Phishing attacks victimize the email recipient who opens the message AND the company whose domain name has been spoofed in the attack. If enough people get malicious emails that appear to come from legitimate companies, people simply begin to ignore email from them. Now the DMARC email specifications help prevent that kind of brand abuse.
Many companies are anxious to take advantage of big data cloud services to crunch vast amounts of data for analysis. However, the lack of inherent data security can be a deal-breaker. Now there's a new service that provides integrated data encryption throughout the processes and infrastructure of Amazon EMR. Service subscribers maintain complete control of their encryption keys, thus bolstering the security of their data.
CIOs everywhere are transforming their data centers from purely physical infrastructures located on-premises to virtual infrastructures that also make use of the cloud. Read how one data-driven company made the transition.
There's hardly a company that doesn't have a problem with cloud services creating "shadow IT." That is, employees using services that you may or may not know about. Most CIOs think their company uses about 25 to 40 cloud services, but the reality is more like 200 to 400. Skyhigh Networks lets you discover and control all the cloud services your company uses -- whether you've authorized them or not.
An innovative approach to security awareness training is to use simulated attacks on workers. A recent Naked Security survey shows that 85% of IT security professionals say it's good to send workers fake phishes with the aim of educating them about their vulnerability and getting them to change their behavior. Is there benefit in this approach to user education?
I recently had a conversation with the CISO of a small company that has a relatively large target on its back. This company hosts Web portals for its clients to accept electronic payments. For example, when you go to an online retailer's checkout process and get passed to a secure site, it's possible that this company is hosting that payment site. You can see how this kind of activity would make this company attractive to hackers looking for credit card information.
With so much emphasis on all forms of security these days, business applications remain one of the most vulnerable and most frequently exploited IT components. Investment in application monitoring should be a part of a comprehensive defense strategy. Keith Brogan of managed security provider Vigilant provides his thoughts on the importance of application security.
One of the most sophisticated kinds of cyberattacks uses memory-resident malware. The software can't be detected using traditional forensic techniques. Security professionals need new skills and a whole new approach to find this most insidious malware, and there's a new course from SANS Institute that covers memory forensics in-depth.
Get ready for SMiShing, or phishing attacks that come to your mobile phone. These types of attacks are on the rise, and with so many people using their smartphones to access corporate networks and data, it's a new danger in the world of BYOD. Follow these tips to avoid becoming a victim.
How well have you built your IT security defenses? Can your system withstand an attack? The worst time to answer these questions is during an actual attack. Ixia helps you model a variety of attack scenarios so you can test your defenses before they are needed for real.
Anyone who has ever had to implement a Security Information and Event Management (SIEM) solution can attest that it takes concerted effort to get the best value from the solution. SIEMs are pretty complex products, as they are designed to take log and event data from various devices, apply rules to correlate the information in real-time, and then alert security professionals when significant events are discovered.
Regular readers of Network World know there is a crime spree taking place in cyberspace. Hackers are coming into servers at will through backdoors and directing these servers or the websites they host to perform all sorts of malicious deeds. Incapsula just introduced a cloud-based service that can detect and mitigate the problem of backdoors that are surreptitiously planted on Web servers.
IT security professionals sometimes have a tough choice: put reins on the business until all necessary security controls are in place, or let the business run at the pace it wants with security controls that may have weaknesses or gaps? A new security orchestration platform from NetCitadel aims to resolve that conflict by automating security changes across multiple platforms and within physical, virtual and cloud environments.
The first rule of managing a BYOD environment is to set good policies governing who can do what activities and access which data. But if you don't know what apps really do -- like harvesting a smartphone user's contact list -- you can't build effective policies. Appthority helps you manage the risk from mobile applications by analyzing what apps are actually capable of doing.
According to some research, more than 70% of organizations permit use of personally owned devices for business purposes. If your company is among them, read on. I have some eye-opening information that might make you rethink your BYOD policy and the measures you take to protect corporate data.
Gartner says that identity and access management offered as a cloud-based service (IDaaS) is an up-and-coming market for a growing need. As more enterprises utilize more applications as a service (SaaS), they need an easy way to provision users and oversee the rights that have been assigned.
DDoS attacks are on the rise and growing more complex. A majority of respondents in a recent survey from Neustar indicate a service outage would cost their companies $10,000 or more per hour in lost revenues. Follow these tips to mitigate an attack against your organization.
Do you know where your sensitive data is? If you can't answer a definitive "yes," then maybe it's time to conduct a data discovery exercise to see if your organization has unencrypted sensitive data in vulnerable places.
Wisegate, the professional networking organization for IT and information security professionals, recently convened its members to discuss their top IT security threats for the coming year. Read what's on their minds, and how they plan to address the threats.
You've heard of software as a service, infrastructure as a service and even security as a service. Now there is LAN as a service, a business model that lets you acquire a modern network infrastructure and pay only for the ports you use.
Security firm Trend Micro has identified spear-phishing emails as a top vector for allowing advanced persistent threats (APTs) onto company networks. Attackers use personal information to gain a victim's confidence and then zap him or her with malware that can scout for and exfiltrate confidential data. Share these best practices with your colleagues to "avoid the spear."
If you think you might like to add some new skills to your resume, put cybersecurity on the list. SANS Institute has an intense, hands-on training program that develops your skills while allowing you to compete against others to test your mettle.
In a global survey conducted by consulting firm PwC, fewer than one-third of the surveyed executives say they are very confident they've instilled effective information security behaviors into their organization culture. It's time to build "the human firewall."
To hear Rod Canion and his fellow co-founders of Compaq Computer Corporation tell it, Compaq was an amazing company during its 20-year existence. From humble beginnings on farmland north of Houston to the Fortune 500 list, Compaq was the undisputed global leader of the PC industry for a number of years. Now Canion is defining his company's legacy -- one that you have benefited from greatly.