Almost every organization today has employees that regularly violate standard security policies and protocols. However, oftentimes these violations aren’t the work of a malicious insider -- they’re usually the actions of an employee trying to do his/her job or taking a shortcut to get the job done. Corporate information security teams have the challenge of determining the motive behind these violations. While network monitoring security tools and InfoSec point-solutions are designed to help catch these infractions, they can, and do, unintentionally create an immense volume of work by flagging every policy violation as a threat -- creating thousands or even hundreds of thousands of security events to sift through daily. To make matters worse, these events are often labeled as high-urgency alerts.
The challenge is empowering your IT security teams to identify and respond to the most urgent threats while maintaining compliance with industry regulations.
Don’t waste another $6 million on your financial close -- Automate for better accuracy and efficiency
Every member of the finance department knows the importance -- and the effort it takes -- to perform the monthly, quarterly and year-end close in order to create corporate financial statements. The tabulation and documentation demand complete accuracy and coordination between all the moving parts of an enterprise.
For large organizations, it's a tremendous process challenge just to consolidate information from so many geographic locations, departments and corporate silos in a relatively short period of time.
Lately, I’ve had a lot of conversations about how threat intelligence can enrich organizations’ incident response processes and how the right intelligence can make them more effective. As a note, I’m a former full time lead incident responder for a massive organization and now a researcher.
I can confidently say that when you’re dealing with literally hundreds of malware incidents per day, the minute differences in identified indicators can all start to blur together. Being able to very quickly and efficiently answer the question of whether or not a particular indicator of compromise has been seen before (and in what context) is crucial. Let’s call this "incident intelligence". Incident responders always need to have a clear picture of what they are dealing with and how it may relate to something already encountered during previous incidents, but unfortunately for most teams, this is easier said than done.
The Bring Your Own Device (BYOD) trend shows no sign of slowing; in fact, 38 percent of companies expect to stop providing devices to workers by 2016 according to research from Gartner. As such, some hosted cloud storage providers, such as Dropbox, are making it possible for users to manage both work and personal accounts from a single mobile device using their software. Products like these, which focus heavily on the user experience, are indeed commendable. However, they often ignore the entire IT side of the equation for data management and risk management, something that could cause serious security issues down the road.
There are security and control issues inherent in allowing "rogue users" -- users that find ways around network security policies -- to use consumer accounts at work without IT oversight, as this greatly increases corporate risk. IT must be able to centrally manage and backup all corporate information regardless of whether or not it’s synced or shared via a personal or business account.
The history of malware is a fascinating topic that provides insights into the current landscape. As one of the authors of the Avien Malware Defense Guide, I contributed to the book's chapter on history and will be leveraging and expanding on some of that content here to give context to where we are today.
First what is malware? Malware is a merger of "malicious" and "wares," meaning malicious software. It can range the gamut from traditional viruses and worms to botnets, potentially unwanted Programs (PUPs), adware and spyware. Generally speaking it's software running on your system that can cause unwanted side effects that can be as minor as slow downs and resource utilization, to as severe as data corruption, compromise and leakage of sensitive information.
Earlier today, Mihaita Bamburic wrote about HTC's new smartphone, the One (M8). Here, I am going to convey my initial thoughts and impressions after some hands-on time with the device.
With all the leaked specs, photos, and videos of the HTC One (M8) preceding the announcement, I was worried, before coming to the London launch event, that I would not be too impressed when I finally got the chance to see the phone for real. Thankfully, I was wrong.
In the philanthropic world, we often use the word "impact" to describe the amount of influence a program is having on a community, and how those efforts have contributed to change. The term is used in a number of ways, but generally it illustrates the broader or longer-term results of a nonprofits action -- small or large -- and how it has contributed to a solution.
Ingenuity in technology is helping nonprofits show that impact and their solutions with more quantifiable data they can share with their constituents and their communities as a whole. Ten years ago, critics dismissed impact measurement as too difficult, misleading or simply not important. Today, Charitynavigator.org estimates 75 percent of charities measure some or all of their work, and nearly three-quarters have invested more in measuring results over the last five years. A transformation in the tools that enable nonprofits to measure the impact of what they do has raised the performance bar significantly.
Samsung is a powerhouse. Driven by an endless list of new technology and features, it has consistently dominated the consumer electronics market. Where once it was no more than a footnote in the mobile industry, Samsung is now the number one player (by volume) for smartphones. Particularly impressive about Samsung’s success in the mobile device market is the fact that it has built its business on Google’s Android software. The company’s real strength remains its ability to create compelling consumer hardware, but, as we know, consumer mobile devices are increasingly finding their way into the enterprise, which is a critical market for Samsung.
Not quite a year ago, in its first real attempt at being considered an enterprise-level mobile solution, Samsung announced "Samsung KNOX, an end-to-end secure Android solution that provides security hardening from the hardware through to the application layer".
It wasn’t that long ago that web-savvy marketers were touting the advances in technology that allowed anyone to build a website, publish a blog, or embark on a social media campaign. The advent of mobile platforms has rendered all of those tools passé. We are now a mobile society and the proliferation of smartphones and tablets has given rise to a new paradigm in digital marketing: the mobile app.
With the rapid global penetration of smartphones and tablets and the increased data speed of 4G networks, mobile applications are riding a wave of explosive growth. Leading companies are focusing on the development and distribution of dynamic mobile apps, reaching consumers and potential consumers on the one device that is never far from reach. What about small businesses?
The dominant theme at this year’s RSA Conference in San Francisco was actionable security intelligence, a term which can mean different things to different people. For example, do bad IP addresses, DNS fast fluxing information, and geolocation constitute security intelligence? Additionally, do malware campaigns and adversary tracking count as security intelligence?
The answer is yes for both questions, but it is important to note that these are not the only high-level indicators that can be considered security intelligence. The key challenge is understanding how to "apply" security intelligence in such a way that it is actionable. The following may be considered provocative and even go against the grain of opinion in Silicon Valley: In most approaches to security, there is too much emphasis on the adversary and not enough on understanding the attack surface.
Apple's 'good enough' security response: why it’s not going to change, isn’t fair, but doesn’t matter anyway
Apple’s handling of the recent "goto fail" vulnerability has brought about another round of the usual criticisms that we’ve heard from the security research community for years. In this most recent episode, Apple’s decision to provide security updates for iOS devices while leaving the vulnerability unpatched on Mac OS X for four days and giving no clear sign of the company's intentions has revived the oft-repeated criticisms that Apple isn’t transparent in its security response, isn’t timely, and doesn’t engage with the researcher community positively. Often the criticism will point to Microsoft as an example of what Apple doesn’t do and should.
I’m a ten year veteran of the Microsoft Security Response Center (MSRC), and I and my colleagues have said much the same things about Apple’s security response. In fact, one of my colleagues, Stephen Toulouse, made news in 2006 by calling on Apple to implement some of the many programs that Microsoft had put together. For us, it was always particularly frustrating to see Apple essentially get a pass on behavior that would lead to huge outcries if Microsoft did it. Think of the outcry if there was an SSL/TLS vulnerability that enables man-in-the-middle attacks affecting Microsoft Windows and Internet Explorer that’s unpatched for four days with no information from Microsoft. Now, compare that with what we saw with Apple. Forgive the pun but its Apples to oranges, really and Apple gets off easy every time.
In 2006, I co-founded Four Kitchens, a web design and development consultancy that specializes in working with open-source software. As an open-source business, we are frequently asked about the benefits of open source. The way I explain it to most people is like this: The open-source business model is service-driven, and the closed-source model is product-driven.
In an open-source model, your startup costs are zero and you need to expend capital -- your time, your company’s development cycles and your money to hire outside vendors, etc. -- to get the software to do what you need. In a closed-source model, your startup costs are usually quite high because you must purchase licenses, subscriptions and proprietary hardware, but the software more or less works out of the box. In the long run, I believe the open-source model is cheaper for two reasons:
No one could argue very convincingly that mobile isn’t one of the most disruptive, transformational factors in business -- and in life -- today. Consumers are armed 24/7 with ever more powerful smartphones and tablets. But most aren’t dying to download the app you paid handsomely to develop.
Most consumers are using their mobile devices to access the web while away from home and from the couch. They’re using them to read your opt-in emails, clicking on your links and forwarding your offers to friends. They’re comparison-shopping, pitting brick-and-mortars with online stores, and reading reviews as part of their decision-making process. They’re relating their experiences with ratings and photos in real time with their social networks.
With security breaches on the rise, such as the recent Target credit card theft, you can’t be too careful how and to whom you share your personal information. According to the US Department of Justice, 7 percent of US households reported being victims of some form of identity fraud and with financial losses totaling upwards of $50 billion, people have to be vigilant.
Nowadays it’s fairly easy to steal an identity by obtaining different bits of information about someone and piecing them together like a jigsaw puzzle. Things you may not even think about such as your zip code, maiden name, or date of birth. And it’s not just unknown entities who are procuring your personal information and using it for their nefarious gain, it’s people you may think are legitimate and trustworthy such as babysitters, housekeepers or your latest online crush.
Wireless carriers are opposing net neutrality because their networks have limited capacity and they need more flexibility to handle traffic. But they are missing an opportunity by not embracing spectrum sharing, a technology that could vastly increase the available bandwidth.
Net neutrality has been in the headlines following Verizon's recent Federal court win against the Federal Communications Commission's (FCC) open Internet rules. Also, AT&T is now courting corporate sponsors to help subsidize customer data plans. Some consumer rights groups view these events as a concerted effort to undermine the longstanding practice that compels service providers to treat all traffic equally. These events could all signal the beginning of a tiered-off Internet.