Analytics // Security Monitoring
News & Commentary
10 Tips for Securing Your SAP Implementation
Sean Martin, CISSP | President, imsmartin
Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.
By Sean Martin CISSP | President, imsmartin, 4/23/2016
Comment0 comments  |  Read  |  Post a Comment
Databases Remain Soft Underbelly Of Cybersecurity
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Most enterprises still don't continuously monitor database activity.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/21/2016
Comment0 comments  |  Read  |  Post a Comment
MIT AI Researchers Make Breakthrough On Threat Detection
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New artificial intelligence platform offers 3x detection capabilities with 5x fewer false positives.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/18/2016
Comment1 Comment  |  Read  |  Post a Comment
7 Lessons From The Panama Papers Leak
Sara Peters, Senior Editor at Dark ReadingNews
Hopefully your organization isn't hiding as many dark secrets as Mossack Fonseca, but the incident still brings helpful hints about data security, breach response, and breach impact.
By Sara Peters Senior Editor at Dark Reading, 4/5/2016
Comment2 comments  |  Read  |  Post a Comment
Machine Learning In Security: Seeing the Nth Dimension in Signatures
Gunter Ollmann,  Chief Security Officer, VectraCommentary
How adding “supervised” machine learning to the development of n-dimensional signature engines is moving the detection odds back to the defender.
By Gunter Ollmann Chief Security Officer, Vectra, 3/31/2016
Comment2 comments  |  Read  |  Post a Comment
Machine Learning In Security: Good & Bad News About Signatures
Gunter Ollmann,  Chief Security Officer, VectraCommentary
Why security teams that rely solely on signature-based detection are overwhelmed by a high number of alerts.
By Gunter Ollmann Chief Security Officer, Vectra, 3/30/2016
Comment0 comments  |  Read  |  Post a Comment
The Threat Of Security Analytics Complexity
Brian Gillooly, Vice President, Event Content & Strategy, UBM TechCommentaryVideo
Congratulations! You're protecting your organization with layered security...but now you're drowning in more security analytics data flows than you can handle.
By Brian Gillooly Vice President, Event Content & Strategy, UBM Tech, 3/23/2016
Comment8 comments  |  Read  |  Post a Comment
Using Offensive Security Mindset To Create Best Defense
Brian Gillooly, Vice President, Event Content & Strategy, UBM TechCommentaryVideo
Carbon Black's CTO and chief security strategist talk about how their background in offensive security helps them think like attackers, and better defend against them.
By Brian Gillooly Vice President, Event Content & Strategy, UBM Tech, 3/2/2016
Comment0 comments  |  Read  |  Post a Comment
Why Your Security Tools Are Exposing You to Added Risks
Dave Aitel & Alex McGeorge, CEO & Head of Threat Intelligence, Immunity Inc.Commentary
The big lesson from 12 months of security product vulnerabilities: there’s no foundation of trust in any piece of software. They all represent a potential new attack vector.
By Dave Aitel & Alex McGeorge CEO & Head of Threat Intelligence, Immunity Inc., 3/2/2016
Comment3 comments  |  Read  |  Post a Comment
Measuring Security: My ‘Dwell Time’ Obsession
Jeff Schilling, Chief of Operations and Security, ArmorCommentary
How I discovered the critical metric to fuel my drive to create the most secure environment possible.
By Jeff Schilling Chief of Operations and Security, Armor, 2/29/2016
Comment1 Comment  |  Read  |  Post a Comment
Breach Stats: Improving From Abysmal To Just Awful
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Breach response times and volumes decreased significantly last year, but overall numbers still look ugly.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/25/2016
Comment0 comments  |  Read  |  Post a Comment
The Rise Of Community-Based Information Security
Peter Zavlaris, Analyst, RiskIQCommentary
The more vendors, service providers, and companies’ band together to fight security threats, the more difficult it will become for attacks to succeed.
By Peter Zavlaris Analyst, RiskIQ, 12/28/2015
Comment2 comments  |  Read  |  Post a Comment
Survey: When Leaving Company, Most Insiders Take Data They Created
Sara Peters, Senior Editor at Dark ReadingNews
Most employees believe they own their work, and take strategy documents or intellectual property with them as they head out the door.
By Sara Peters Senior Editor at Dark Reading, 12/23/2015
Comment15 comments  |  Read  |  Post a Comment
‘Re-innovating’ Static Analysis: 4 Steps
Kevin E. Greene, Cyber Security Thought LeaderCommentary
Before we pronounce the death of static analysis, let’s raise the bar with a modern framework that keeps pace with the complexity and size found in today’s software.
By Kevin E. Greene Cyber Security Thought Leader, 12/9/2015
Comment4 comments  |  Read  |  Post a Comment
Introducing ‘RITA’ for Real Intelligence Threat Analysis
John Strand, SANS Senior Instructor & Owner, Black Hills Information SecurityCommentary
SANS' free, new framework can help teams hunt for attackers by extending traditional signature analysis to blacklisted IP addresses and accounts that have multiple concurrent logons to multiple systems.
By John Strand SANS Senior Instructor & Owner, Black Hills Information Security, 11/20/2015
Comment0 comments  |  Read  |  Post a Comment
Don’t Toy With The Dark Web, Harness It
James Chappell, CTO & Founder, Digital ShadowsCommentary
The Dark Web’s sinister allure draws outsized attention, but time-strapped security teams would benefit from knowing what's already circulating in places they don't need Tor or I2P to find.
By James Chappell CTO & Founder, Digital Shadows, 11/16/2015
Comment4 comments  |  Read  |  Post a Comment
Machine Learning: Perception Problem? Maybe. Pipe Dream? No Way!
Mike Paquette, VP Products, PrelertCommentary
Guided by an organization's internal security experts,'algorithmic assistants' provide a powerful new way to find anomalies and patterns for detecting cyberthreat activity.
By Mike Paquette VP Products, Prelert, 11/11/2015
Comment0 comments  |  Read  |  Post a Comment
Why Threat Intelligence Feels Like A Game Of Connect Four
Kristi Horton, Lead Intelligence Officer, Financial Services Information Sharing and Analysis Center (FS-ISAC)Commentary
In real life, solving the cybersecurity puzzle has many challenges. But shared wisdom and community defense models are making it easier to connect the dots.
By Kristi Horton Lead Intelligence Officer, Financial Services Information Sharing and Analysis Center (FS-ISAC), 11/10/2015
Comment2 comments  |  Read  |  Post a Comment
Security Analytics Still Greenfield Opportunity
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Surveys out this week show improvement in the use of analytics and threat intelligence but room for better execution.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/29/2015
Comment0 comments  |  Read  |  Post a Comment
Machine Learning Is Cybersecurity’s Latest Pipe Dream
Simon Crosby, Co-founder & CTO, BromiumCommentary
Rather than waste money on the unproven promises of ML and AI, invest in your experts, and in tools that enhance their ability to search for and identify components of a new attack.
By Simon Crosby Co-founder & CTO, Bromium, 10/29/2015
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by randyorton
Current Conversations good one
In reply to: Re: analytics
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Better he's on the Internet than on the couch."
Current Issue
Understanding & Managing the Mobile Security Threat
Mobile devices are increasing IT security risk. Is your enterprise ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join us as Dark Reading editors speak with IT security hiring experts about improving IT career prospects.