Andrew Lee, CEO of ESET North America, sits down with SC Magazine Executive Editor Dan Kaplan to discuss why security education needs to make its way into school curricula. This will allow students to become better protectors of their personal critical infrastructure — their homes — and prepare them to be security conscious employees once they enter the working world.
SC Magazine Executive Editor Dan Kaplan sits down with a Juniper security executive to learn why the trend of mobility and data migration should be a top concern for security professionals, and how they can institute best practices to deal with the new risk.
Security researcher Dillon Beresford speaks to the press at the Black Hat conference in Las Vegas following his presentation which demonstrated how to hack into Siemens industrial control systems. Beresford specifically uncovered “replay attack” vulnerabilities in programmable logic controllers, or PLCs, which are used in organizations such as power plants to automate processes. He told the media that part of his motivation for the research was to debunk conventional thinking that SCADA attacks require deep pockets. This week, ICS-CERT issued an advisory warning of the bugs in the Berlin-based Siemens products.
While McAfee’s recently released “Shady RAT” report concentrated on the victims of a mass cyberespionage ring, another researcher has decided to focus his attention on the adversaries behind such attacks. In a video recorded last week at the Black Hat conference in Las Vegas, Joe Stewart of Dell SecureWorks explains how he was able to trace 60 families of custom malware thanks to error messages yielded by a “connection bouncer” tool used by the hackers to hide their tracks, but which inadvertently pointed back to about a dozen command-and-control centers hosted by ISPs in China. Two of the malware families are known to have been used in the RSA SecurID breach. “It gives you a better line on attribution,” Stewart told SCMagazineUS.com.
A host of high-profile breaches have defined 2011, from HBGary to Epsilon to Sony to RSA to Lockheed Martin. The motives for each attack have been different, but they all share something in common: The perpetrators wanted access to the database, where the company’s crown jewels lie. Phil Neray, vice president of data security strategy at IBM, discusses why organizations must implement protections at the database level to both catch the adversaries in action and trace their footsteps for the forensic investigation.
In an interview with SC Magazine Managing Editor Greg Masters, David Koretz, CEO of web application security start-up Mykonos Software, explains why the industry needs a rethink. He says security products traditionally have produced too much data, which leads to stress on customers and too many false positives. And even with this preponderance of information, solutions still are missing threats, as evidenced by zero-day attacks that evade malware detection technology. Koretz explains why a shift in focus, plus increased education for college students, may make all the difference.
As virtualization becomes more mainstream, even in small and midsize organizations, security professionals must consider the risks of managing this emerging technology. Threats such as VM sprawl, in which IT departments lose visibility of their virtual assets, creates the potential of unpatched and vulnerable machines. Rob Juncker, VP of technology at Shavlik, sits down with SC Magazine Executive Editor Dan Kaplan to explain why organizations must apply the same security principles to their virtual machines as they do for their traditional computing systems.
SPONSORED VIDEO: Dave Asprey chats with SC Magazine Executive Editor Dan Kaplan on the RSA Conference showroom floor in San Francisco. Asprey explains that as cloud and virtualization technology gain traction with senior-level executives, enterprises are taking the time to build security into these projects. He also talks about the benefits of encryption in the cloud and how virtual machine density can be increased simply by running proper security products.
SPONSORED VIDEO: Michelle Cobb of Skybox Security chats with SC Magazine Editor-in-Chief Illena Armstrong on the RSA Conference showroom floor in San Francisco. Cobb discusses the importance of next-generation firewalls to protect systems from attack and reveals what organizations should prioritize in 2011, including identifying risks proactive, operationalizing security and automating controls.
Couldn’t attend the 2011 SC Awards? Were you there and want to relive memories of the IT security industry’s biggest – and most glamorous – night? Check out this video, which recaps all the pageantry of the event, where we honor those professionals, companies and solutions that represent the best of the information security marketplace.