To thrwart web attackers, organizations must think like a criminal and turn to tricks that will stop attackers in their tracks -- or even make them believe that they are succeeding.
We've recently been witnessing tremendous change in perspective when it comes to IT security and the shroud of embarrassment associated with breaches has been lifting.
Bring-your-own-device (BYOD) quickly made the jump from industry trend to business imperative, and organizations are now feeling the pressure to open their networks to employee-owned devices.
LANDesk's Devin Anderson offers five vital strategies you need to know to fend off attacks and safeguard your organization.
Increased threat levels will lead to a budget realignment toward security.
While AV software derails a lot of potentially harmful attacks, it is only one component of a comprehensive security solution.
Every company in every part of the world is subject to some level of insider threat.
The threats associated with mobile devices can come in many forms, so there are a number of best practices one can put in place to thwart potentially disastrous consequences.
Hackers and computer criminals have shown an ongoing ability to stay one step ahead of the security professional, but there are strategies and tools to help thwart their efforts.
Companies targeted by APT will need to upgrade their defenses strategy to include multiple, integrated layers of extremely sensitive anomaly detection and mitigation.
Cloud platforms' high level of security allows enterprises to focus on the finer points of data security.
The virtual environment is very different from the "physical" data center where networks, servers and applications can be easily secured and monitored.
Nobody would leave their car unlocked in a public parking lot...so why is it so many are leaving the servers unlocked in the cloud?
Similarities continue as we see more targeted, personalized attacks
Welcome to the SC Awards Finalist Blog, where the contenders for an SC Magazine U.S. 2012 Award will offer advice on how to defend against modern-day threats.
Cast your ballots today for the most influential security pros on the social web.
Monitoring those with access to virtual machines running in the cloud is an important step to successful deployment.
Businesses need a holistic and integrated approach to security that focuses on moving from threat detection to prevention
Today's security appliances do a great job patrolling the network perimeter, but what do you do when the threat is coming from inside the building?
Stop by to gain the latest insight on what your peers are doing to succeed in today's security landscape. Also, nominations are now open for our 2011 SC Magazine Social Media Awards.
Firewalls are again becoming talk of the town. There are an enormous amount of opinions including claims of a recent firewall revolution that have been proposed to completely change the firewall landscape. I will be the first to admit that the features and capabilities offered in today's firewall products are not the same as was offered in their original incarnation. But then again, traffic patterns and applications are not the same as they were when firewalls first hit the market.
There is overwhelming evidence in reports such as the SANS Top Cyber Security Risks and the Verizon Data Breach Investigation Report that web applications are the Achilles' heel of most networks and criminals know it. In order to protect web applications, the network security paradigm has to shift from "Keep People Out" to "What Are They Doing?" and the IT infrastructure spending needs to follow suit.
Data breaches involving privacy information continue to increase despite the costs, embarrassment and negative publicity associated with them.
Over a year ago, IBM began a global conversation about how the planet is becoming smarter with an increasingly instrumented, interconnected and intelligent infrastructure. There is an explosive growth of data that is collected about virtually every aspect of our lives that we can connect and share across billions of devices with built-in intelligence. Our ability to use this data to visualize, control and automate what happens in our environment influences every aspect of our lives from financial transactions, to healthcare, retail, transportation, communications, government and utilities.
In the world of acronyms, information technologists seem to lag behind only government agencies in their ability to create jargon and abbreviations of cryptic concepts. IT-GRC is one member of the IT lingo club. The Information Technology Infrastructure Library, or ITIL, is a fellow acronym gaining more acceptance and popularity within the IT industry. ITIL provides a common framework to formalize a service-oriented management approach within IT and improve interaction between IT and the business.
With the SC Magazine Awards Blog, we're attempting to add thought-provoking subject matter from industry leaders on a wide variety of topics and issues facing the security industry today. Hopefully, these blog posts are providing you additional value and insight into the state of the industry and a forward-looking forum on the challenges we are likely to see in the future.
Consumerization is the use of consumer targeted technology in the work environment. While it may not yet have reached fever pitch, there is a steady and growing awareness of the risks of a new trend in business computing: consumerization.
Organizations must reconsider how they respond to compliance requirements.
Organizations must overcome the "myths" and "inhibitors" around securing web applications.
Deploying an effective endpoint security strategy is essential in a business environment with growing numbers of telecommuters.
Let's face it: Breaches are going to happen. As a result, detection and incident response may actually be more important than prevention.
The stigma attached to the term "hacker" needs to be dropped if computer security advancements are to be made.
Gaining visibility and eliminating latencies while maintaining effective systems and security management can help close off the possibility of a devastating data breach.
Whether it's a bridge closure or a catastrophic flu outbreak, remote access capabilities can help businesses stay afloat during difficult times.
Each year, SC Magazine celebrates the best and brightest leaders of the IT Security industry with the SC Awards. Award finalists have been recognized by the security community for the work they do every day in the trenches to help fight the battle for a more secure enterprise.
Michael F. Angelo, chief security architect, NetIQ
It's clear that what we've been doing to ensure security has yet to bear its full fruit...
Pat Sueltz, CEO of LogLogic
As the recession continues, cybercrime and data breaches are on the rise—particularly from disgruntled, laid-off employees. According to a...
Steve Schlarman, IT GRC product ,anager, Archer Technologies
In a previous blog entry, I explored, through an admittedly strange analogy, the connection of GRC...
David Ting, CTO, Imprivata
With the story of the laid-off Fannie Mae employee trying to destroy company servers still fresh in our minds, I...
Tom Ashoff, vice president of engineering, Sourcefire
2007 was a breakout year for virtualization, when companies discovered the economic and organizational benefits in building...
Hugh Njemanze, CISSP, founder, CTO and executive vice president of research and development, ArcSight
IT administrators, network managers and just about everyone else in...
Tom Spadafore, CEO, VANTOS
More than ever, businesses around the globe are experiencing a rising volume of insider and outsider fraud and misconduct. Some...
Recently, a group of open-source executives wrote an open letter to President Obama, requesting that he "make the use of open source software a...
Kent Anderson, CISM, managing director, Encurve, LLC and member of ISACA’s Security Management Committee
In a recent ISACA survey on the top business and...
Steve Schlarman, IT GRC product manager, Archer Technologies
Rocco Prestia, the bass player for the funk band Tower of Power, was once asked to...
Stephen Pao, vice president of product management, Barracuda Networks
Nearly 75 percent of internet vulnerabilities occur at the application layer, and for most companies...
Sam Masiello, VP of information technology, MX Logic
Frequently when there is a new, hot buzzword, developers and organizations that want to be on...
Michael F. Angelo, chief security architect, NetIQ
Success in today’s world is often predicated on the ability to improve/expand/grow business with the adoption of...
Ian Amit, director of security research, Aladdin Knowledge Systems
It used to be easy to be in the security industry. All you had to...
Malte Pollmann, chief product officer, Utimaco
Following the 2007 data breach at retailer TJX , the recent breach at Heartland Payment Systems, and a...
Caleb Sima, CTO, Applications Security Center (and former co-founder and CTO of SPI Dynamics)
All organizations are affected by the economy’s ups and downs,...
Amit Jasuja, VP Product Development, Oracle
In the first incarnation of access management solutions, we put up walls around the perimeter and allowed people...
Sara Gates, chief strategy officer, Agiliance
In the wake of 2008’s historic crash of Wall Street and unprecedented economic woes, the New Year brings...
Anton Zajac, CEO, ESET, LLC
The security threats we face today are rapidly increasing in volume and complexity. The lone attacker is the exception...
Chen Arbel, vice president of strategic development, Aladdin Knowledge Systems
Strong authentication protects online banks and enterprises from identity theft and other data attacks
Ron Gula, CEO and co-founder, Tenable Network Security
During the past year, there have been several high-profile companies that have suffered data breaches who...
Bobby Dominguez, director, Security & Compliance, Catalina Marketing Corporation
1. What has been the biggest change in security that you’ve seen in the last...
Awards season is upon us! I’d like to welcome all our readers back to the SC Magazine Awards Blog, which is now live again as...
Deb Radcliff filed this RSA wrapup.
Everyone’s always asking those of us from the trade press about trends we see at RSA.
Some will tell you RSA...
The press has been locked out of RSA's Friday keynote by Al Gore, and the registrar says it was at Mr. Gore's request. That's gonna...
Patrick J Conte, CEO, Agiliance
The need to map security to the business has been an ongoing topic of conversation for quite some...
Mark Sunner, chief security analyst, MessageLabs --
As categories of malware go, targeted trojans occupy the sharp end of malicious activity.
The mainstream viruses...
Chris Wysopal, CTO and co-founder, Veracode --
I recently led a roundtable event in New York and Washington, D.C., entitled “5 Trends Shaping Software Security.”...
Kurt Roemer, chief security strategist, Citrix --
SSL/VPN continues to be the technology lifeline of remote workers who require access to rich applications and data...
Chet Hosmer, chief scientist, WetStone Tecnologies, Inc. --
Autonomous hashing and live discovery technologies are advancing rapidly and provide value and expediency for forensic investigators....
Scott Chasin, chief technology officer, MX Logic --
For years now we have faced the deluge of spam and other digital pollutants clogging...
Hugh Njemanze, founder and CTO, ArcSight --
Traditional security monitoring strategies have focused on the “low-hanging fruit” of the perimeter.
Ron Ben-Natan, CTO, Guardium --
The most valuable resource managed by IT is an organization’s data, and data security has become the number one issue...
Roger Thornton, Founder/CTO, Fortify Software --
Web 2.0 technologies are spawning an explosive growth in client-side processing (Ajax/Flex), distribution of executable content (JSON), and the...
Tom Kendra, Group President, Symantec Corp. --
While increased internet connectivity has fundamentally changed the way we do business, it also has introduced new security...
Maksym Schipka, Senior Architect, MessageLabs --
I have been spending a lot of time recently exploring the criminal underworld. The shadow internet economy is...
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Website observed serving 83 executable files, more than 50 percent malware
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- TeslaCrypt used to extort over $76K in recent months
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes