Perimeter

3/6/2017
11:30 AM
Terry Sweeney
Terry Sweeney
Slideshows
Connect Directly
Facebook
Twitter
RSS
E-Mail
50%
50%

7 Hot Security Terms (and Buzzwords) to Know

How the security industry has a conversation with itself is constantly changing and the latest terms as well as buzzwords point us to where the technology is heading.
Previous
1 of 8
Next

Image Source: Flickr, courtesy of Gavin Llewellyn

Image Source: Flickr, courtesy of Gavin Llewellyn

It's tempting to dismiss buzzwords as slang-y, cliché, and overused (and they are … literally). But in the security industry, both buzzwords and the latest terms the industry has coined to describe a new technology or put a new spin on an old one also provide barometer-like clues of where the industry may be heading. What it's excited about. Or how it sorts the jaded veterans from the newbies. 

There were plenty of examples of the latest terms and buzzwords in full view at the RSA Conference in San Francisco last month. Here's a look at some of the more prolific ones seen and heard there; it's not an exhaustive list, so we're counting on you to help us embellish it. What did we forget? Please let us know in the Comments section.

 

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, ... View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tcritchley07
50%
50%
tcritchley07,
User Rank: Moderator
3/8/2017 | 3:30:56 PM
Re: Cyber Terms
No, just trying to get temrmnology straight in my mind in the context of security. Thanks. 
T Sweeney
50%
50%
T Sweeney,
User Rank: Moderator
3/8/2017 | 1:29:02 PM
Re: Cyber Terms
Correct, @tcritchkley07... I used firewalls as just one example of compartmentalization. But the term could also apply to the bucketize slide or the micro-services slide as well, which both try to create similar boundaries in the name of better security.

Was there a specific application of compartmentalization you were thinking of?
tcritchley07
100%
0%
tcritchley07,
User Rank: Moderator
3/8/2017 | 12:16:25 PM
Cyber Terms
Isn't compartmentalization the same as the more modern 'segmentation' of various entities, not just firewall traffic?
T Sweeney
100%
0%
T Sweeney,
User Rank: Moderator
3/7/2017 | 1:55:44 PM
Re: To Buzzword #7 - Compartmentalization
Thanks, stormrunner2... what Fortinet's doing seems to track closely with this intelligent segmentation trend we're seeing from various vendors and startups.
storrmrunner2
100%
0%
storrmrunner2,
User Rank: Apprentice
3/6/2017 | 7:13:32 PM
To Buzzword #7 - Compartmentalization
Have you looked at companies like Fortinet and ISFW (Internal Segmentation Firewall) solution?  They have been running at 100Gb speeds for a couple of years now.  And announced a 1Tb throughput firewall in Jan-2017 (https://www.fortinet.com/corporate/about-us/newsroom/press-releases/2017/the-worlds-first-terabit-firewall-appliance-ngfw.html).

Does this not solve the usability issue of mantaining LAN speeds with Layer-7 inspection services?
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1664
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...
CVE-2018-1539
PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.
CVE-2018-1560
PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr...
CVE-2018-1588
PUBLISHED: 2018-09-25
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resourc...