APT Vehicle of Choice: The Accidental Insider
APT is the buzzword everyone is using. Companies are concerned about it, the government is being compromised by it, and consultants are using it in every presentation they give. But people fail to realize that the vulnerabilities these threats compromise are the insider — not the malicious insider, but the accidental insider who clicks on…
Embrace your cloud with confidence and control!
Security concerns continue to be top impediments to cloud adoption but business demands are pushing IT cloud initiatives forward. IT must meet business demands while keeping systems and data safe as they embrace cloud solutions. At the RSA conference this week in San Francisco, cloud computing is top of mind. Much of the focus is…
Don’t believe everything you hear when it comes to security
Our good friend Ellen Messmer, recently published Network World article “13 security myths you’ll hear — but should you believe?” , which listed common security myths shared and commented on by some of security’s leading experts and practitioners. Working at a security company, I work (and also sit) closely with a stellar team of researchers….
The Front Page of the New York Times
Another day, another security breach. From the government, to banks, to healthcare, to major retailers, to beloved consumer brands, the only thing that seems safe to say is that no one is immune to the threats of today’s Internet-connected world. With strict breach notification legislation and regulations and the tenacity of today’s media, information security…
Missed it Live? Watch the “Big Security Data” Webinar with 451 Research & eEye Here.
Recently, 451 Research and eEye hosted the webinar “Turning Your Big Security Data into a Big Advantage”. This discussion was on the topic of “Big Data” and how it relates to today’s security landscape. Featuring 451′s Andrew Hay, we covered how today’s enterprise IT and security teams can best leverage their ‘big security data’ to make…
The Secret to Server Compliance (Hint: It’s Not Sudo)
Having spent many years in the software security space, I’m often reminded of how often the word security is paired with compliance – or even interchanged, as if they’re the same thing. Security and compliance are, of course, different things. Security is about ensuring the safety of a company’s assets, protecting sensitive data, ensuring that…
Surveying the Wild Wild West of Microsoft Server Administration
I was the on the phone with a large company discussing their requirements surrounding the control of administrator access to Microsoft based servers and applications. Within 5 minutes it became clear of where the folks on the phone stood: “managing our Microsoft servers is akin to the wild wild west”. In this company there are…
Insider Threats Have Redefined Approach to Security
n an attempt to combat the issue of insider threats, the Department of Defense has tapped PARC, a Xerox company focused on innovation and R&D, to spearhead a new effort called the Graph Learning for Anomaly Detection using Psychological Context (GLAD-PC). The goal is to create technology that can automatically identify the possibility of a…
February VEF Participant Takes Home a Kindle Fire.
As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to…
3 Things To Look For At RSA 2012 In San Francisco
Yep, It’s that time of year again when everyone interested in protecting their IT assets across physical, virtual and cloud environments converge on Mascone Center in San Francisco for the annual RSA conference. Expect over 350 vendors/sponsors and 16,500 other attendees clamoring for 220+ sessions. The theme this year is “The great cipher mightier than…
