John McClurg, vice president of Dell Global Security, discusses some of the threats posed to corporations today, and how security professionals should assess them in order to implement successful security strategies.
Ahren S. Tryon, attorney at Cozen O'Connor, discusses the recent executive order, as well as the concerns of privacy in relation to information sharing between the public and private sector.
In this video, Greg Masters, managing editor for SC Magazine, sits with Tomer Teller, security evangelist and researcher for Check Point Software Technologies, to discuss some of the advanced threats that enterprises are facing today.
Steve Durbin, global vice president for the Information Security Forum, discusses some of the problems security professionals face today.
In this video Danielle Walker, reporter for SC Magazine, sits with Don Grey, chief security strategist at Solutionary, to discuss the major highlights of the report.
In this video, Charles Renert, vice president of research and development for Websense Labs, discusses the findings of their "2013 Threat Report" and how companies can minimize their attack surface.
In this video, Tom Buoniello, senior vice president of product management at AppRiver sits with Greg Masters, managing editor at SC Magazine, to discuss this prevalent threat and what users can do to protect themselves.
Bryant Bell, senior product marketing manager of Guidance Software, sits with SC Magazine reporter, Danielle Walker, to discuss some of the benefits of having legal counsel in the security industry.
Dan Kaplan, executive editor at SC Magazine, sits with Abe Kleinfeld, CEO of nCircle, to discuss communication between the CSO and upper management.
Danielle Walker, reporter for SC Magazine, discusses the human factor in terms of security with Dr. Hugh Thompson, senior vice president and chief security strategist at Blue Coat Systems.
After a year that witnessed a threat landscape more diverse than ever, Neil Cook, CTO at Cloudmark, talks about the unprecedented levels that spam has reached.
In this video Stonesoft's director of cyber security, Jarno Limnell, comes to the SC Magazine offices to discuss military cyber security strategies that can be implemented by the enterprise.
Executive editor, Dan Kaplan, sits with Tatu Ylönen, CEO of SSH Communications Security, to discuss SSH key management.
It's one thing to be a victim of a phishing campaign, but it's an entirely different ball game when you're at the receiving end of a targeted attack.
Anthony Di Bello of Guidance Software talks about incident response with executive editor, Dan Kaplan, at the SC Magazine offices.
SC Magazine catches up with Marcia Hofmann, senior staff attorney at the Electronic Frontier Foundation, who provides some legal guidance for researchers in the industry.
In this Black Hat 2012 press conference video, Don Weber, hardware analysis expert at InGuardian, discusses the threats involved with advanced metering infrastructure.
SC Magazine executive editor, Dan Kaplan, sits with James Lyne, director of technology and strategy at Sophos, to discuss password security in today's threat landscape.
Ashley Stephenson, EVP of Corero Network Security, visits the SC Magazine offices to discuss one of the most popular attack methods used by cyber criminals.
McAfee co-president, Michael DeCesare, stopped by the SC Magazine offices to discuss the advancements in the threat landscape.
SC Magazine's Dan Kaplan sits with Francis deSouza of Symantec, to discuss the global state of information in the enterprise and costs associated with it.
SC Magazine's Dan Kaplan sat with the co-founder and CEO of CloudFlare, Matthew Prince, to discuss the company's stance on security when it comes to protecting its dynamic customer base.
With a slew of threat vectors to cover, security professionals are faced with one of the biggest challenges in the industry to date: mobility in the workplace. In this video, the founder and president of Appthority discusses app management in the enterprise.
While the security industry is on their toes, many companies still haven't addressed their information security. In this video interview, Dan Kaplan sits with Radware CEO, Roy Zisapel, to chat about defending mission-critical applications.
Dan Kaplan, executive editor of SC Magazine, sits with WInn Schwartau to discuss what exactly keeps him up at night as a security professional.
Coverity's Chris Valasek sits with SC Magazine's executive editor, Dan Kaplan, to discuss the upcoming release of Windows 8 and the new security features implemented.
It's important to be familiar with one's network before going in to assess any damage or patch vulnerabilities. Although good technology may be deployed, accidents happen.
Bring-your-own-device and cloud security are just some of the topics that add to the changing threat landscape of online security.
The Information Security Forum (ISF) works with organizations on issues they face protecting their information and data.
From issues that corporations face with mobile security, to social networking threats on sites like Pinterest, there were endless hot topics at this year's RSA Conference 2012 in San Francisco.
Noted security researcher Hugh Thompson, the chief security strategist at People Security and the program chairman of the RSA Conference, discusses how companies may reconsider controversial business decisions if they mean inciting the wrath of the Anonymous hacktivist collective.
2011 was marked by a rise in hacktivism, an evolution in cyber crime toolkits, a preponderance of mobile malware -- namely on the Android -- and increased risks in social media. This resulted in "unprecedented public attention to [these] problems," said James Lyne, director of technology strategy at Sophos. In this video, Lyne describes how organizations can use this newfound cyber awareness to best respond to the challenges.
Digital adversaries have lots going for them: financial incentives, easy-to-access tools and ubiquitous access points thanks to the pervasive nature of the internet. And defenders have lots working against them, as they try to do more with less. But in this video, Rapid7 CEO Mike Tuchen offers suggestions of how organizations can harden their networks, from poking at their own infrastructure to prioritizing their risk posture.
In this interview, Harry Sverdlove, CTO of Bit9, describes to SC Magazine Executive Editor Dan Kaplan what the bring-your-own-device revolution means for organizations, and how they should best address the threat posed by endpoints such as the Android.
SC Magazine Managing Editor Greg Masters chats with Carl Herberger, vice president of security solutions at Radware, about the risk posed by politically and ideologically motivated attacks, known as hacktivism.
Andrew Lee, CEO of ESET North America, sits down with SC Magazine Executive Editor Dan Kaplan to discuss why security education needs to make its way into school curricula. This will allow students to become better protectors of their personal critical infrastructure -- their homes -- and prepare them to be security conscious employees once they enter the working world.
SC Magazine Executive Editor Dan Kaplan sits down with a Juniper security executive to learn why the trend of mobility and data migration should be a top concern for security professionals, and how they can institute best practices to deal with the new risk.
Security researcher Dillon Beresford speaks to the press at the Black Hat conference in Las Vegas following his presentation which demonstrated how to hack into Siemens industrial control systems. Beresford specifically uncovered "replay attack" vulnerabilities in programmable logic controllers, or PLCs, which are used in organizations such as power plants to automate processes. He told the media that part of his motivation for the research was to debunk conventional thinking that SCADA attacks require deep pockets. This week, ICS-CERT issued an advisory warning of the bugs in the Berlin-based Siemens products.
While McAfee's recently released "Shady RAT" report concentrated on the victims of a mass cyberespionage ring, another researcher has decided to focus his attention on the adversaries behind such attacks. In a video recorded last week at the Black Hat conference in Las Vegas, Joe Stewart of Dell SecureWorks explains how he was able to trace 60 families of custom malware thanks to error messages yielded by a "connection bouncer" tool used by the hackers to hide their tracks, but which inadvertently pointed back to about a dozen command-and-control centers hosted by ISPs in China. Two of the malware families are known to have been used in the RSA SecurID breach. "It gives you a better line on attribution," Stewart told SCMagazineUS.com.
A host of high-profile breaches have defined 2011, from HBGary to Epsilon to Sony to RSA to Lockheed Martin. The motives for each attack have been different, but they all share something in common: The perpetrators wanted access to the database, where the company's crown jewels lie. Phil Neray, vice president of data security strategy at IBM, discusses why organizations must implement protections at the database level to both catch the adversaries in action and trace their footsteps for the forensic investigation.
In an interview with SC Magazine Managing Editor Greg Masters, David Koretz, CEO of web application security start-up Mykonos Software, explains why the industry needs a rethink. He says security products traditionally have produced too much data, which leads to stress on customers and too many false positives. And even with this preponderance of information, solutions still are missing threats, as evidenced by zero-day attacks that evade malware detection technology. Koretz explains why a shift in focus, plus increased education for college students, may make all the difference.
As virtualization becomes more mainstream, even in small and midsize organizations, security professionals must consider the risks of managing this emerging technology. Threats such as VM sprawl, in which IT departments lose visibility of their virtual assets, creates the potential of unpatched and vulnerable machines. Rob Juncker, VP of technology at Shavlik, sits down with SC Magazine Executive Editor Dan Kaplan to explain why organizations must apply the same security principles to their virtual machines as they do for their traditional computing systems.
SPONSORED VIDEO: Dave Asprey chats with SC Magazine Executive Editor Dan Kaplan on the RSA Conference showroom floor in San Francisco. Asprey explains that as cloud and virtualization technology gain traction with senior-level executives, enterprises are taking the time to build security into these projects. He also talks about the benefits of encryption in the cloud and how virtual machine density can be increased simply by running proper security products.
SPONSORED VIDEO: Michelle Cobb of Skybox Security chats with SC Magazine Editor-in-Chief Illena Armstrong on the RSA Conference showroom floor in San Francisco. Cobb discusses the importance of next-generation firewalls to protect systems from attack and reveals what organizations should prioritize in 2011, including identifying risks proactive, operationalizing security and automating controls.
Couldn't attend the 2011 SC Awards? Were you there and want to relive memories of the IT security industry's biggest - and most glamorous - night? Check out this video, which recaps all the pageantry of the event, where we honor those professionals, companies and solutions that represent the best of the information security marketplace.
Bruce Schneier, chief security technology officer of BT, discusses his forthcoming book, which examines "the why of security." In particular, by drawing on economic and behavioral theory and more, Schneier seeks to learn: Why does security exist and how can more closely examining this question result in better solutions? Schneier, who recently blogged about the book idea, spoke with SC Magazine Executive Editor Dan Kaplan at the RSA Conference in San Francisco.
Mikko Hypponen, chief research officer of F-Secure, distinguishes among cyberwar and everything else, explains why the anti-virus industry failed when it came to detecting and preventing Stuxnet, discusses why critical infrastructure is at major risk to attack and reveals how he tracked down the authors of the first PC virus, which turns 25 years old this year. SC Magazine Executive Editor Dan Kaplan spoke with Hypponen following a media luncheon at the RSA Conference in San Francisco.
Joe Lobianco, senior director of information security and risk management at CIBC, a major bank in Canada, breaks down the mobile application threat. He discusses security from the perspective of CIBC, which recently rolled out its mobile banking application, and delves into whether the mobile computing space will prompt the same risks as the traditional desktop environment.
Ann Cavoukian, privacy commissioner of Ontario, discusses how privacy risks must be considered as smart meters are deployed to homes throughout North America. Many utilities, she says, are overlooking the privacy dangers, such as third-parties gaining access to homeowners' electrical usage patterns, but that mindset must change.
SC Magazine Deputy Editor sits down with Laura Mather, founder of SilverTail Systems and a former fraud prevention expert at eBay, to discuss why back-end controls that sniff out fraudulent web activity may be just as important to organizations as front-end solutions, such as authentication.
SC Magazine reporter Angela Moscaritolo asks JR Smith, CEO of anti-virus firm AVG, for his thoughts on National Cyber Security Awareness Month, which kicked off this week. Smith also offers his suggestions on how organizations can best implement a culture of education around security best practices.
SC Magazine's Angela Moscaritolo recently traveled to Orlando, Fla. to the PCI Security Standard Council's annual North American Community Meeting to learn about the latest changes to the payment security standard and what merchants can expect in the form of additional guidance to reduce their compliance scope. During her trip, she sat down with Jeremy King, who heads the PCI Council's European operations, to discuss the developments.
In a conversation with SC Magazine Deputy Editor Dan Kaplan, Amichai Shulman, co-founder and CTO of Imperva, introduces a new research initiative underway and addresses the automated methods now used by attackers to compromise legitimate websites.
SC Magazine reporter Angela Moscaritolo sits down with Chester Wisniewski of Sophos to hear about the latest social engineering efforts that attackers are leveraging to work their way into organizations. He also sounds off on what security professionals must do to lock down their networks and how law enforcement is working to stem the tide of cybercrime.
SC Magazine Editor-in-Chief Illena Armstrong explains all you need to know about entering the 2011 SC Awards U.S. and how the categories and winners are chosen.
SC Magazine's Angela Moscaritolo chats with Christian Renaud, CEO of Palisade Systems, who discusses the unique security challenges facing small and midsize businesses and offers up some best practices they can put to use to protect themselves in today's threat landscape.
SC Magazine Managing Editor Greg Masters sits down with Patricia Titus, the former CISO at the Transportation Security Administration and current CISO at IT firm Unisys, to discuss how organizations should handle the threat posed by employees who seek to connect remotely and use mobile devices for work-related functions.
Alex Stamos of iSEC partners offers his take on the usefulness of incentive programs that encourage researchers to privately report vulnerabilities to vendors, in exchange for cash. While the initiatives might fatten the wallets of bug hunters, some believe it taints the mission of white-hat hackers.
Ivan Ristic, director of engineering at Qualys, provides an overview of his Black Hat 2010 talk, in which he presented a plethora of research findings into the state of SSL on the internet. As Ristic notes, websites are succeeding in some areas and falling short in others when it comes to deployment of SSL encryption.
Ben Feinstein, director of research at SecureWorks, reveals the inner workings of Russian cybercrime gang that leveraged botnets, VPN tunnels, social engineering and money mules to create a $9 million check counterfeiting scheme. Details of the racket were announced last week at the Black Hat conference in Las Vegas.
Mikko Hypponen, chief research officer at F-Secure, speaks with SC Magazine's Angela Moscaritolo after his Black Hat 2010 presentation, "You will be billed $90,000 for this call," which examined how hackers can secretly attack a smartphone to make long-distance calls — on your dime.
Barnaby Jack, director of security research at IOActive Labs, fields questions from the press shortly after wowing the Black Hat 2010 crowd with a talk about ATM vulnerabilities, both remote and local, that can allow attackers to retrieve free cash from the machines. In the press conference, Jack describes how he perpetrated the exploits. He references "Dillinger," an attack tool named after the infamous 1930s bank robber that he used to exploit one of the vulnerabilities — an issue in the remote monitoring authentication process, which is turned on by default in most machines made by manufacturer Tranax.
SC Magazine Deputy Editor Dan Kaplan sits down with Tripwire's Michael Thelander to learn whether compliance remains a driver for organizations, especially as new regulations pop up and existing mandates become more stringent. Thelander also touches on compliance in the cloud, and whether it can be achieved.
Paul Smith, CEO of PacketMotion, maker of network segmentation and compliance solutions, tells SC Magazine's Angela Moscaritolo how organizations can best guard against trusted insiders stealing company assets and intellectual property.
Glenn Hazard, CEO of identity and access management provider Xceedium, tells SC Magazine's Angela Moscaritolo what is driving this security industry sector and how it is morphing to keep up with the increasing mobile workforce.
SC Magazine reporter Angela Moscaritolo discusses the bustling M&A landscape with Gary Steele, CEO of Proofpoint, to learn what has prompted a recent flurry of activity and how security buyers should react when considering a solution.
SC Magazine's Angela Moscaritolo learns from Application Security Inc.'s Thom VanHorn of the latest trends around database security. A majority of the attacks come from insiders, but external attacks are quite prevalent as well. For example, government databases undergo constant "probing" from adversaries.
SC Magazine Deputy Editor Dan Kaplan sits down with Websense's vice president of product management to discuss today's web threats facing businesses of all sizes.
Paul Paget, president and CEO of Savant Protection, discusses how whitelisting is evolving as a viable alternative to traditional anti-virus defenses. In an interview with SC Magazine's Angela Moscaritolo, Paget also responds to the criticisms he often hears about whitelisting.
Bob Carr, CEO of Heartland Payment Systems, which suffered a record-breaking breach in 2008, has rolled out a new payment solution to its merchants that offers end-to-end encryption of sensitive transaction data. In an interview with SC Magazine's Deputy Editor Dan Kaplan, Carr discusses the new offering and offers an update on the company's recovery 18 months after it announced the breach, which exposed some 130 million records.
Chris Mark of ProPay discusses how some small- and mid-size businesses are falling victim to ACH fraud due to poor authentication.
Val Rahmani, CEO of Damballa, describes to SC Magazine Deputy Editor Dan Kaplan how organizations are starting to view botnets as a risk management concern, especially considering many businesses do not even realize that, on average, 5 to 10 percent of their endpoints are infected. In many cases, bot malware cannot be detected by conventional anti-virus products, so organizations must detect outbound communications between zombie machines and command-and-control hubs to gain visibility into the problem.
SC Magazine reporter Angela Moscaritolo interviews Eduard Goodman, chief privacy officer of Identity Theft 911, who says businesses are slow to develop policies for mobile device use, and smartphones can be the cause of many breaches.
Cenzic's Mandeep Khera discusses why SMBs are more susceptible to web application attacks.
