Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Authentication security methods are getting better all the time, but they are still not infallible.
5 Questions to Ask about Machine Learning
Marketing hyperbole often exceeds reality. Here are questions you should ask before buying.
Ransomware Shows There's no Honor Among Cyberthieves
Proofpoint has found that one group of cybercrooks is stealing from other gangs of cybercriminals by using a proxy Tor browser to steal Bitcoins used to pay off ransomware threats.
Data Encryption: 4 Common Pitfalls
To maximize encryption effectiveness you must minimize adverse effects in network performance and complexity. Here's how.
Breach-Proofing Your Data in a GDPR World
Here are six key measures for enterprises to prioritize over the next few months.
DNS Hijacking: The Silent Threat That's Putting Your Network at Risk
The technique is easy to carry out and can cause much damage. Here's what you need to know about fighting back.
Cryptomining: Paying the Price for Cryptocurrency
The growing popularity of Bitcoin and other cryptocurrency has led to cryptomining, with enterprises and individuals running the software unknowingly. Here's a look at the underside of this new business model.
An Action Plan to Fill the Information Security Workforce Gap
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
OilRig's Use of RGDoor Shows Sophistication of Nation-State Attacks
OilRig, a group linked to Iran, has been installing RGDoor, a secondary backdoor that can reopen a system even if it's been fixed. Its use shows how sophisticated nation-state attacks are becoming.
Security Spending Increasing, Along With Data Breaches
In one of those good news/bad news reports on the state of security, the amount of money being spent on security is expected to increase this year, but the number of data breaches is also rising.\r\n\r\n
Hardware Security: Why Fixing Meltdown & Spectre Is So Tough
Hardware-based security is very difficult to break but, once broken, catastrophically difficult to fix. Software-based security is easier to break but also much easier to fix. Now what?
Selling Cloud-Based Cybersecurity to a Skeptic
When it comes to security, organizations don’t need to look at cloud as an either/or proposition. But there are misconceptions that need to be addressed.
How Containers & Serverless Computing Transform Attacker Methodologies
The pace of hacker innovation never slows. Now security technologies and methods must adapt with equal urgency.
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
8 Personal & Professional Data Privacy Tips to Follow
With International Data Privacy Day coming later this month, Security Now offers a checklist to help protect personal and professional data.
Avoiding the Epidemic of Hospital Hacks
Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
Security Automation: Time to Start Thinking More Strategically
To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.
GDPR: Ready or Not, Here It Comes
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
Linus Torvalds: Intel's Spectre Patch Is 'Complete & Utter Garbage'
In a scathing assessment of Intel's efforts to patch the Spectre flaw, Linux inventor Linus Torvalds offers no quarter for the chipmaker.
Meltdown, Spectre Patches, Performance & My Neighbor's Sports Car
When a flaw in the engine of a data center server makes it run more like a Yugo than a Porsche, it's the lawyers who will benefit.
5 Steps to Better Security in Hybrid Clouds
Following these tips can improve your security visibility and standardize management across hybrid environments.
9 Steps to More-Effective Organizational Security
Too often security is seen as a barrier, but it's the only way to help protect the enterprise from threats. Here are tips on how to strengthen your framework.
SamSam Ransomware Continues Making Hospitals Sick
SamSam or Samas continues to surface in hospitals and other healthcare facilities. The way the ransomware works shows how vulnerable healthcare is to these particular types of attacks.
Thycotic's Joseph Carson: Government & Encryption Issues Will Be Huge
In the second part of his Q&A with Security Now, Thycotic Chief Security Scientist Joseph Carson talks about encryption and the role that governments play in security.
Understanding Supply Chain Cyber Attacks
While the attack surface has increased exponentially because of the cloud and everything-as-a-service providers, there are still ways in which host companies can harden supply chain security.
Spectre Can Obfuscate Tracking Tools, Too
As the security community learns more about the Spectre vulnerability, clever coders are already finding other exploits. Here's looking at the first of many.
Tax Reform, Cybersecurity-Style
How the security industry can be more effective and efficient by recognizing four hidden "taxes" in the buying and selling process.
Applying Defense-in-Depth to the Digital Battlefield
How a layered security strategy can minimize the threat and impact of a data breach.
How to Keep Blue Teams Happy in an Automated Security World
The creativity and intuition of your team members must be developed and nurtured.
The Startup Challenge: Safe in the Cloud from Day One
How a Seattle travel company built a rock-solid mobile app without sacrificing performance or security.
Living with Risk: Where Organizations Fall Short
People tasked with protecting data are too often confused about what they need to do, even with a solid awareness of the threats they face.
How AI Would Have Caught the Forever 21 Breach
Companies must realize that the days of the desktop/server model are over and focus on "nontraditional" devices.
Google Chrome Extensions Hide Malice
Researchers from ICEBEG found malicious code hiding in four popular Google Chrome extensions. The search giant is working to fix the problem.
In Security & Life, Busy Is Not a Badge of Honor
All security teams are busy, but not all security teams are productive. The difference between the two is huge.
Thycotic's Joseph Carson: Hackers Will Soon Read Your Mind
In the first part of his Q&A with Security Now, Thycotic's Joseph Carson talks privacy in an interconnected world and how hackers will soon read minds.
Mental Models & Security: Thinking Like a Hacker
These seven approaches can change the way you tackle problems.
Top 3 Pitfalls of Securing the Decentralized Enterprise
Doubling down on outdated security practices while the number of users leveraging your enterprise network grows is a race to the bottom for businesses moving to distributed workflows.
After Spectre & Meltdown, Intel Faces an 'Evil Maid' Problem
In a rough start to 2018, Intel is dealing with the Spectre and Meltdown vulnerabilities in its CPUs, and now the chip maker is confronting reports of a flaw that leaves chips open to an 'Evil Maid' attack.
What Can We Learn from Counterterrorism and National Security Efforts?
The best practices and technologies that originated in the intelligence realm can help businesses stay safer, too.
Security Warning: Intel Inside
At CES, Intel CEO Brian Krzanich looked to reassure the whole industry that the chip maker would ensure that its processors were secure following the Meltdown and Spectre disclosures.
Privacy: The Dark Side of the Internet of Things
Before letting an IoT device into your business or home, consider what data is being collected and where it is going.
AI in Cybersecurity: Where We Stand & Where We Need to Go
How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.
Why Facebook Security Questions Are no Substitute for MFA
If identity is established based on one thing you know and one thing you have, the latter should not also be a thing you know because in the sharing economy, we share everything.
'Shift Left': Codifying Intuition into Secure DevOps
Shifting left is more than a catchy phrase. It's a mindset that emphasizes the need to think about security in all phases of the software development life cycle.
Smaller Financial Firms Preparing for New Ransomware Threats
Nearly a year after WannaCry and other ransomware attacks that targeted financial institutions, smaller firms are looking to prepare. Here's what the CISO of Texas-based Real Time Resolutions is doing to fight back.
'Back to Basics' Might Be Your Best Security Weapon
A company's ability to successfully reduce risk starts with building a solid security foundation.
WPA3 Standard Teased at CES Following KRACK Attack
A few months after the KRACK attack, the Wi-Fi Alliance unveiled a few details about the upcoming WPA3 standards, with an emphasis on security and encryption.
'Tis the Season: Dark Reading Caption Contest Winners
Bricked devices, penetration tests, and virtual reality were among the themes submitted in our latest holiday caption competition. And the winners are ...
CISOs' Cyber War: How Did We Get Here?
We're fighting the good fight -- but, ultimately, losing the war.
Dell EMC, VMware Race to Plug Virtual Appliance Security Hole
Dell EMC, along with VMware, are hard at work plugging a zero-day exploit that targets the companies' virtual appliance gear.
|
Incorporating a Prevention Mindset into Threat Detection and ResponseThreat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time.
The report covers areas enterprises should focus on:
What positive response looks like.
Improving security hygiene.
Combining preventive actions with red team efforts.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
