CISOs’ number one concern about allowing BYOD is the security of enterprise data. A close second is the security of the enterprise network that can be compromised by just one malware-infected smart device. Mojave Networks addresses those concerns by offering enterprise-grade security for mobile devices from the cloud.
Security researcher Michael Sutton is really concerned. He says most companies haven’t advanced their security strategies to keep pace with today’s threats—especially the most serious advanced persistent threats. He recommends a holistic approach that includes protection, detection and remediation.
It’s growing more difficult to monitor and manage the near-constant changes to network configurations. Tufin Technologies introduces security policy orchestration is order to bring automation, collaboration and integration to the process. The benefits include reducing the time to make secure changes from a week to a day.
According to OWASP, the top threat to Web applications is SQL injections that modify code in order to steal data. While traditional perimeter defenses have not been able to prevent these attacks, DB Networks has introduced a new core IDS that uses behavioral analysis to scrutinize the SQL code that is accessing databases.
Companies use surveillance cameras to record what is happening in physical locations. Now take that concept and apply it to IT systems. ObserveIT records the user interface actions that occur when someone is accessing your systems or applications. The result is a detailed audit trail that shows precisely who did what in both video and transcript format.
Startup Malcovery Security has a unique way of looking at phishing attacks. Through deep analysis of phishing spam, Malcovery can often identify the precise person behind waves of attacks. The idea is to take that person out of commission – preferably to put them behind bars – in order to eliminate the source rather than just the symptoms of phishing.
A new certification designed to advance industrial cyber security will launch in November. The cross-discipline certification focuses on the foundational knowledge that professionals responsible for securing critical infrastructure assets should know.
When you think of tech hubs – places with all of the resources to support innovative IT companies – you think of Silicon Valley, of course, and perhaps Austin, Boston and New York City. Would it surprise you to learn that an up-and-coming city in the southeastern part of the U.S. is also working hard to join those ranks?
Much has been written about encrypting data in the cloud, but several challenges persist. Who controls or has access to the keys, and where are the keys stored? KeyNexus, a division of Dark Matter Labs, addresses those challenges with an independent key management solution that separates the lock from the keys and gives the keys solely to the data owner.
Do you want to stop phishing attempts that spoof your company’s domain name? You can do that using the Doman-based Messaging, Authentication, Reporting and Conformance (DMARC) standard. Read on to learn how to deploy DMARC for your organization.
Already a success in its native Israel, Versafe is bringing its TotALL Online Fraud Protection Suite to North America. With solutions for web-based and native mobile applications, Versafe protects banking (and other) applications from fraud and other attacks at the application layer, protecting users without requiring them to download software.
IT security analysts have a tough job and it’s getting tougher every day. Not only is the number of pieces of hay in the haystack getting bigger, the number of needles in the hay is also growing. NetCitadel aims to address this challenge with a new Threat Management Platform that consolidates event information from numerous sensors, supplements that data with contextual information about incidents, and automates responses across security devices.
What appears to be a package tracking notice from a logistics company could really harbor a link to a drive-by download of malware. But now there is a global industry standard called DMARC that is designed to drastically reduce (and hopefully one day eliminate) phishing emails that spoof the real sources of the malicious mail.
Cyber thieves are getting more sophisticated in their approaches to targeting specific intellectual property. Like surgeons, they can extract a certain valuable file and leave little trace that they’ve ever been in your network. This makes it increasingly important to protect your most sensitive files.
Have you ever thought about asking a vendor what their solution doesn’t do well? This isn’t a trick question, but it is a way to see how honest a potential new vendor is willing to be with you. Members of the Wisegate professional networking group offer their tips on how to manage vendors to your benefit.
Today’s advanced persistent threats are purpose-built to steal intellectual property and other sensitive data. It takes a next generation purpose-built security solution to detect and stop these kinds of attacks before the perpetrators get what they came for. FireEye’s multi-vector virtual machine protects the weakest link in the enterprise: the user at an endpoint.
What would you do if a U.S. Federal government agency locked your PC until you paid a fine? While the PC may be locked and seemingly unusable, it’s not the Department of Justice or FBI that has done this to you. Quite the contrary, the lock was placed by malware distributed by a cyber criminal that the FBI would like to catch. In effect, your PC has been hijacked and held for ransom.
Centrify has long had a solution to tie UNIX, Linux and Mac environments to Active Directory to enable unified identity management. Now that more applications are in the cloud and more people are accessing their apps via mobile devices, Centrify has expanded its identity management capabilities to SaaS applications and it provides device authentication for a variety of mobile devices.
Small to mid-sized companies typically don’t have the budgets and the highly skilled IT people to support a sophisticated datacenter infrastructure. But new hyper-converged systems allow these companies to deploy a modern virtualized infrastructure at a low cost and with the general IT skills already on staff.
Forget about those highly vulnerable usernames and passwords. Authentify has just announced a new primary authentication method that is built upon a complete digital certificate PKI underpinning, but neither the enterprise nor the end user sees any of the complexity of the solution.
With "big data" grabbing headlines and Hadoop being the poster child for implementing big data, there is tremendous interest in this open source software, largely because the software is cheap and runs on commodity hardware. Hadoop's big shortcoming is its lack of inherent security. Zettaset addresses the security issue, as well as availability and manageability, with a “wrapper” that adds features that make Hadoop ready for the enterprise.
Most forms of malware and advanced persistent threats enter the enterprise through vulnerable endpoints. A new solution from Trusteer uses innovative techniques to prevent exploits and malware from compromising the endpoints and extracting information.
Cloud computing is fundamentally changing the ways that IT resources are made available to the business units and individual workers who really need them. With instant provisioning, departments can get what they need immediately. Unfortunately that means that the CIO and CFO have lost visibility to the costs that are incurred for these resources. Now a service called Cloud Cruiser is bringing visibility and control back to the CIO without placing restrictions on departmental use of cloud services.