Articles about Security

As the network as we know it has changed and adversaries are finding success with new attack routes that exploit gaps in defenses.

As enterprise security undergoes a major shift we need to change the way we think about this complex 'atomized network'. We spoke to Martin Roesch, CEO of Netography, to find out about the challenges this presents and how to address them.

Continue reading →

Quantum computing holds the promise of much faster processing speeds but is still widely viewed as still being some way in the future as a commercial proposition. It could boost machine learning and AI, and unlock the power of unstructured data.

Of course quantum also comes with security challenges thanks to its potential to crack passwords and break encryption. Here's what industry experts expect to see happening in the quantum world in 2023.

Continue reading →

A Microsoft security researcher has unearthed a security vulnerability in macOS which has been named Achilles.

Tracked as CVE-2022-42821, Jonathan Bar Or found that the flaw could be used to bypass the Gatekeeper security feature of macOS in order to execute malicious apps. Apple has now fixed the vulnerability in Big Sur, Monterey and Ventura versions of macOS.

Continue reading →

Viewing security as a modern data challenge is something different from simply recognizing the crucial role of data. IT security has always been about gathering, analyzing and acting on data. But modern cloud data challenges are about handling ever increasing amounts of disparate, differently-structured and unstructured data, from a changing mix of dynamic sources. 

The challenge is not about battling to handle data overload. But rather, rethinking the underlying data technologies you use at the core of your security platform, so that as more data floods in, it makes your security tighter and more effective. 

Continue reading →

As more and more of our computing moves to the cloud, protecting information and apps throws up a new set of challenges for enterprises.

We spoke to Ratan Tiperneni, president and CEO of cloud-native app protection specialist Tigera, to find out more about the security implications of going cloud native and how to deal with them.

Continue reading →

Modern corporations are fully dependent on their IT infrastructure for their daily operations. Securing an IT infrastructure can be a daunting task. Fortunately, there are common best practices that have found success for some of the biggest companies in the world. These best practices share common traits that can be duplicated to match almost any environment.

 Before we begin, let’s examine the past failures of many security professionals. As security managers, we must understand that the most secure environments, regardless of the sophistication of your tools or the talent of your staff, will eventually be compromised by the weakest link in your controls. So how do we manage these weak links? Let’s start by identifying them.

Continue reading →

Google has announced that businesses can now apply to try out client-side encryption for Gmail on the web.

Now available in beta for a selection of Workspace users, the feature is one that was promised some time ago. Google says that the new encryption option means that "sensitive data in the email body and attachments are indecipherable to Google servers", but there will be disappointment that the security and privacy feature is not available for everyone.

Continue reading →

Most of us are familiar with the old proverb "for want of a nail, the shoe was lost; for want of a shoe, the horse was lost; for want of a horse, the battle was lost…" and so on. The object lesson is that small and sometimes apparently unimportant objects or actions can have outsized impacts if they are not properly attended to.

So, it is with Application Programming Interfaces or APIs. They are the 'horseshoe nails' at the heart of modern business.

Continue reading →

You'll often hear cybersecurity discussed in military terms, as a war, or a battle, or a conflict. So should enterprises be taking a defensive approach that draws on military thinking?

Tom Gorup is VP of security operations at Fortra's Alert Logic, a managed detection and response specialist. He's also a veteran of six years in the US Army with tours of Iraq and Afghanistan. We spoke to him to discover how lessons learned on the battlefield can be applied to cybersecurity.

Continue reading →

If there is one person who, like no other, knows that there is a lot to protect to keep people happy, then it’s Santa and his factory filled with elves, toys and sugary goodness. Not only are there plenty of things to protect, but there are also a lot of things to consider that might play out in unexpected ways, and jeopardize Christmas.

This is why Santa not only knows what to protect, but he also knows the limitations of the resources he needs to be able to keep children happy and make sure the process of making and delivery toys and candy stays operational.

Continue reading →

The Christmas holiday period is a peak time for phisherfolk. Research from Check Point shows 17 percent of all malicious files distributed by email in November were related to orders and shipping around the Black Friday period.

This is expected to be worse still this month as attackers seek to take advantage of shipping and package notifications and more.

Continue reading →

A new report finds that 78 percent of Americans indulge in risky online behaviors that open them up to cyber threats, such as reusing or sharing passwords, skipping software updates and more -- a 14 percent increase from just two years ago.

The Xfinity Cyber Health Report from Comcast combines data from a new consumer survey of 1,000 US adults, conducted by Wakefield Research, with national threat data collected by Xfinity's xFi Advanced Security platform.

Continue reading →

A new study from Splunk, in collaboration with Foundry, finds that 49 percent of public sector agencies struggle to leverage data to detect and prevent cybersecurity threats.

The report shows 50 percent of the sector has issues leveraging data to inform cybersecurity decisions, and 56 percent of public sector agencies have difficulties leveraging data to mitigate and recover from cybersecurity incidents.

Continue reading →

Cybercriminals know that backups are the last line of defense against ransomware, so it’s essential that they are properly protected.

In an ideal world they would be air-gapped but in the current era of hyperconnectivity that can prove somewhat impractical. We talked to Bret Piatt, CEO of CyberFortress, to discuss the need to protect backups and the strategies for doing so.

Continue reading →

Google has announced a new tool designed to help identify vulnerabilities in open source software.

The OSV-Scanner is described as a frontend to the existing OSV (open source vulnerabilities) database and one of the aims is to alert developers to security issues in the code their projects depend on.

Continue reading →