Almost every organization today has employees that regularly violate standard security policies and protocols. However, oftentimes these violations aren’t the work of a malicious insider -- they’re usually the actions of an employee trying to do his/her job or taking a shortcut to get the job done. Corporate information security teams have the challenge of determining the motive behind these violations. While network monitoring security tools and InfoSec point-solutions are designed to help catch these infractions, they can, and do, unintentionally create an immense volume of work by flagging every policy violation as a threat -- creating thousands or even hundreds of thousands of security events to sift through daily. To make matters worse, these events are often labeled as high-urgency alerts.
The challenge is empowering your IT security teams to identify and respond to the most urgent threats while maintaining compliance with industry regulations.
In recent years the threats faced by both individuals and businesses have changed thanks to the adoption of new technologies like the cloud, a shift towards social engineering attacks, BYOD and more.
We spoke to Egemen Tas, vice president of engineering for leading certificate authority and security software provider Comodo to get his view on current threats.
Independent security testing lab AV-Comparatives has revealed a summary of its March 2014 Real-World Protection Test, where top antivirus products are exposed to a test set of 1,264 current threats.
Even though technology has advanced tremendously in recent times, smartphone theft or loss continues to be an area which has received little attention from the big players in the industry. And, it is not difficult to see why, as they stand to profit from people's misfortune or mistakes.
While we can track smartphones and delete any personal data remotely, most handsets do not have a kill switch, which means the people who stole or found a handset may be able to use it freely. However, that is set to change, as CTIA has revealed top players in the mobile industry have, finally, decided to fight on behalf of consumers, by employing countermeasures.
Enterprises put a lot of time and effort into protecting their servers but what happens on the user desktop always presents a potential risk and can be hard to control.
End-user computing specialist Moka5 is aiming to tackle this with the launch of its Vanguard Moka5LivePC v 4 product. This offers a locally executed live PC container that can be managed centrally.
Microsoft has trouble convincing Windows users to upgrade to newer versions of the operating system, even when the update is free of charge. Windows 8 still has a larger market share than Windows 8.1, according to the latest NetMarketShare data, even though the latter is better and can be installed without paying a dime.
So that Windows 8.1 Update does not follow the same path, Microsoft has announced it will no longer make security patches compatible with Windows 8.1 installations which do not have Update applied. It is the new Microsoft, everyone.
Last week was the much talked about XPocalypse, meaning support came to an official end for XP, despite a large number of users, both home and business, still running the operating system. It seems that this setback isn't doing much to daunt those users, either.
Security firm Avast has released a survey it conducted just before April 8th, and results will be disappointing to Microsoft. Many customers plan to stick it out with the aging platform.
Google has a lot of mud thrown at it, and while a lot of it slides off, there is a good proportion that sticks. There are a variety of accusations levelled at the search giant -- evil, self-serving, monopolistic, nosey, invasive, overbearing, corporate, et cetera, et cetera -- but could it be that the power the company wields is actually a good thing? Could Google use the sway it holds over website owners to make the web a better place? But before we start praising Google, there's no harm in sticking the boot in first, eh?
For many people, Google is a bully. In the constant search for page views, ranking in Google matters -- it matters a lot. My colleague Joe Wilcox argues that writers should write for themselves and their readers rather than Google -- something I would strongly advocate -- but until this notion gathers momentum, there are still countless bloggers panicking themselves silly about what impact the latest search algorithm changes will have on their position in search results. It can be a constant game of catch-up, requiring endless changes to optimize content for maximum visibility -- all too often at the expense of readability and reader experience.
Allowing employees to use their own mobile devices for work has led to a number of new challenges, particularly when it comes to keeping devices and data secure.
We talked to PJ Gupta, CEO of mobile security specialist Amtel about the risks BYOD presents to enterprises and what they can do to ensure they remain safe.
Condoleezza Rice is a beautiful, accomplished woman. However, her legacy in the eyes of many, is tainted by her association with the Bush Administration. While that administration was marred with controversial moments, it is debatable if Ms. Rice should be forever linked to it by detractors.
Nevertheless, her appointment to the Dropbox board of directors has sparked an outcry of disappointment from users of the cloud service. Users seem concerned that her government associations will taint the integrity of the company and its stance on security. But is the furor warranted? As stated in a new blog posting, Dropbox does not seem to think so.
Lately, I’ve had a lot of conversations about how threat intelligence can enrich organizations’ incident response processes and how the right intelligence can make them more effective. As a note, I’m a former full time lead incident responder for a massive organization and now a researcher.
I can confidently say that when you’re dealing with literally hundreds of malware incidents per day, the minute differences in identified indicators can all start to blur together. Being able to very quickly and efficiently answer the question of whether or not a particular indicator of compromise has been seen before (and in what context) is crucial. Let’s call this "incident intelligence". Incident responders always need to have a clear picture of what they are dealing with and how it may relate to something already encountered during previous incidents, but unfortunately for most teams, this is easier said than done.
Microsoft was in the headlines this week not for launching new products but for, finally, bringing an end to support for Windows XP. Yes, the now ancient and decrepit -- although still much loved and used -- operating system is no more. It will be interesting to see how long it manages to survive now it has been officially dropped -- some are suggesting that a move to Linux might be in order, or even a switch to Chromebook. But, of course, it hasn’t all been about XP. After the announcements at Build, Joe Belfiore revealed on Twitter that developers will be able to get their hands on Windows Phone 8.1 in the "first part of April".
There is also renewed interest in Windows 8.1 following the release of Update, and Microsoft published a guide to making the most of the new features and options. Will the operating system be viewed as fondly as XP in years to come? Only time will tell. Working in conjunction with Google, Microsoft also gave a new and improved YouTube experience to Xbox One owners.
The unveiling of the Heartbleed OpenSSL flaw this week has led to major ripples through the IT industry and the online community.
There has been all kinds of advice on offer about changing passwords -- but only after the site in question has been made safe. To be certain you're doing the right thing you therefore need to either check the site yourself or wait for some official confirmation that it's been patched.
Yesterday the IT world went a little bit crazy over the disclosure of the Heartbleed bug and the chance that encrypted information could potentially be intercepted by hackers.
We know that some big sites, notably Yahoo, have been exposed and Google was quick to apply the necessary patches to its servers. If you’re still worried, a number of sites have sprung up allowing you to check if a site has been patched -- thanks to Bob Grant on the comments thread to yesterday’s story for highlighting that one.
You will have heard by now that a major vulnerability in the OpenSSL library was just made public. Called Heartbleed, it affects the security of a huge number of cloud services and sites as well as various products, like operating systems and apps, which have employed it during the past two years. The impact can be devastating, as there is no way of telling if Heartbleed was exploited, or how much data may have been stolen so far.
A number of companies have already announced the patching of their OpenSSL-toting services and products. Google was among the first to do so, yesterday. Evernote, however, just revealed that its users are not affected. Microsoft has also decided to shed light on whether Heartbleed impacts its users, saying that Windows Azure, Microsoft account, and Windows are immune.