CSO, from IDG, provides news, analysis and research on a range of security and risk management topics. Areas of focus include information security, data protection, social media security, social engineering, security awareness, business continuity and more.
When it comes to threat detection and response, understanding network behavior really matters. According to ESG research, 87% of organizations use network traffic analysis (NTA) tools for threat detection and response, and 43% say NTA is a “first line of defense” for detecting and responding to threats. (Note: I am an ESG employee.)
As cybersecurity professionals often state, “the network doesn’t lie.” Since cyber attacks use network communications for malware distribution, command and control, and data exfiltration, trained professionals should be able to spot malicious activity with the right tools, time, and oversight.
If there is one universal truth we’ve learned from developments on the cybersecurity landscape in recent years, it’s that none of us are free from cyberthreats. Attackers identify and exploit vulnerabilities wherever they might exist, regardless of the target’s geographic location, whether the target is an individual or an enterprise, or which industry sector the target represents.
By the same token, attackers are equally capable of wreaking havoc whether their target is based on land or sea. Considering that more than 70 percent of the earth is covered by water, and an expanding attack surface for the vessels journeying across those waters, and cybercriminals have no shortage of maritime targets that they can aim to exploit.
The promise of a cheap, anonymous, distributed, fiat cryptocurrency that is detached from any country’s sovereignty is a pipe dream. It will never happen. My opinion hasn’t changed since bitcoin first hit the market in 2009. People will play with it, some businesses will accept it, fortunes will be made and lost, but it isn’t a threat to any nation’s fiat currency on that level.
A recent Microsoft Support knowledgebase article and servicing stack update for Windows operating systems offers a fix for a race condition issue introduced by a secure boot feature update, which caused patching to trigger a BitLocker recovery password. It reminded me that we often forget which devices have BitLocker. When you patch, BitLocker is normally silent and doesn’t interfere in the patching process. BitLocker is designed to be silent, so much so that you might forget which machines have it enabled and which ones do not.
Encryption is one of the best ways that organizations can protect their data from thieves. If critical information is stored or transported in an encrypted format, it has some measure of protection even if it gets compromised or stolen. For example, even a huge database of credit cards is not much good to a hacker if the whole thing is heavily encrypted and unreadable.
Many organizations are moving away from using the network perimeter as a trust indicator when building and enforcing access policies for apps and other IT resources. An increasing number of enterprises have started implementing authentication solutions that perform user identity verification and device security checks for every access attempt regardless of user location, and data shows they are increasingly favoring biometrics-type authentication.
The recent Trends in Hybrid Cloud Security research survey conducted by ESG, showed that organizations are deploying a mix of workload server types across hybrid cloud environments. Use of public cloud for applications and infrastructure is growing. Read on to learn more.
A computer virus is a form of malicious software that piggybacks onto legitimate application code in order to spread and reproduce itself.
Like other types of malware, a virus is deployed by attackers to damage or take control of a computer. Its name comes from the method by which it infects its targets. A biological virus like HIV or the flu cannot reproduce on its own; it needs to hijack a cell to do that work for it, wreaking havoc on the infected organism in the process. Similarly, a computer virus isn't itself a standalone program. It's a code snippet that inserts itself into some other application. When that application runs, it executes the virus code, with results that range from the irritating to the disastrous.
As companies get better at analyzing log data to spot potential security threats, legacy applications create blindspots that can be hard to tackle. "Modern SIEMs [security information and event management] have evolved beyond their own legacy feature sets, and have become advanced threat detection and response platforms," says Gabriel Gumbs, chief innovation officer at Spirion, a data security company.