Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Amazon Web Services DDoS Attack And The Cloud
A suspected denial-of-service attack aimed at Amazon Web Services (AWS) this past weekend shut down a code hosting service for nearly 24 hours. I don't see this as a security issue specific to cloud computing, rather just another disruption to availability like all of the others.
U.S. Government Set To Clamp Down on P2P Networks
You've probably heard the horror stories around private and confidential files being exposed via peer-to-peer network sharing. Federal lawmakers are now stepping up their efforts to keep sensitive data from inadvertently leaking to the public.
Database Auditing Essentials
Auditing database activity is a core component to any data security program. Databases capture data access and alterations during transaction processing, along with modifications to the database system. These actions are captured and written into an audit log that is managed by the database internally. The audit log is the most accurate source of events because it's the database that acts as the arbiter to ensure transactional consistency and data integrity.
Squashing Malware With Snort In-Line
Snort is a powerful open source intrusion detection system (IDS). What surprises me is how many security people have never touched it to learn more about how IDS works -- or how easy it is to evade many IDS signatures that are designed to look for known bad traffic.
Selecting A Storage Protocol For Virtualized Servers
In our last entry we discussed selecting the right storage foundation and I advised that you may want to initially ignore what protocol to use. That said, part of building a storage foundation for server virtualization is selecting the protocol.
Selecting A Storage Foundation for Virtualized Servers
The storage component of a virtualized server infrastructure has been labeled as complex. The storage and server virtualization suppliers have both tried to deliver solutions that reduce storage complexity in server virtualization projects. The challenge for virtual infrastructure administrators is that there are so many options that it can be confusing. There are several steps to take when selecting a storage foundation for virtualized servers and our next series of entries will cover these ste
A Weapon Against SQL Injection
The single most common database security inquiry I get is, "What's this whole stored procedure parameter thing, and how does it help with SQL injection?"
Top Database Threat? Legit Users And Sloppy Company Policies!
A new Dark Reading report makes clear what's been strongly suspected for some time: Authorized users are business databases' biggest vulnerabilities. Actually, as the report makes clear, the biggest vulnerability is the array of shoddy and hole-filled data policies many companies put in place to protect" data.
Dark Reading's Database Security Tech Center Refresh
The Dark Reading Database Security Tech Center is expanding. The subsite, devoted to bringing you news, product information, opinion, and analysis all focused on the very timely topic of database security, has been well-received by our readers since its launch in June, so we're adding two new elements to provide even more depth of coverage: a new blogger dedicated to database security, and new monthly feature articles that drill down on the latest database security threats and issues.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
