Blog

gold_hour
Author: Keith Bromley Are you prepared for the Golden Hour of a network security intrusion? Most enterprises are not. According to an Ixia security resilience survey , many enterprises and carriers are still highly vulnerable to the effects of a security breach. So when an intrusion occurs, how quickly will you be alerted to the problem and then how quickly will you respond? Medical Golden Hour The Golden Hour of a security intrusion is the first 60 minutes of the intrusion into your network. The term Golden Hour actually comes from medical industry terminology. This is the first 10 to 60...
Article Byline Date:
02/05/2016
Inside_out_security
Author Jeff Harris. "It isn't just about bad apples — people that are deliberately out to steal information or harm organizations." That, from a recent CIO.com article, may not be surprising to some security experts. But to many, security risks from within can blindside organizations. What does it take to keep this in check? Policy, awareness, and tools that secure your data and corporate assets, without stifling innovation or productivity. Oh, and in case it needs to be said—trust isn’t really a security policy. In the 2015 Security Report from Check Point, a couple of statistics give one...
Article Byline Date:
02/04/2016
spherical structure
Authored by Jeff Harris. No one in his or her right mind would want to be responsible for a business, city, or government going down because of lax network security. For those not immersed in the security world, it’s hard to imagine a city being brought to its knees by a mouse and a keyboard. Yet that scenario is beginning to become more of a reality than anyone would like to acknowledge.
Article Byline Date:
02/01/2016
Roark Pollock
Author: Roark Pollock Most hackers would prefer that you use an ineffective network packet broker to deliver packet data to your security tools. Perhaps one that drops lots of packets while filtering mirrored network traffic before it gets to your critical security tools like intrusion detection systems (IDS). Why do I so rapidly arrive at this conclusion? Let’s look at a simple example. Let’s say you have an IDS in your network passively monitoring for malicious security events. This intrusion detection system is one of the more powerful tools in your security arsenal for maintaining the...
Article Byline Date:
01/29/2016
ModPOS is a new, very advanced malware framework targeting point-of-sale (POS) systems. Its name comes from the fact that it has a modular architecture, which uses packed kernel drivers that are challenging to detect. The modules that researchers have currently discovered include one for downloading additional components and uploading information, one for memory scraping and one for keylogging, the downloading/uploading one being the only one with anti-virus detections. What enhances the sophistication of this malware is its uniqueness per system (low indicator of compromise - IoC), which is...
Article Byline Date:
01/27/2016
What's Rovnix? Rovnix represents a piece of malware that has been seen in the wild for almost five years. This malware is a banking Trojan that depends on web injections in order to harvest information about a victim. The web injections’ intent may differ from misleading a victim into providing data for confirming all kinds of transactions to convincing users to install certain applications that are later used to capture codes/passwords or any other information supporting transactions authorization. Thus the targeted information consists of banking accounts that would enable stealing money...
Article Byline Date:
01/27/2016
Author: Jeff Harris. I admit I wear a Fitbit and yes, I have plenty of friends already addicted to their Apple Watches. I want to believe all that movement during the day is adding up to something healthy. Interestingly, analyst firm Gartner predicts that by 2018, two million employees will be required to wear health and fitness tracking devices as a condition of employment. My marginally paranoid side can’t help but think it’s about insurance premiums. Regardless, I have to wonder if my movement data might be interesting to some hacker out there. It gives me pause. The line between personal...
Article Byline Date:
01/19/2016
socialmedia
Author: Jeff Harris I remember when the fax machine was the cool new technology. Suddenly, communication channels opened up and we could send documents. I also remember how often I would pass by the fax machine at the office and see something sitting there. I would have to pick it up and read it to see who it was for. Over time it gave me a lot of insight into the operations of the office. It was the early-days version of social profiling. With social media resources like Facebook, Instagram, SnapChat, Twitter and Google Circles, the good news is we can keep up with people. People can also...
Article Byline Date:
01/19/2016
The Starwars Cybersecurity Win
Author: Jason Echols writes - Would you have bet on an early leak of the new Star Wars online before the release date last month? I hesitantly made a bet with a coworker that they would find a way to keep the film secure until release. He was playing the odds that such an anticipated release would get out early. Thankfully for Disney (and me), it was several days after the release that the first copies appeared online. Even then, the files were only hand held camera copies filmed in a theater and not a true digital copy. I had won a free lunch for myself, but it made me wonder, how did they...
Article Byline Date:
01/15/2016
Most organisations don't know how their networks can handle the worst hacks or high-stress traffic anomalies. Richard Page suggests new solutions for hardening IT infrastructures and security defences are needed.
Article Byline Date:
01/11/2016

Pages

Subscribe to Blog