Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Trust No One, Monitor Everyone?
'Zero Trust' model strikes a chord with user-borne attack concerns but could be overkill, experts say
User Authentication In E-Commerce
When we designed SSL to enable e-commerce on the Web, we had to solve two issues. One was the Web's openness -- the fact that anybody can read anything -- and the other was how parties might authenticate with one another.
Why The Insider Threat Is Ignored
The insider threat is complicated, and most organizations do not fully understand the magnitude of the problem. There are three main reasons why the insider threat has been ignored: Organizations do not know it's happening, it's easy for organizations to be in denial, and organizations fear bad publicity.
Top Excuses For Foregoing Security Monitoring, Logging
Monitoring for security incidents can be tough. It's tougher when you don't know what to look for. Now imagine trying to investigate an incident when you don't have any logs to analyze.
Five Main Causes Of SMB Security Incidents
Like you, I have read many articles covering small business security, the authors of which have made up various lists of "top X threats" or "this year's biggest vulnerabilities," etc. So I thought it would be interesting to dig into a sampling of the data breach reports and collect some real data on causes of breaches and other security incidents in SMBs.
Lock-Picking Popularity Grows
As security professionals, it is easy to get focused only on the technical side of security and forget about the importance of physical security.
The Top Five Ways Attackers Target Small Businesses -- And What You Can Do About It
SMBs are becoming a favorite target for cybercriminals. Is your organization taking the right steps to stop them?
'Here You Have' A Lesson
It's been interchangeably called spam, or a targeted attack that spun out of control, or a form of cyber-jihad with alleged geopolitical implications. But regardless of what you call it, the "Here You Have" email worm is an excellent example of just how well today's security can work. Here are a few justifications for that optimism.
Different Flavors Of The Insider Threat
There are different categories of insider threats, based on the level of access the employee has. There are four types: pure insider, insider associate, insider affiliate, and outside affiliate. Each of these categories also has different motives. Understanding each is a key to building proper preventive and detective defenses.
Web-Based Spam Detection With Google Alerts
Search engines are great, powerful tools. They can help find an answer when you've tried everything you can think of. They can also help find information about a company you may be performing a penetration test on.
The What And The Why Of Professional Penetration Testing
Welcome to the first in a series of posts on professional penetration testing. During the course of the next few entries, I will shed light on the often confusing and rarely straightforward world of penetration testing based on my experience during the past decade as both a professional penetration tester and a manager of penetration testing teams.
Missing The Insider Threat
"I trust everyone. It is the devil inside that I do not trust" is a great line from the movie "The Italian Job." Every single person has the potential to do harm if the right circumstances occur. Yes, this includes employees.
Protegrity Gets Aggressive
Last week Protegrity announced it had filed patent infringement suits against NuBridges and Voltage Security Inc., its main competitors. Patent infringements suits are nothing new with technology companies, but this one was a little odd in that the suits were actually filed in May.
Google Bolsters Apps With Two-Step Verification
Protection will be available first to Google Apps Premiere, Government, and Education edition users, at no extra charge
A Lesson From Steve Jobs' Email
We've all had one of these moments: You get an email and quickly respond without putting much thought into it. Then you end up wishing you'd taken more time.
Forrester Pushes 'Zero Trust' Model For Security
New security approach would view internal network traffic as untrusted, as well as closely monitor and analyze all traffic inside and outside of the organization
Taking USB Attacks To The Next Level
USB devices have many benign, legitimate uses. But put a USB-based device in the hands of a savvy hardware hacker, and that USB device can go from good to evil in no time.
Dark Reading Launches Tech Center On Security Monitoring
Today Dark Reading launches a new feature: the Security Monitoring Tech Center, a subsite of Dark Reading devoted to bringing you news, insight, and in-depth reporting on the topic of security data monitoring and analysis.
Relying On Tools Makes You Dumber
It takes a lot of time and effort to stay up on the latest vulnerabilities, attacks, and tools. Often, we in the security field rely on tools to automate parts of a vulnerability assessment or penetration test, but our testing should never rely only on the tools. If all we ran were some tools and blindly trusted their output,then we would be no better than your average script kiddie.
State Of Cybercrime Legislation Around The World
The main problem with international law enforcement on cybercrime is that even with efforts by the FBI and others, international communication between different agencies around the world is extremely slow.
'Virus Crashes Plane' And Poor Safety Protocols
Now that people are done making noise about how a "virus crashes a plane," the subject can be discussed reasonably.
Authentication A Problem That Needs a Solution -- Yesterday
A number of distinct developments brought about the current authentication schemes we see in networks today.
Ownage By USB Keyboard
When was the last time Windows asked you for permission before adding your new hardware -- say, a mouse?
Seven Features To Look For In Database Assessment Tools
As a follow-up to my "Essentials of Database Assessment" post, I want to go over some of the basic features and functions to look for in a database assessment product. Many features differentiate one tool from another, but I'll focus in on the top seven items you should review.
Keep Your Browser Updated
During the Labor Day weekend, I got pulled in by friends and relatives (some remotely) to take care of their computer-related problems.
Anticipating The First Car Virus
I've been thinking a lot about Intel's acquisition of McAfee, and recently spent the afternoon with the company reviewing its strategy. Intel doesn't want to repeat the mistake made with the PC in regard to malware as we move to more common interfaces, operating systems, and network-connected TVs, appliances, manufacturing equipment, air conditioning and heating systems -- and, yes, automobiles and motorcycles. While a virus or an attack on a PC or server is certainly painful, the same attack on
Firewalls Top Purchase Priority In 2010, Survey Says
Mobile computing, social networks, cloud computing named as the top three threats
IPv6 Transition Poses New Security Threats
Next-generation IP protocol comes with more security as well as some potential flaws of its own
Networked Scanners Offer A Window Into The Enterprise, Researcher Says
Emerging Web-based features make it possible to capture document contents remotely, Zscaler's Sutton warns
Misconfigured Networks Are Easiest Prey, Hacker Survey Says
Network vulnerabilities are simple to find, easy to attack, DEFCON survey respondents say
Finding Exposed Devices On Your Network
When browsing through SHODAN, it never ceases to amaze me what I can find. How is it that people think it's okay to leave their printers, routers, fiber channel switches, and industrial control systems completely open to the Internet?
|
Latest Comment: After several data breaches, management decided to go with a more aggresive DLP strategy.
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
