File sharing and collaboration - Today's data leakage dilemma

Companies today are faced with the monumental challenge of establishing strong and persistent file protection to ensure sensitive corporate information remains protected. Until now, companies have relied on traditional security solutions to protect critical information.

Applying automation and analytics to threat visibility, verification and removal

External threat actors are using innovation and automation to stay ahead of traditional security defenses.

The untended security threat in every office that's hidden in plain view

Sometimes the most obvious problems go unnoticed because they're hidden in familiar places.

Distil Networks 2015 Bad Bot Report: 5 high-risk lessons

Distil Networks has produced their annual Bad Bot Report. It's the IT Security Industry's most in-depth analysis on the sources, types, and sophistication levels of last year's bot attacks-- and there are serious implications for anyone responsible for securing their web infrastructure.

Top 5 reasons to switch to better endpoint protection

Today's threats are becoming increasingly complex. Organizations can no longer rely on antivirus alone and must be on the lookout for innovative, next-generation endpoint protection solutions.

How Microsoft Office365, ServiceNow, AWS and other cloud services extend their security

The growing increase in adoption of Cloud and SaaS services, is taking place with the most intense threat landscape we've seen in generations.

Mid-market mayhem

You see it every day in the media, blog posts and industry marketing; "It isn't a question of if, but when." This defeatist attitude is settling over the industry like Death's own shawl.

Building a sophisticated endpoint defense strategy with full security lifecycle protection

Attackers are more sophisticated than they've ever been. They're targeting our intellectual property, sensitive customer information, user information and much more. The network is not the target—it's the endpoint where that data resides.

Internet security best practices from the Global 1000

The world of IT security is undergoing tremendous change. The unstoppable momentum of the Internet and cloud computing, the ubiquity of mobile devices and the emergence of Internet of things have together turned the IT security landscape upside down.

Cloud encryption—One shoe won't fit all

There is no question about the acceleration of data migrating to the cloud. But which cloud? All clouds: a mix of Infrastructure-, Platform- and Software-as-a-Service cloud models are being deployed by almost every organization.

Defeating the Pragmatic Adversary

Current assumptions are that today's adversaries move through the kill-chain step-by-step, using the most advanced tools, techniques, and tactics to carry out their objective.

Today's mobile security threats and tips to enable productivity without compromising data security

The threat landscape is evolving, and mobile threats are on the rise.

Key security insights for 2015

It's clear that cyber-crimes are alive and well on the global stage and will only continue to be pervasive as long as organizations prolong taking the necessary defense measures to stop threats from slipping through the cracks.

Insider threat: The emerging policy landscape & best practices

Retired Senior Executive,CIA - Insider Threat Detection, Larry Knutsen, will review the evolution of U.S. policy on insider threats and what they mean to your organization.

IBM security expert panel: Fighting today's advanced attacks with behavioral-based prevention

With security incidents becoming a weekly, if not daily, occurrence, organizations need proactive, preventative security measures to protect themselves and their customers. Hear from a diverse panel of IBM Security experts.

How to help remove the big risks from big data

Although the IBM z Systems platform is known for scalability and security, you still have to monitor who did what, when, why, where and how to ensure that information stays protected.

March madness: The elite 8 of security threats

70% of the stories reported during March Madness are linked to malware, not basketball.

How to extend threat protection to off-network employees

Many of the largest data breaches recently were initiated by attackers targeting the weakest links—remote sites, supplier networks, and mobile workers.

Surfacing high-impact cyber threats via security intelligence

The rapidly expanding supply chain supporting the cybercrime economy is empowering cyber criminals, cyber terrorists and even nation states in ways that put companies, critical infrastructure and governments at increased risk.

Cloud IAM is set to break the sound barrier

Cloud apps and mobile devices are screaming their way into the enterprise like jet fighters, bringing employees more access than ever - and more passwords as well.

Why developers need to think about security

Software developers are challenged with prioritizing between delivering code within aggressive timelines and incorporating security into the development lifecycle.

5 file transfer strategies to strengthen your organization's security and compliance

Security auditors make a living picking apart mid-to-large size organizations security practices. And there are a lot of reasons businesses need to pay more attention than ever.

Understanding SSL best practices

The Secure Socket Layer (SSL) protocol is under attack. In the last year, new vulnerabilities have been uncovered that allows malicious attackers to undermine security that organizations put in place to protect themselves and their end users sensitive information.

Cracking the confusion between encryption and tokenization

Today there are more options for securing enterprise data than ever before. Yet with so many approaches, choosing the best fit isn't always an easy decision.

The 7 deadly IT sins: Know them. Fear them. Fix them

Is your organization protected from the 7 Deadly IT Sins? These crucial security areas are often overlooked, creating weak spots that hackers love to exploit— putting your network and data at risk.

How Provident Bank transformed their information protection strategy

A single click by your end users can lead either to a data breach or to data protection. Which would your organization prefer?

The insiders: A rogue's gallery

If it were as easy as looking at the wanted posters on the wall of the post office, anyone could identify an insider, round up a posse, and head them off before they damage the organization.

Mobile security in action: How enterprises are getting ahead of threats

Mobile cyber threats are on the rise and getting more advanced. Enterprises want to bolster their security programs to protect against new, unknown mobile threats, but understanding these risks requires visibility.

Transforming government services by leveraging trusted digital identities

Government agencies have the opportunity to lower cost and improve both internal and Citizen-facing services by moving from static web-based information portals to leveraging the web as a service delivery platform.

Moving beyond proxies

Proxy deployments today have outlived their usefulness and practicality. They have joined a long list of legacy products, providing limited security functionality against today's advanced threats.

Uncovering the threat: Uniting network and endpoint security for unmatched threat defense

When network and endpoint security solutions team up, the result is a strengthened security posture and a solution that is impossible for attackers to compromise.

Exposing risky IT security - Best practices from the testing trenches

Enterprises are racing to shore up on-premises and cloud defenses to avoid being the next security headline. Spending on security technologies is at an all-time high, but how confident are you in vendor decisions and the security architecture you are implementing?

Planning for PCI compliance in the cloud

Virtualization changes everything. The agility and cost efficiencies enabled by virtualization and the cloud are beneficial, as long as you understand why virtualization requires different security.

Understanding web bots and how they hurt your organization

The internet is literally crawling with bots. Millions of them scour the farthest reaches of the internet every day, indexing content, testing connections, and making the web more useful overall.

The ying and the yang of cloud security: Detection & incident response

While the cloud has fundamentally changed the way we do business, it has left organizations feeling vulnerable to attacks. Enterprise security architectures are being extended to include data security for the cloud.

Disrupting the threat: Respond, contain and recover in seconds

As adversaries continue to innovate—designing attacks specifically tailored for your enterprise—being able to respond, contain and recover in a timely manner has never been harder.

Identity requirements for risk and compliance - what you need to know

Identity is a critical component of proving compliance. Whether complying with industry regulations or security best practices, your auditors need to know who has access to what servers and data as well as who exactly did what, where and when.

How to detect SQL Injection & XSS attacks with AlienVault USM

They may be the oldest tricks in the book, but SQL injection and cross-site scripting (XSS) attacks still put a hurt on thousands of web applications every year, impacting millions of users—your users and customers.

Closing the web app data security gap: Dynamic data masking for web applications

The rigidity of web application security controls has left the enterprise vulnerable to data breach.

Leveraging Next-Gen SIEM for security intelligence: A buyer's perspective

Chartered with securing both the PII of over 250,000 physicians and a vast amount of highly valued intellectual property amidst a rapidly evolving threat landscape, Paul Lynch, Director of Data Security and Networks at the American Board of Internal Medicine (ABIM), recognized the need to move beyond a traditional SIEM, and employ a more holistic approach to Security Intelligence.

Back to basics - Ensure both PCI compliance and tighter security

Every business that operates a cardholder environment to transact with its customers is required to maintain compliance to the PCI DSS international standard for security. Penalties for lack of compliance have become costly yet compliance does not equal security.

Five great reasons to embrace mobile in the enterprise

Mobile Devices has seen unprecedented growth since their introduction and now form an integral part of our daily lives. Yet, many Enterprises have not fully embraced mobile as part of their strategy because of too many unanswered questions.

Exploring the digital underworld: Botnets, zero day threats and phishing

Organizations continue to face the ongoing challenges of securing a continually evolving network perimeter. Organized crime has shifted to the digital underworld.

Privileged account exploits shift the front lines of cyber security

Cyber threat investigators discuss privileged account vulnerabilities found in most serious security breaches.

Application control is more than whitelisting-It's monitoring, visibility, protection & default deny

Application Control technology is more than just whitelisting. Organizations have found significant value via full visibility into server and desktop environments by continuously monitoring and observing application behavior.

Prepare for the breach: Detect, respond and disrupt at the moment of compromise

Many organizations over invest in network security solutions—relying on traditional antivirus to secure their endpoints.

Secure agile development: Why can't we all get along?

Security teams are sharply focused on bringing security to applications and meeting compliance requirements in the delivery of these applications and services.

Your data's gone mobile: Keep it secure

There now are more mobile devices on the planet than humans, and cyber criminals are targeting them at an increasing rate.

PHI is more valuable than credit cards: Time to get serious about data security!

News about data breaches in the healthcare sector continues unabated.

Guidance on migration to SHA-2

Google has advised that Chrome will gradually sunset SHA-1 cryptography, which is used in the signing process of SSL certificates.

The impact of endpoint data growth on corporate visibility & compliance

id you know that forty-six percent of IT knows or suspects employees are using their individual, non-IT approved cloud accounts to store corporate data?

Watering hole attacks: Detect end-user compromise before the damage is done

Attackers are becoming increasingly skilled at planting malicious code on websites frequented by their desired targets, commonly called "watering hole" attacks.

How to effectively use segmentation to protect your datacenter from cyberattacks

Critical datacenter assets are at the heart of financial services (and many other industries) enterprise networks. Unfortunately, it's still too easy for attackers to get into the datacenter through an insider, a partner, a side server, virtualization, or even a development environment.

ADDING RELATIONSHIP MANAGEMENT TO IDENTITY: A must for Customer-Centric companies

We're in the age of the customer. Empowered buyers are demanding a new level of customer obsession, and bring-your-own-everything is accelerating.

Security in the new mobile ecosystem

A recent study, conducted by the Ponemon Institute, and commissioned by Raytheon, has revealed some interesting facts related to the adoption and barriers to mobile device usage in the workplace.

What You Need to Know about Securing Access to Your Private Cloud

Moving enterprise apps to the cloud is becoming a very attractive option for organizations striving to cut IT costs while improving agility and scalability.

The one-man SOC: Habits of highly effective security practitioners

Do you feel alone? No resources? No help? If you are like many security practitioners faced with a mountain of tasks each day and a small (or non-existent) team to help, prioritization and efficiency are key.

Reducing cyber risk in industrial control systems with advanced network segmentation

The ISA99/IEC 62443 portfolio of standards has emerged as a leading framework for cybersecurity in ICS and SCADA and was referenced in the recent Presidential Framework.

Cyber thieves are ready for the holiday shopping season: are you?

Retail organizations have long been the target of financially-motivated crime. According to Verizon, 92% of the retail breaches they've studied were committed by external actors.

WordPress security simplified — Six easy steps for a more secure website

WordPress is the most-used content management system (CMS) in the world. More than 60 million websites, or 22.9% of the internet, use WordPress for content creation.

Securing critical patient privacy & care: Visibility, control and response for healthcare providers

Healthcare IT professionals deal with an increasing array of critical security issues that involve privacy, BYOD and network access, managing live-saving medical devices, and ensuring compliance federal regulations.

How to use crowd-sourced threat intelligence to stop malware in its tracks

Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those within a particular industry.

Top four recommendations to enhance your data security strategy

As the volumes of data in organizations continue to surge, being able to effectively protect sensitive information is becoming increasingly difficult.

The art of the test: Is your network security ready for the real world?

Often, the best way to make sure something works is to try it out. When it comes to network security, trying it out before an attacker does is an excellent idea.

Tapping global threat intelligence to secure enterprise networks

On July 9, 2014, the Cybersecurity Information Sharing Act (CISA) passed the Senate Intelligence Committee in a 12-3 vote. The legislation encourages threat information sharing between government and the private sector

Mitigating employee risk - Keep hires from starting fires

Employees are an organization's greatest asset and greatest risk. With a single click an employee can devastate a business by transferring or damaging huge amounts of data.

How to detect system compromise & data exfiltration

Have you ever wondered how the bad guys actually get control of a system? And, how they convert that system into a data-syphoning droid?

Advanced Threat Hunting: Identify and Track Zero-Day Attacks Infiltrating Your Organization

Attacks are highly sophisticated, well-funded, and persistently targeting enterprise environments. Perimeter security is no longer effective at preventing these types of threats as attackers easily and efficiently land on company endpoints.

How PCI 3.0 impacts your security posture & compliance

During this webinar Christopher Strand, Senior Director of Compliance at Bit9 + Carbon Black and Mordecai Kraushar, Director of Audit at CipherTechs will review how the update to PCI DSS 3.0 will impact your systems and cybersecurity.

Threat intelligence revolution

Real-world intelligence has been used for thousands of years to thwart an enemy's intentions. With the evolving sophistication of cyber threats growing at a rapid pace, today, internet and network connectivity has become the lifeblood of enterprise operations.

Persistent Threats are ever evolving. Is your security?

These are trying times for IT professional. Each and every day you face the risk of your network being hacked by the newest zero-day threat. Recently, it was the HeartBleed bug and then the IE vulnerability.

Next generation privileged identity management: Are you ready?

The number of identities that an organization must control and secure is exploding as companies support the evolution of business.

Hiding in plain sight: What's really happening on your network

Today's cyber threats hide in plain sight amidst your network traffic, making them nearly impossible to defend against.

Expose of threat groups: Lessons learned on how to combat the threat

Join the Dell SecureWorks Counter Threat (CTU) Special Operations team to dig deeper into the threat groups responsible for recent, targeted intrusions.

Insider threat detection, response and recovery - Find them early; Fix them fast

Your organization has a 50% likelihood of experiencing an insider incident despite deep investments in IT security. Insider threats include fraud, theft of intellectual property, data breaches and leaks, or malicious damage to IT resources.

Targeted attacks: Are you (and your ecosystem) secure?

Most businesses realize they are at-risk for becoming a victim of a targeted attack. But they still face an uphill battle to secure management buy-in and suitable resource prioritization.

Big Data - Your secret weapon in the war against cyber crime

Right now, Web attackers are amassing a global arsenal of knowledge and resources that is allowing them to expanding their reach well beyond financial services to virtually every industry, everywhere.

Strategies that work for Advanced Persistent Threat Prevention

Advanced Persistent Threats (APTs) are being used to compromise organizations around the globe with increasing sophistication, persistence, and evasive attack methods.

Cybersecurity - Best practices for protecting identities and assets

Cybersecurity, or more accurately cybersecurity breaches, have been in the headlines for months now. Headlines aside, threats are increasing in number while also becoming more sophisticated.

How to Detect SQL Injection & XSS Attacks using SIEM Event Correlation

Two of the oldest and most common attacks used against web applications, SQL injection attacks and cross-site scripting attacks (XSS), continue to impact thousands of websites and millions of users each year.

Cybersecurity...Meet Big Data

There are increasing numbers of new or revised regulations and mandates being imposed on organizations around the world that are pushing for the adoption of Security Information and Event Management (SIEM) technologies and services.

5 Top Breaches of 2013 & the link to privileged accounts

Privileged account credentials play a critical role in all advanced and insider attacks. In this webinar, we will deconstruct five of the most publicized breaches of 2013 and analyze the role of privileged accounts.

Mobile security: Getting past no to yes

Yesterday's mobile security approaches - managing the device or deploying non-intuitive containerized apps - do not work with today's mobile initiatives.

Five lessons in mobile security: Trends in exploiting mobile devices

There's no question that mobile devices are making an impact to how and where we work. However, the risks that mobile devices face continues to grow, which drives a corresponding set of requirements for security.

Detecting and responding to advanced cyber attacks faster amidst a "no rules" cyber battlefield

Most organizations realize it's no longer a matter of 'If' their organization will be breached but 'When'.

Securing Mobile, the New Enterprise Desktop

The mobile device is rapidly becoming the new desktop for employees. This shift, combined with the trend of BYOD, is driving exponential growth in the number of digital identities associated with an individual.

Life after a data breach: Identifying and containing advanced threats at the moment of compromise

Compromise can happen in seconds and containment can take weeks. For enterprises, it's no longer a matter of if you will be breached, but rather a matter of when.

You can continue to use WIN XP - securely and keep your regulatory certifications (PCI, HIPAA, ...)

Windows XP is scheduled for "End of Life" in April 2014 yet XP is still the 2nd most widely used PC operating system in the world—estimates suggest that nearly 35% of PCs are still running XP.

The NIST framework: The public's stake in the cybersecurity of our critical infrastructure

The announcement in February 2014 by the White House of a Framework for the development of cybersecurity standards follows the announcement one year earlier by the White House of a Presidential Executive Order describing the Government's overall policy toward the cybersecurity on our nation's critical infrastructure.

A pragmatic approach to Advanced Persistent Threat (APT) Protection

Targeted attacks, or APTs, can be complex and affect organizations of all sizes, across all industries. But that doesn't mean their detection and prevention has to be complex too. With constant confusion around ATAs and APTs, a staggering 68% of IT Managers admit they don't know what an APT is.

Addressing Identity and Access Management with a Unified Open source Identity and Access Management Suite

Many IT organizations today are tasked to manage a complex landscape that includes a mix of SaaS applications and on-premise applications being accessed by various user populations; employees, customers, mobile workers, etc.

Retail Cyber Threats: How to Detect Them Early and Limit the Damage

Let's face it, it's no longer a matter of 'If' your organization will be breached, but 'When' (if it hasn't already happened and you just don't know it). The key question is 'How can you gain better visibility sooner to the signs that you've been breached?'

An Enterprise Security Platform Approach to Advanced Persistent Threats

Today's advanced persistent threats (APTs) evade traditional security controls with techniques such as SSL encryption and require an integrated, simple and automated approach that can detect and defend at each stage of an attack.

Next Generation NAC: Advancing Control Intelligence and Security Management

Today's Network Access Control (NAC) technology has evolved well beyond that of allowing or denying network admission. The latest generation of NAC solutions addresses numerous security and compliance applications, but more so, help organizations enhance operational awareness, efficiency and use of their existing network and security infrastructure.

A Conversation with CSOs: Strategies to Integrate Endpoint Security into the SOC

Join Dave Shackleford, founder of Voodoo Security and former CSO of Configuresoft, and Nick Levay, CSO of Bit9, to discuss why endpoint visibility and control is crucial to the security operations center. In this webcast you will learn how security teams can more readily define and identify meaningful indicators of compromise.

What's really on your network?

Face it, your users want to use any application while at work, yet they may not be aware of the associated business and security risks. Filesharing, remote access, video and social networking applications are all rampant on most every network we analyze. Commonly found among those applications are very sophisticated threats hiding in plain sight, acting like normal traffic, using SSL, FTP, and RDP to steal data.

Regain Control of Your SaaS and Cloud Investments

To meet strategic objectives for growth and business transformation initiatives, more and more enterprises are externalizing key business functions to the Cloud, and to SaaS in particular. But how effectively are enterprises and securing and managing these deployments? How are your peers doing in managing actual usage and user management, providing end-user support, and extending identity management of external service providers?

Latest threats on iOS and Android and what you can do about it

Discover the latest mobile threat trends on iOS and Android platforms and the key to mobile application security.

Solving for Evasion: The Cyber Kill-chain and the Enterprise Security Platform

The first step to defeating advanced threats is understanding the sophisticated techniques malware and exploits are using to evade detection and slip past traditional security controls. We will share a detailed review of the cyber kill-chain, including each step used to compromise hosts, with data from real attacks and specific anecdotes.

Perception vs. Reality: What You Know About Database Encryption

Devastating—that's the best way to describe the impact of not having a strong database security initiative. Did you know that 35% of all cyber attacks today occur without enterprises ever knowing that such an attack took place? It only takes 30 seconds to steal your data - making it humanely next to impossible to stop these sophisticated attacks. Your company's most sensitive financial and customer information is stored in databases, Hadoop and NoSQL platforms that are vulnerable. It's time to increase protection and defend your sensitive data

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US