Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Getting To Yes: Negotiating Technology Innovation & Security Risk
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
Social Engineering & Black Hat: Do As I Do Not As I Say
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
3 Simple Steps For Minimizing Ransomware Exposure
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
What Do You Mean My Security Tools Don’t Work on APIs?!!
SAST and DAST scanners haven’t advanced much in 15 years. But the bigger problem is that they were designed for web apps, not to test the security of an API.
Why China Wants Your Sensitive Data
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
The Dark Web: An Untapped Source For Threat Intelligence
Most organizations already have the tools for starting a low-cost, high-return Dark Web cyber intelligence program within their existing IT and cybersecurity teams. Here’s how.
What You Probably Missed In Verizon's Latest DBIR
Tune in to Dark Reading Radio at 1pm ET/11am Pacific on Wednesday, June 24, when Verizon Data Breach Investigations Report co-author Marc Spitler discusses some of the possibly lesser-noticed nuggets in the industry's popular report on real-world attacks.
Security Surveys: Read With Caution
I’m skeptical of industry surveys that tell security practitioners what they already know. Don’t state the obvious. Tell us the way forward.
9 Questions For A Healthy Application Security Program
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
Cybersecurity Advice From A Former White House CIO
Today's playbook demands 'human-centered' user education that assumes people will share passwords, forget them, and do unsafe things to get their jobs done.
Time to Focus on Data Integrity
Information security efforts have historically centered on data theft. But cybercriminals who alter corporate records and personal information can also cause serious harm.
Is Your Security Operation Hooked On Malware?
It may seem counterintuitive, but an overzealous focus on malware may be preventing you from detecting even bigger threats.
Lessons Learned From The Ramnit Botnet Takedown
While most organizations won’t find themselves in similar circumstances, there are important takeaways they can apply to any security program.
Survival Tips For The Security Skills Shortage
No matter how you slice it, creating a security professional with 10 years of experience takes, well, 10 years. Here are six suggestions for doing more with less.
From GitHub to Great Cannon: A Mid-Year Analysis Of DDoS Attacks
The new and common face of DDoS today is its use as a smokescreen to conceal malicious activity in an overwhelming burst of traffic that stretch security layers to the brink.
Firewalls Sustain Foundation of Sound Security
Simply put, organizations that cannot maintain rigid firewall enforcement are more likely to be compromised.
Why the Firewall is Increasingly Irrelevant
It will take a dramatic reimagining of security to dedicate focus to the areas where company data actually resides. It starts with tearing down the firewall.
Security Metrics: It’s All Relative
What a haircut taught me about communicating the value of security to executives and non-security professionals.
7 Critical Criteria for Data Encryption In The Cloud
Encrypting the huge number of data files stored in a public cloud today is like bubble-wrapping an entire house. Better to focus on the fragile items that matter.
Long Cons: The Next Age of Cyber Attacks
When hackers know that a big payday is coming they don’t mind waiting for months for the best moment to strike.
How The Hacker Economy Impacts Your Network & The Cloud
To protect data against growing threats, networks must now act as both sensor and enforcer around traffic that passes through users and data centers to the cloud.
Help Wanted: Security Heroes & Heroines Only Need Apply
If we want to do more than simply defend ourselves, we need security champions and equally heroic security solutions.
Shaping A Better Future For Software Security
Industry and government leaders discuss ways to improve practices, awareness and education around secure software development. Here’s a recap of what you missed.
Today’s Requirements To Defend Against Tomorrow’s Insider Threats
At its most basic, a consistent and meaningful insider threat detection program has two components: data and people. Here’s how to put them together.
|
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
