Responsible network managers need to acknowledge that attacks leading to data breaches do happen and plan accordingly. By focusing on the fundamentals of best practices, they can control the breach and limit the amount of damage.
How do you know if you can trust a cloud service provider with your enterprise data? Skyhigh Networks, in conjunction with the Cloud Security Alliance, has developed a CloudTrust program that measures and evaluates more than 50 attributes that determine a trust rating.
Firewalls are often the first security mechanism that is installed on any network. For industrial control networks in municipal water systems, nuclear power plants and other critical infrastructure, firewalls simply aren’t good enough to keep attack payloads away. Industrial plants need unidirectional gateways to provide the ultimate security for critical control systems.
As companies move more of their applications to the cloud, they need a new enforcement point to protect data. Skyfence Networks offers a security gateway that monitors user activity for all cloud applications and prevents unauthorized access by malicious insiders and criminals using stolen credentials.
Many enterprises are still hesitant to officially embrace BYOD because of security concerns for data and applications. A new entrant in the mobile security market offers a fairly comprehensive array of security features. Marble Security focuses on protecting corporate assets by blocking risky behaviors and ensuring a secure network connection.
School districts across the country are looking for ways to stretch their meager funding. An identity and access management system can help the IT budget go the distance by reducing the man-hours needed to create and manage student and teacher accounts and through precision purchasing of only the materials needed for online learning.
If your company hasn’t updated its network access control (NAC) solution in a few years, resolve to look at the next generation of products now on the market. Current products are designed to make enabling BYOD (bring your own device) a whole lot easier.
WAN optimization has traditionally been a costly, hardware-heavy solution. Because of the cost and complexities of deployment, it has mostly been a solution for large companies with big budgets. Aryaka offers WAN Optimization as a Service, so now any size company with remote locations can benefit from accelerated access to enterprise or even cloud-hosted SaaS applications.
The fictional characters in the show NCIS are a whiz when it comes to using forensics to find digital evidence. In the real world, very few law enforcement officials have those skills, but that’s changing as more officers go through training at the National Computer Forensics Institute.
Want to have some fun while working on your network security skills? SANS Institute has opened its 10th annual Holiday Hacking Challenge. It’s a fun way to test your knowledge and learn a few new tricks while competing for awesome prizes.
Many small- to midsize businesses have woeful cybersecurity plans—if they have a plan at all. Cybersecurity is a complex issue but there are many simple steps that businesses can take to protect themselves. The Greater Houston Partnership has developed a thorough (but free) guide to help SMBs improve their security posture.
CISOs’ number one concern about allowing BYOD is the security of enterprise data. A close second is the security of the enterprise network that can be compromised by just one malware-infected smart device. Mojave Networks addresses those concerns by offering enterprise-grade security for mobile devices from the cloud.
Security researcher Michael Sutton is really concerned. He says most companies haven’t advanced their security strategies to keep pace with today’s threats—especially the most serious advanced persistent threats. He recommends a holistic approach that includes protection, detection and remediation.
It’s growing more difficult to monitor and manage the near-constant changes to network configurations. Tufin Technologies introduces security policy orchestration is order to bring automation, collaboration and integration to the process. The benefits include reducing the time to make secure changes from a week to a day.
According to OWASP, the top threat to Web applications is SQL injections that modify code in order to steal data. While traditional perimeter defenses have not been able to prevent these attacks, DB Networks has introduced a new core IDS that uses behavioral analysis to scrutinize the SQL code that is accessing databases.
Companies use surveillance cameras to record what is happening in physical locations. Now take that concept and apply it to IT systems. ObserveIT records the user interface actions that occur when someone is accessing your systems or applications. The result is a detailed audit trail that shows precisely who did what in both video and transcript format.
Startup Malcovery Security has a unique way of looking at phishing attacks. Through deep analysis of phishing spam, Malcovery can often identify the precise person behind waves of attacks. The idea is to take that person out of commission – preferably to put them behind bars – in order to eliminate the source rather than just the symptoms of phishing.
A new certification designed to advance industrial cyber security will launch in November. The cross-discipline certification focuses on the foundational knowledge that professionals responsible for securing critical infrastructure assets should know.
When you think of tech hubs – places with all of the resources to support innovative IT companies – you think of Silicon Valley, of course, and perhaps Austin, Boston and New York City. Would it surprise you to learn that an up-and-coming city in the southeastern part of the U.S. is also working hard to join those ranks?
Much has been written about encrypting data in the cloud, but several challenges persist. Who controls or has access to the keys, and where are the keys stored? KeyNexus, a division of Dark Matter Labs, addresses those challenges with an independent key management solution that separates the lock from the keys and gives the keys solely to the data owner.
Do you want to stop phishing attempts that spoof your company’s domain name? You can do that using the Doman-based Messaging, Authentication, Reporting and Conformance (DMARC) standard. Read on to learn how to deploy DMARC for your organization.
Already a success in its native Israel, Versafe is bringing its TotALL Online Fraud Protection Suite to North America. With solutions for web-based and native mobile applications, Versafe protects banking (and other) applications from fraud and other attacks at the application layer, protecting users without requiring them to download software.
IT security analysts have a tough job and it’s getting tougher every day. Not only is the number of pieces of hay in the haystack getting bigger, the number of needles in the hay is also growing. NetCitadel aims to address this challenge with a new Threat Management Platform that consolidates event information from numerous sensors, supplements that data with contextual information about incidents, and automates responses across security devices.
What appears to be a package tracking notice from a logistics company could really harbor a link to a drive-by download of malware. But now there is a global industry standard called DMARC that is designed to drastically reduce (and hopefully one day eliminate) phishing emails that spoof the real sources of the malicious mail.