By now you've probably heard about new ransomware threats like CryptoWall, which encrypts your data and demands payment to unlock it. These threats are delivered via malicious email attachments or websites, and once they execute and connect to an external command and control server, they start to encrypt files throughout your network.
Despite the meteoric rise of cloud based applications and services, as well as its subsequent adoption by a significant number of enterprises, security still remains a major concern for many organizations.
Demonstrating compliance with PCI DSS is far from a trivial exercise. Are you sure you can document your organization's compliance with the new 3.0 standards?
IT security is more challenging than ever. IT departments are tasked with managing a roaming workforce with limited resources and budget. Security solutions need to be effective yet approachable, especially for mid-sized companies.
Many enterprise security solutions claim to offer continuous endpoint visibility—reactively scanning, sweeping or polling your environment for a set list of known indicators or signatures. But this approach can take hours for a single result, disrupt the performance of your organization's endpoints, and miss insight into root cause and lateral movement of an attack
DNS is used by every device on your network. But are you leveraging it in your security stack?
Intrusion vs. breach: How security analytics & automated response can improve your chances of avoiding a breach
In this webinar, our guest speaker John Kindervag, Vice President, Principal Analyst at Forrester Research, and Seth Goldhammer, Director of Product Management at LogRhythm, will discuss how pervasive visibility and big data security analytics, when coupled with intelligent automated response, can substantially reduce an organization's risk of experiencing a material breach or cyber incident.
The weather may be warm now but retailers are already planning for the 2015 holiday season, when businesses will conduct as much as 20% of their total annual sales
If one AV is good, are two AVs better defense against APTs, ransomware and other sophisticated malware? That's the way we used to do it back in the '80s and '90s, but does this approach still work?
What if you could uncover the infrastructure attackers are staging and identify threats BEFORE the kill chain begins?
Feudal Security, a concept popularized by cyber security guru Bruce Schneier, requires organizations to entrust the security of their data and infrastructure to cloud providers.
The connection between cybersecurity and a company's bottom line is crystal clear to board members — and they're worried. In fact, more than 80 percent of corporate directors now discuss cybersecurity at most or all boardroom meetings.
With credit card data theft growing at an alarming rate and undermining consumer confidence, organizations are investing in their network security for PCI compliance - only to realize that being compliant does not mean they're protected against advanced cyberattacks.
A recent report by Forrester Research identified security as being the "top concern" for enterprise technology and business decision-makers for IoT*.
Mark Twain once said, "The report of my death was an exaggeration." Can the same be said for the password?
This webcast will highlight key findings from our recently completed Point-of-Sale Security Mid-year Health Assessment, during which we surveyed POS security professionals about their security posture.
Websites are under attack. In the last year, new vulnerabilities have been uncovered that allows malicious attackers to undermine security that organizations put in place to protect themselves and their end users sensitive information.
The cloud movement presents a rare and momentous opportunity to revisit not only how we think about computing, but also how we think about information security.
On average, it took compromised organizations over 200 days to detect attackers once they had penetrated the network. How long would it take your organization?
In the modern enterprise privileged users are no longer entirely inside the perimeter, nor is your infrastructure.
Digital Identity is the foundation for granting user access in today's connected enterprise. Dated authentication approaches fall short on both security effectiveness and user experience.
According to Accenture's 2015 Global Risk Management Study, financial services and banking executives view cyber & IT risk as their top risk area over the next two years.
How serious is the risk of visual hacking in your organization? Consider who may be viewing, photographing and collecting sensitive information from your offices and electronic devices when staff is mobile.
Social has changed many aspects of information security. Fascinatingly, enterprise has been slow to embrace community sourcing security intelligence.
Companies today are faced with the monumental challenge of establishing strong and persistent file protection to ensure sensitive corporate information remains protected. Until now, companies have relied on traditional security solutions to protect critical information.
External threat actors are using innovation and automation to stay ahead of traditional security defenses.
Sometimes the most obvious problems go unnoticed because they're hidden in familiar places.
Distil Networks has produced their annual Bad Bot Report. It's the IT Security Industry's most in-depth analysis on the sources, types, and sophistication levels of last year's bot attacks-- and there are serious implications for anyone responsible for securing their web infrastructure.
Today's threats are becoming increasingly complex. Organizations can no longer rely on antivirus alone and must be on the lookout for innovative, next-generation endpoint protection solutions.
The growing increase in adoption of Cloud and SaaS services, is taking place with the most intense threat landscape we've seen in generations.
You see it every day in the media, blog posts and industry marketing; "It isn't a question of if, but when." This defeatist attitude is settling over the industry like Death's own shawl.
Attackers are more sophisticated than they've ever been. They're targeting our intellectual property, sensitive customer information, user information and much more. The network is not the target—it's the endpoint where that data resides.
The world of IT security is undergoing tremendous change. The unstoppable momentum of the Internet and cloud computing, the ubiquity of mobile devices and the emergence of Internet of things have together turned the IT security landscape upside down.
There is no question about the acceleration of data migrating to the cloud. But which cloud? All clouds: a mix of Infrastructure-, Platform- and Software-as-a-Service cloud models are being deployed by almost every organization.
Current assumptions are that today's adversaries move through the kill-chain step-by-step, using the most advanced tools, techniques, and tactics to carry out their objective.
The threat landscape is evolving, and mobile threats are on the rise.
It's clear that cyber-crimes are alive and well on the global stage and will only continue to be pervasive as long as organizations prolong taking the necessary defense measures to stop threats from slipping through the cracks.
Retired Senior Executive,CIA - Insider Threat Detection, Larry Knutsen, will review the evolution of U.S. policy on insider threats and what they mean to your organization.
With security incidents becoming a weekly, if not daily, occurrence, organizations need proactive, preventative security measures to protect themselves and their customers. Hear from a diverse panel of IBM Security experts.
Although the IBM z Systems platform is known for scalability and security, you still have to monitor who did what, when, why, where and how to ensure that information stays protected.
70% of the stories reported during March Madness are linked to malware, not basketball.
Many of the largest data breaches recently were initiated by attackers targeting the weakest links—remote sites, supplier networks, and mobile workers.
The rapidly expanding supply chain supporting the cybercrime economy is empowering cyber criminals, cyber terrorists and even nation states in ways that put companies, critical infrastructure and governments at increased risk.
Cloud apps and mobile devices are screaming their way into the enterprise like jet fighters, bringing employees more access than ever - and more passwords as well.
Software developers are challenged with prioritizing between delivering code within aggressive timelines and incorporating security into the development lifecycle.
Security auditors make a living picking apart mid-to-large size organizations security practices. And there are a lot of reasons businesses need to pay more attention than ever.
The Secure Socket Layer (SSL) protocol is under attack. In the last year, new vulnerabilities have been uncovered that allows malicious attackers to undermine security that organizations put in place to protect themselves and their end users sensitive information.
Today there are more options for securing enterprise data than ever before. Yet with so many approaches, choosing the best fit isn't always an easy decision.
Is your organization protected from the 7 Deadly IT Sins? These crucial security areas are often overlooked, creating weak spots that hackers love to exploit— putting your network and data at risk.
A single click by your end users can lead either to a data breach or to data protection. Which would your organization prefer?
If it were as easy as looking at the wanted posters on the wall of the post office, anyone could identify an insider, round up a posse, and head them off before they damage the organization.
Mobile cyber threats are on the rise and getting more advanced. Enterprises want to bolster their security programs to protect against new, unknown mobile threats, but understanding these risks requires visibility.
Government agencies have the opportunity to lower cost and improve both internal and Citizen-facing services by moving from static web-based information portals to leveraging the web as a service delivery platform.
Proxy deployments today have outlived their usefulness and practicality. They have joined a long list of legacy products, providing limited security functionality against today's advanced threats.
When network and endpoint security solutions team up, the result is a strengthened security posture and a solution that is impossible for attackers to compromise.
Enterprises are racing to shore up on-premises and cloud defenses to avoid being the next security headline. Spending on security technologies is at an all-time high, but how confident are you in vendor decisions and the security architecture you are implementing?
Virtualization changes everything. The agility and cost efficiencies enabled by virtualization and the cloud are beneficial, as long as you understand why virtualization requires different security.
The internet is literally crawling with bots. Millions of them scour the farthest reaches of the internet every day, indexing content, testing connections, and making the web more useful overall.
While the cloud has fundamentally changed the way we do business, it has left organizations feeling vulnerable to attacks. Enterprise security architectures are being extended to include data security for the cloud.
As adversaries continue to innovate—designing attacks specifically tailored for your enterprise—being able to respond, contain and recover in a timely manner has never been harder.
Identity is a critical component of proving compliance. Whether complying with industry regulations or security best practices, your auditors need to know who has access to what servers and data as well as who exactly did what, where and when.
They may be the oldest tricks in the book, but SQL injection and cross-site scripting (XSS) attacks still put a hurt on thousands of web applications every year, impacting millions of users—your users and customers.
The rigidity of web application security controls has left the enterprise vulnerable to data breach.
Chartered with securing both the PII of over 250,000 physicians and a vast amount of highly valued intellectual property amidst a rapidly evolving threat landscape, Paul Lynch, Director of Data Security and Networks at the American Board of Internal Medicine (ABIM), recognized the need to move beyond a traditional SIEM, and employ a more holistic approach to Security Intelligence.
Every business that operates a cardholder environment to transact with its customers is required to maintain compliance to the PCI DSS international standard for security. Penalties for lack of compliance have become costly yet compliance does not equal security.
Mobile Devices has seen unprecedented growth since their introduction and now form an integral part of our daily lives. Yet, many Enterprises have not fully embraced mobile as part of their strategy because of too many unanswered questions.
Organizations continue to face the ongoing challenges of securing a continually evolving network perimeter. Organized crime has shifted to the digital underworld.
Cyber threat investigators discuss privileged account vulnerabilities found in most serious security breaches.
Application control is more than whitelisting-It's monitoring, visibility, protection & default deny
Application Control technology is more than just whitelisting. Organizations have found significant value via full visibility into server and desktop environments by continuously monitoring and observing application behavior.
Many organizations over invest in network security solutions—relying on traditional antivirus to secure their endpoints.
Security teams are sharply focused on bringing security to applications and meeting compliance requirements in the delivery of these applications and services.
There now are more mobile devices on the planet than humans, and cyber criminals are targeting them at an increasing rate.
News about data breaches in the healthcare sector continues unabated.
Google has advised that Chrome will gradually sunset SHA-1 cryptography, which is used in the signing process of SSL certificates.
id you know that forty-six percent of IT knows or suspects employees are using their individual, non-IT approved cloud accounts to store corporate data?
Attackers are becoming increasingly skilled at planting malicious code on websites frequented by their desired targets, commonly called "watering hole" attacks.
Critical datacenter assets are at the heart of financial services (and many other industries) enterprise networks. Unfortunately, it's still too easy for attackers to get into the datacenter through an insider, a partner, a side server, virtualization, or even a development environment.
We're in the age of the customer. Empowered buyers are demanding a new level of customer obsession, and bring-your-own-everything is accelerating.
A recent study, conducted by the Ponemon Institute, and commissioned by Raytheon, has revealed some interesting facts related to the adoption and barriers to mobile device usage in the workplace.
Moving enterprise apps to the cloud is becoming a very attractive option for organizations striving to cut IT costs while improving agility and scalability.
Do you feel alone? No resources? No help? If you are like many security practitioners faced with a mountain of tasks each day and a small (or non-existent) team to help, prioritization and efficiency are key.
The ISA99/IEC 62443 portfolio of standards has emerged as a leading framework for cybersecurity in ICS and SCADA and was referenced in the recent Presidential Framework.
Retail organizations have long been the target of financially-motivated crime. According to Verizon, 92% of the retail breaches they've studied were committed by external actors.
WordPress is the most-used content management system (CMS) in the world. More than 60 million websites, or 22.9% of the internet, use WordPress for content creation.
Healthcare IT professionals deal with an increasing array of critical security issues that involve privacy, BYOD and network access, managing live-saving medical devices, and ensuring compliance federal regulations.
Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those within a particular industry.
As the volumes of data in organizations continue to surge, being able to effectively protect sensitive information is becoming increasingly difficult.
Often, the best way to make sure something works is to try it out. When it comes to network security, trying it out before an attacker does is an excellent idea.
On July 9, 2014, the Cybersecurity Information Sharing Act (CISA) passed the Senate Intelligence Committee in a 12-3 vote. The legislation encourages threat information sharing between government and the private sector
Employees are an organization's greatest asset and greatest risk. With a single click an employee can devastate a business by transferring or damaging huge amounts of data.
Have you ever wondered how the bad guys actually get control of a system? And, how they convert that system into a data-syphoning droid?
Attacks are highly sophisticated, well-funded, and persistently targeting enterprise environments. Perimeter security is no longer effective at preventing these types of threats as attackers easily and efficiently land on company endpoints.
During this webinar Christopher Strand, Senior Director of Compliance at Bit9 + Carbon Black and Mordecai Kraushar, Director of Audit at CipherTechs will review how the update to PCI DSS 3.0 will impact your systems and cybersecurity.
Real-world intelligence has been used for thousands of years to thwart an enemy's intentions. With the evolving sophistication of cyber threats growing at a rapid pace, today, internet and network connectivity has become the lifeblood of enterprise operations.
These are trying times for IT professional. Each and every day you face the risk of your network being hacked by the newest zero-day threat. Recently, it was the HeartBleed bug and then the IE vulnerability.
The number of identities that an organization must control and secure is exploding as companies support the evolution of business.
Today's cyber threats hide in plain sight amidst your network traffic, making them nearly impossible to defend against.
Join the Dell SecureWorks Counter Threat (CTU) Special Operations team to dig deeper into the threat groups responsible for recent, targeted intrusions.
Your organization has a 50% likelihood of experiencing an insider incident despite deep investments in IT security. Insider threats include fraud, theft of intellectual property, data breaches and leaks, or malicious damage to IT resources.
Most businesses realize they are at-risk for becoming a victim of a targeted attack. But they still face an uphill battle to secure management buy-in and suitable resource prioritization.
Sign up to our newsletters
SC Magazine Articles
- Zero-Day, Angler kit exploits help drive up malvertising by 325%
- Scanner identifies thousands of malicious Android apps on Google Play, other markets
- Report: Phishing costs average organization $3.7 million per year
- ISIS hacking leader killed by drone strike
- Hacking number one consumer fear, others not worried: Kaspersky Labs
- Nearly 90 percent of Android devices vulnerable to endless reboot bug
- Women in IT Security: 10 Power Players
- Scanner identifies thousands of malicious Android apps on Google Play, other markets
- Report: Phishing costs average organization $3.7 million per year
- Women in IT Security: Women of influence