The State of DDoS Protection: Organizations Remain Unprepared for DDoS Attacks
[ Source: Neustar ]
December 2012-
Distributed denial-of-service (DDoS) attacks continue to grow in size, complexity and danger. Witness the recent wave of attacks on major U.S. banks, which knocked websites offline, angered customers and took a grave toll on brand reputations. The lessons of those attacks echo the findings of this report: Previously successful DDoS mitigation solutions no longer work.
UBM Tech conducted research with IT professionals who have suffered DDoS attacks. The drastic changes in attack ...
Close Encounters of the Third Kind
[ Source: IBM ]
December 2012-
This white paper presents the results of a research study on the prevalence of client-side JavaScript vulnerabilities, conducted by the IBM Security (formerly, IBM Rational) application security team. For this study, the researchers used IBM JavaScript Security Analyzer (JSA) technology, which performs static taint analysis on JavaScript code that was collected from web pages extracted by an automated deep web crawl process. This kind of analysis is superior to and more accurate than regular static ...
Cerberus: Malware Triage and Analysis
[ Source: AccessData Group ]
October 2012-
This document reviews new malware analysis technology, Cerberus, which determines the behavior and intent of suspect binaries without the need for signatures, white lists or a sandbox environment. Using this “triage” approach, organizations are able to detect unknown threats that signature-based technologies will miss. In addition, they are able to gain critical information immediately, allowing them to take decisive action prior to engaging a malware team. There are tens of thousands of static executables on ...
Achieving Compliance in Digital Investigations
[ Source: Guidance Software ]
October 2012-
80% of organizations suffering payment card breaches had not achieved compliance with PCI DSS at the time of the breach. – Verizon 2011 Data Breach Investigation Report
As regulation and litigation increase, internal investigators must support an alphabet soup of compliance obligations: SOX, GLBA, FISMA, HIPAA, PCI DSS, regional privacy laws, and more. Although each regulation is different, these laws share common investigation requirements in three areas: policy, control infrastructure, and incident response.
This ...
How Three Cyber Threats Transform the Role of Incident Response
[ Source: Guidance Software ]
October 2012-
“The theft began with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program… Ultimately, the intruders were able to gain control of a software repository used by the development team.” - New York Times - Cyberattack on Google Said to Hit Password System
While we still use many of the same old names - viruses, Trojans, and worms - today’s malware enables potent multistage ...
ACAD/Medre. A - The Story of a Computer Worm and Industrial Espionage
[ Source: ESET ]
October 2012-
Cyber-attacks are now about making money. ACAD/Medre.A is a terrifying worm that stole AutoCAD files. This whitepaper shows how industrial espionage is a new threat.
DDoS for Dummies
[ Source: Corero ]
October 2012-
A Distributed Denial of Service (DDoS) attack against your organization’s network and systems can bring your online business to a grinding halt, costing you hundreds of thousands – even millions – of dollars, ruining your brand, and driving away your customers.
Far too many organizations are ill-prepared to deal with the effects of DDoS attacks and other Internet security threats. They rely on traditional security devices including firewalls, intrusion prevention systems (IPS) and other ...
Evolving Endpoint Malware Detection: Dealing with Advanced and Targeted Attacks
[ Source: Trusteer ]
November 2012-
Advanced malware targeting employee endpoints is a major threat to corporate intellectual property, regulated data and financial assets. Perimeter and traditional endpoint defenses are struggling to meet this emerging threat in the face of a changing IT landscape: desktop virtualization, remote access, BYOD and Cloud migration.
This whitepaper explains how advanced malware challenges traditional defenses to take advantage of the increased exposure of employee endpoints. It review's the evolution of advanced targeted attacks, ...
Remove the Endpoint Blind Spot: Augmenting SIEM filters with Trust and Threat Indicators
[ Source: Bit9 ]
August 2012-
Today's evolving threat landscape requires a new approach to endpoint security. With the exponential growth in malware and the targeted nature of today's attacks, a reactive approach is just not effective enough.
Download this whitepaper and learn how Bit9 integrates into a SIEM console, provides the holistic view necessary to ensure an open network isn’t a vulnerable one, and provides a defense-in-depth security strategy that spans network sensors and endpoints.
Application Control in Windows 8
[ Source: Bit9 ]
August 2012-
One of the biggest challenges in desktop administration is application control. If administrators are to keep desktops secure, then they must be able to ensure only safe applications are installed on user desktops.
Download this whitepaper to learn how Bit9 has emerged as the most effective application control mechanism.