financial institutions.
 

Is your security infrastructure agile enough?

Marc Solomon, senior VP of marketing, Sourcefire September 12, 2011

The state of both the IT and threat landscape is impossible to change, so security professionals must respond with an infrastructure that is automated and adaptable.
 

Advanced persistent threats call for a reality check

Sean Martin, founder, imsmartin consulting September 07, 2011

Before seeking out help from vendors in dealing with the advanced persistent threat, security professionals must understand exactly what defines such an attack.
 

No pointing fingers: Defense in the cloud is everyone's responsibility

Merritt Maxim, CA Technologies September 01, 2011

Protecting data in the cloud is a shared sacrifice for end-users and providers, but understanding who needs to do what can sometimes be tricky.
 

Affiliate programs: legitimate business or fueling cybercrime?

Bradley Anstis, VP technical strategy, M86 Security August 30, 2011

Going after the financial middlemen, known as affiliate programs, may be the most effective way to eradicate spam. But one must not forget: Some of these services are legitimate.
 

Recruiting and developing the 21st century cyber warrior

Catherine Nicholas, manager, PwC's Public Sector practice August 23, 2011

Recruiting skilled cybersecurity personnel is a major U.S. military priority, but plucking the best and brightest to join the ranks will require a unique approach.
 

Voicemail hacking: Does the current technology make it too easy?

Alan Brill, Kroll Ontrack August 17, 2011

Mobile service providers can do a lot more to stop people from easily breaking into voicemail boxes, including providing users with alerts when their messages are accessed.
 

Who missed Facebook's bounty party?

Sean Martin, founder, imsmartin consulting August 12, 2011

Facebook should use its recently announced vulnerability bounty program to push for more security in third-party applications that run on the site.
 

Web browsers offer more protection than you may think

Sam Alapati, senior technical director, Miro Consulting August 02, 2011

Browser security has come a long way in recent years, and utilizing certain features can help stave off attacks. Our author calls out three browsers he thinks stands above the rest in protecting you against threats and safeguarding your privacy.
 

APTs: New term, old problem

Will Irace director of threat research, Fidelis Security Systems August 01, 2011

Let's forgo the APT hysteria long enough to make sure we're doing a good job on the fundamentals.
 

Lessons of the Sony PlayStation hack

Joe Basirico, director of security services, Security Innovation July 18, 2011

Software flaws provide the attack vector of many of today's largest breaches, and organizations must work to rectify those weaknesses.
 

The case for articulating security risk in a down economy

Patricia Titus, vice president and chief information security officer, Unisys July 12, 2011

Despite an astonishing sequence of breaches this year, expect business executives to remain tight with their purse strings, unless security professionals can accurately convey risk.
 

Smartphones? There's malware for that, too.

Troy Gill, security analyst, AppRiver July 07, 2011

Mobile devices, while unique, pose security challenges not unlike traditional PCs, and organizations can apply some basic tips to stay ahead of the threats.
 

You might be next: Data breaches

July 01, 2011

CISOs must concede they eventually will see their infrastructures compromised.
 

Signing on the dotted line of HIPAA

Bryan Cline, CISO and director of information security at Catholic Health East July 01, 2011

Given that a misrepresentation of the facts during attestation could result in civil and criminal penalties, what does a health care executive need to feel comfortable about before signing on the dotted line?
 

Can LulzSec and Anonymous forge a turning point?

Lysa Myers, director of research, West Coast Labs June 30, 2011

If something positive can come from a recent call by two hacking groups to expose corruption at governments and corporations, perhaps a fundamental change in cybersecurity can be it.
 

In search of a global network security standard

Shaul Efraim, vice president of marketing and business development, Tufin Technologies June 27, 2011

A government-adopted and enforced global benchmark for network security may lend value, and borrowing from the PCI DSS playbook could help in its creation.
 

Security concerns of computer automation and control: Where to start?

Cristiano Cafferata, systems engineer, SonicWALL June 20, 2011

A four-step industry model can be effective in defending control systems against adversaries.
 

Ensuring the supply chain is cost-friendly -- and protected

Sean Martin, founder, imsmartin consulting June 13, 2011

The automotive industry is just one vertical whose supply chain heavily relies on communications and document exchanges. But it must be careful that, in an effort to shave costs, security is not sacrificed.
 

An open letter to the network security industry

Peter George, president and CEO, Fidelis Security Systems June 06, 2011

A security vendor says working together is the only way to stop the endless string of breaches.
 

Earning back respect following a breach

Lysa Myers, director of research, West Coast Labs June 01, 2011

We all know what a difficult balancing act it is for businesses to provide both security and accessibility. Customers of Sony may not be in a forgiving mood, but if the company can learn from its mistakes, it may be able to re-establish trust.
 

Why do SQL injection attacks continue to succeed?

Josh Shaul, chief technology officer, Application Security May 24, 2011

SQL injection vulnerabilities first appeared in the 1990s, yet massive breaches in recent years prove the problem still remains a thorn in the side of security experts.
 

Rustock and Coreflood: a call to arms for strategic offensive action

David LaMacchia and Jamie Tomasello, Cloudmark; Jon Praed, founding partner, Internet Law Group May 19, 2011

Two recent botnet takedowns have demonstrated why going on the offensive is a viable way to cleanse compromised computers. But such tactics may set questionable precedents.
 

Looking beyond anti-virus to limit costs, attacks

Pat Clawson, chairman and CEO, Lumension May 12, 2011

Anti-virus technology is still integral to the security baseline of any organization, but because of advanced attacks, firms must consider complementary solutions.
 

When no one solution is best, an "ecosystem" emerges

Greg Oslan, CEO, Narus May 05, 2011

To fight today's sophisticated adversaries and protect the nation's digital infrastructure, the cybersecurity industry must unite technologies, develop new ones and cultivate experts.
 

Is malware on the decline, or is evasion on the rise?

Noa Bar Yosef, senior security strategist, Imperva April 26, 2011

While some studies point to a decrease in malware, that is more of an indication that virus writers are getting better at hiding their wares.
 

Security education: We're doing it wrong

Lysa Myers, director of research, West Coast Labs April 21, 2011

Most PC owners are thinking about security protection from a pre-botnet perspective.
 

Taming your "unknown unknowns" through network traffic analysis

Josh Goldfarb, principal security analyst, 21st Century Technologies April 13, 2011

Security professionals must understand what belongs on their network so they can look for the opposite. To do this, they must leverage a structured analysis approach.
 

Intellectual property strategies for security developers

James Denaro and Mark Ungerman, Morrison & Foerster April 08, 2011

As the security market continues to heat up, vendors must take steps to avoid patent infringement lawsuits.
 

How do you begin an information security career?

Israel Bryski, board member, N.Y. Metro ISSA chapter April 04, 2011

Breaking into information security as a career can be difficult, but there are several ways to ease the transition and make yourself more attractive to potential employers.
 

Confocal instrastructural vulnerabilities and their effect on business

Winn Schwartau, chairman, Mobile Active Defense March 29, 2011

Many organizations likely have not considered the risk of locating various infrastructure at the same physical location.
 

Tax season: The IRS is the least of your concerns

Frank Kenney, vice president of global strategy at Ipswitch File Transfer March 21, 2011

With the April 18 tax deadline looming, security isn't top-of-mind for the employees in your finance, audit and operations departments.
 

Mobile security offerings useful despite lack of malware

Lysa Myers, director of research, West Coast Labs March 03, 2011

Until mobile malware becomes more pervasive, the current lot of smartphone security offerings can help users with other concerns.
 

Unwitting accomplices and complicit security teams

Anup Ghosh, founder and chief scientist, Invincea February 25, 2011

End-users may be the weakest link, but technology exists to take security out of their hands.
 

Can deploying monitoring software put you in jeopardy?

Art Bowker, cybercrime specialist, Corrections February 22, 2011

Organizations may feel compelled to monitor their employees' email and web use, but they should first be aware of the legal implications.
 

The end of the endpoint

Tom Gillis, vice president and general manager, security technology business unit, Cisco February 15, 2011

The rapid shift in technology requires a major re-think of how we deploy security.
 

Letting go and keeping control: Beyond the PC and data center

Enrique Salem, president and CEO, Symantec February 15, 2011

Attackers - whether motivated by financial gain or a terrorist agenda - are changing their game and sharpening their focus.
 

Secure, global collaboration made possible

Mike Denning, general manager, Security, CA Technologies February 14, 2011

Identity and access management frameworks can help distinguish between the various competitor and partner personas, and organizations such as the Transglobal Secure Collaboration Program (TSCP) are working to construct and use them.
 

The WikiLeaks challenge: Remember the risks associated with third-party exposure

Kimberly Kiefer Peretti, director of the Forensic Services practice, PricewaterhouseCoopers February 13, 2011

When guarding against data breaches, organizations must consider the security postures of their closest partners, such as law firms and cloud providers.
 

What Stuxnet means for the process industry

Eddy Willems, security evangelist, G Data Software February 09, 2011

Governments and process control firms must work together to prevent highly sophisticated malware, such as Stuxnet, from spreading.
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws