Mobile

What Next-Gen Security Looks Like

100%
0%

Virtualization and Cloud Solutions Architect Bill Kleyman shows how the nightmare of BYOD is giving rise to a new generation of intelligent, highly scalable security products and platforms.

Comment  | 
Print  | 
Comments
Threaded  |  Newest First  |  Oldest First
Susan Fogarty
50%
50%
Susan Fogarty,
User Rank: Apprentice
12/9/2013 | 9:49:44 AM
Mobile security
Bill, great video, I liked seeing the detailed example showing a specific security product and the different functionality it includes. Can you recommend other vendors that offer similar mobile security platforms as well?
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
12/9/2013 | 10:45:53 AM
Application Firewalls
Bill, I'm struck by your mention of application firewalls, which ties in very nicely with a recent column by Jeff Williams, CEO & Co-Founder, Aspect Security and also a founding members of the Open Web Application Security Project (OWASP). Jeff's point was that the industry still has a long way to go with application security within the development environment. Another contributor, Levi Gundert, mentioned behaviour scoring as defensive measure in his column about Zero-Day Drive-By Attacks: Accelerating & Expanding

That's kind of a roundabot way of asking you where you  see the most bang for the back in next generation secruity -- baked into the applicaton itself, in the intellegient platforms and tools that you speak about in your vblog, or a combination of the two.
Bill Kleyman
50%
50%
Bill Kleyman,
User Rank: Apprentice
12/9/2013 | 12:16:29 PM
Re: Application Firewalls
@Marilyn - It's definitely a combination of the two. Applications, APIs, and information all require good security practices. In some cases, security components are built into Apps, APIs and the infrastructure that supports it all. 

On the other hand, having overall environment security is a must as well. This means having intelligent systems which act proactively to mitigate as much threat to your infrastructure as possible. In all honesty this is what the future looks like too. Developers will build in security components into their apps. That will then couple with  infrastructure security solutions to ensure data and application integrity. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
12/9/2013 | 12:29:38 PM
Re: Application Firewalls
Thanks Bill. That sounds like an ecosystem that will require some greater standardization. Is that happening? 
Bill Kleyman
50%
50%
Bill Kleyman,
User Rank: Apprentice
12/9/2013 | 12:34:01 PM
Re: Application Firewalls
@Marilyn - That's a great question. I'm not sure if it's something we'll see standardized. Instead, it's the new application of security technologies around platforms like cloud, big data and applications.

Even then it's hard to tell. The entire security model is shifting to support a more dispersed and dynamically connected user. 
Susan Fogarty
50%
50%
Susan Fogarty,
User Rank: Apprentice
12/9/2013 | 8:43:19 PM
Re: Application Firewalls
Bill, that's a great point. One other trend I see gaining a lot of ground is toward securing the data itself, as well as the environement, devices, and apps. Especially now that companies are adopting cloud services and may have less control over their environments, data security becomes even more important.
Bill Kleyman
50%
50%
Bill Kleyman,
User Rank: Apprentice
12/9/2013 | 12:10:23 PM
Re: Mobile security
@Susan - Absolutely, NetScaler platforms are just one example. Next-generation security is really making a boom right now around application, data, and cloud security. Solutions from Checkpoint, Palo Alto, and Sourcefire (Cisco) all introduce new ways to secure the logical layer.

Remember, next-generation security is a concept -- not just one singular product. For example, an F5 Big-IP ADC (like the NetScaler) can also have components that fall into the next-generation security definition. 
Cultus
50%
50%
Cultus,
User Rank: Apprentice
4/2/2014 | 1:47:43 PM
Security
If you can make it more simple, but more safe it will be a success. This is the direction that we should be thinkings.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If youíre still focused on securing endpoints, youíve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2227
Published: 2014-07-25
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

CVE-2014-5027
Published: 2014-07-25
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.

CVE-2014-5100
Published: 2014-07-25
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_...

CVE-2014-5101
Published: 2014-07-25
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authn...

CVE-2014-5102
Published: 2014-07-25
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.