Security and vulnerability mgmt

Security and vulnerability mgmt news, trend analysis and opinion

Medical device security

Hexadite's Automated Incident Response Solution narrows the gap between detection and response

It's not uncommon for CIRT personnel to ignore various automated security alerts, largely because they don't have enough time to investigate every alert. As attacks become more frequent and threats grow more serious, the only way...


Enterprise Organizations Are Taking Steps to Improve Cybersecurity Analytics

Last week, online retail giant eBay announced that it was hacked between February and March of this year with stolen login credentials of an eBay employee.  This gave the hackers access to the user records of 145 million users...

The Emerging Cybersecurity Software Architecture

It's been a busy week for the information security industry.  FireEye announced the acquisition of nPulse which adds network forensics to its advanced malware detection/response portfolio.  IBM chimed in with a new Threat Prevention...

Hackers capture dynamic data to prepare for effective, stealthy attacks

"Offensive forensics is an attack technique hackers use to capture non-static data that can be useful in performing further attacks," says Joe Sremack, Principal, Berkeley Research Group, LLC, a computer forensics and e-discovery firm.

Hackers capture dynamic data to prepare for effective, stealthy attacks

"Offensive forensics is an attack technique hackers use to capture non-static data that can be useful in performing further attacks," says Joe Sremack, Principal, Berkeley Research Group, LLC, a computer forensics and...

CISOs Must “Think Different”

Remember the "Think Different" advertising campaign from Apple?  It ran from 1997 to 2000 and featured bigger-than-life personalities like Buckminster Fuller, Martin Luther King, and Pablo Picasso. The "Think Different" ads coincided

To Automate or Not to Automate (Incident Response): That Is the Question

The recently published Senate report on the Target breach exposed a dicey situation that is all too familiar to enterprise security professionals.  As it turns out, Target implemented malware detection technology from FireEye which...

Think Deleted Text Messages Are Gone Forever? Think Again

A former federal prosecutor and cybercrime expert tells CIO.com how IT departments can retrieve text messages that the user thought were deleted months or even years ago. As more litigation and investigations turn on the content of...

RSA Conference recap: Positive direction for security industry

Last week's RSA Conference was a whirlwind of meetings, presentations, and unusual west coast rain storms. I'm not sure about the attendance numbers but it seemed especially busy - not surprising after the many cybersecurity events...

Hot Topics at the RSA Conference

It's the calm before the storm and I'm not talking about the unusual winter weather.  Just a few days before the 2014 RSA Security Conference at the Moscone Center in San Francisco.In spite of this year's controversy over the...

Judging in the Olympics and IT Security: Subjective vs. Objective

I was watching the opening night events of the Sochi Olympics last night while I was finalizing my presentation for RSA Conference this month in San Francisco. My presentation is on what the right metrics are to measure security and...

8 ways physical security has evolved

Physical security has come a long way since the advent of the lock and key. But for all of its changes, the greatest aspect of the evolution of physical security is how it has begun to mesh with our digital world. Here are eight of...

Real-Time Big Data Security Analytics for Incident Detection

I’ve spent the last year or so doing research on the burgeoning field of big data security analytics. Based upon the time I’ve spent on this topic, I’m convinced that CISOs are looking for immediate help with incident detection, so...

IBM Is Focused on Burgeoning Enterprise Security Requirements

A few years ago, IBM’s information security assets were haphazardly scattered throughout its business units. RACF sat with the mainframe crew, IAM lived within the Tivoli group, and what remained of ISS gathered dust within IBM...

Large Organizations Need Open Security Intelligence Standards and Technologies

A few years ago, Trend Micro announced that it would enhance its on-site AV products with cloud-based intelligence it called the “Smart Protection Network” (SPN). I’m not sure if Trend was the first, but it certainly wasn’t the last

A holistic approach to combating advanced persistent threats

Security researcher Michael Sutton is really concerned. He says most companies haven’t advanced their security strategies to keep pace with today’s threats—especially the most serious advanced persistent threats. He recommends a...

The security industry remains strong with computer science, but weak on IT

Last week, I was in Silicon Valley meeting with a parade of CISOs and security vendors. Business travel is no “day at the beach,” but these trips really help me keep up with the latest enterprise security challenges and potential...

Security policy orchestration eases the process of making changes to complex networks

It’s growing more difficult to monitor and manage the near-constant changes to network configurations. Tufin Technologies introduces security policy orchestration is order to bring automation, collaboration and integration to the...

Security tool delivers surprise insights to Domino's Pizza

Marketers at Domino's Pizza are gaining new and more immediate insights into online coupon usage from an unexpected source: a security management tool used by the national chain's IT department.

Load More