Sort results by: Published date | Company name
Showing items 1-25

How a Global Manufacturer Secures Its Software Supply Chain [ Source: Veracode ]

March 2015- A global manufacturer found that over 90% of their vendor applications had critical OWASP Top 10 vulnerabilities. The company now leverages Veracode’s automated cloud-based service to audit hundreds of third-party applications per year without requiring access to proprietary vendor source code. It also tracks vendor progress with supplier scorecards from the Veracode platform, and has modified its procurement process to contractually require suppliers to meet its security policies. The company has also dramatically scaled its program ...

Is it Phishing or an APT? [ Source: ThreatTrack Security ]

March 2015- Spear phishing is a primary means by which APTs target and infiltrate networks. This paper describes the element of a phishing attack and how to keep your organization safe from advanced threats.

Losing the Battle - The Need for a New Approach to Advanced Protection [ Source: ThreatTrack Security ]

March 2015- This paper outlines the challenges of fighting APTs and outlines a solution purpose-built to find and stop attacks in progress allowing for mitigation before it's too late.

SaaS Security: Mind the Gap [ Source: Adallom ]

November 2013- This joint paper from EMC and Adallom provides a brief overview of emerging gaps and trust issues common to SaaS providers.

IDC Analyst Connection: The Evolving Threat Landscape [ Source: ThreatTrack Security ]

February 2015- Today's cybercrime environment has evolved from quick smash-and-grab tactics to persistent campaigns involving specialized malware. In response, a new category of security technology aimed at detecting, analyzing and preventing such threats is emerging. ThreatTrack Security discussed this trend with Charles Kolodgy, IDC's Research Vice President for IDC's Security Products Service.

Breach Detection: What you need to know [ Source: Bit9 ]

September 2014- Today's cyber attacks have changed in sophistication, in focus, and in their potential impact on your business. This eBook will outline the tactics today's advanced attackers are using to break into your organization and why you require a defense-in-depth cyber-security program that incorporates automatic detection and incident response. The goal of this eBook is to leave you with the knowledge you need to effectively protect your business against today's advanced attacks.

Breach Preparation: Plan for the Inevitability of Compromise eGuide [ Source: Bit9 ]

January 2015- You can't open a newspaper or visit an online news site these days without some mention of a cyber-attack or data breach. These activities are becoming more prevalent, and as a result, the reporting of these activities is also on the rise. Bit9 + Carbon Black reached out to a series of experts to collect their thoughts and advice on dealing with data security incidents or breaches, which included:

Designing a Continuous Response Architecture eGuide [ Source: Bit9 ]

October 2014- Businesses need to view security as a process and leverage solutions that can proactively collect data, apply aggregated threat intelligence, reduce the cost and complexity of incident response and evolve, adapt and learn from your investigation.

This eGuide will cover how a continuous approach to response can resolve these challenges and put your organization in a better security posture by proactively preparing for a breach.

How to Stop Social Media Hacks [ Source: Proofpoint ]

February 2015- A how to guide describing the key steps that organizations should take to prevent their social media accounts from being hacked.

Trend Advisor: Hacking Crisis Highlights 'Crypto Chaos' [ Source: Certes ]

January 2015- IT departments were battered by a cyber security perfect storm in 2014. While the security community was still rolling in the wake of the Target breach in late 2013, the continuing parade of breaches in 2014 cast a harsh light on inadequate security architectures and poorly implemented security practices.

Securing Enterprise Applications [ Source: Onapsis ]

November 2014- Business-critical platforms such as SAP and Oracle have been in place for more than a decade, however a majority of firms using these applications currently have gaps in their security program. There are many reasons for these security gaps ranging from a reliance on generic security tools, to IT teams lacking complete understanding of how application platforms work.

Implementing SAP Security Solutions [ Source: Onapsis ]

January 2015- Gaps in security practices of business-critical applications running on SAP are causing organizations to rethink their current approach and embrace a new strategy.

The SAP Security Survival Guide [ Source: Onapsis ]

January 2015- As a CISO, learn which questions to ask in order to uncover security challenges facing your SAP systems.

Analysis of Cybercrime Infrastructure [ Source: Proofpoint ]

January 2015- Proofpoint security researchers have published an analysis that exposes the inner workings of a cybercrime operation targeting online banking credentials for banks in the United States and Europe. This Proofpoint research report provides a detailed and rarely seen inside view of the infrastructure, tools and techniques that enabled this cybercrime group to infect over 500,000 PCs.

Key facts from the Proofpoint analysis:
• Qbot (aka Qakbot) botnet of 500,000 infected systems sniffed “conversations&...

The Failure of Cloud Information Governance: A Global Data Security Study [ Source: SafeNet ]

January 2015- As technology evolves, more and more organizations are moving applications and data to the cloud. Although cloud solutions can save money and improve accessibility for remote users, it can also leave your sensitive data vulnerable to new security threats. With the lack of governance policies and security practices for the transition to cloud computing, it is important to consider how this move can affect your organization’s security. Ponemon Institute conducted a survey sponsored ...

Sleeping Through the Alarm: What Breaches Should be Telling Us, and Why the Message is Missed [ Source: SafeNet ]

January 2015- Security professionals are living in a time of rapid and fundamental change. Computing and delivery models, user platforms and devices, and security threats have changed radically in recent years. However, in many ways, the security technologies and approaches employed by many organizations have remained relatively static, sometimes leading to disastrous results. To gain a picture of how organizations are contending with the changing technology and security landscape, SafeNet undertook an extensive survey.

This ...

The Current State of Encryption and Key Management: Where Security Gaps Persist - Strategies for Addressing Them [ Source: SafeNet ]

January 2015- While encryption has been employed for decades, there has never been a higher need than in today’s market with data breaches consistently littering the headlines. As more organizations adopt encryption strategies many questions are posed.

Where is encryption being employed today and why?

Where do security practitioners see encryption’s usage increasing?

What do current usage trends tell us about existing security gaps, and how should those weaknesses ...

Authentication Best Practices: Put Control Where It Belongs [ Source: SafeNet ]

January 2015- A significant number of high profile security breaches have occurred recently, bringing the organizations affected to the front pages of the business press. These events have had a negative impact on the public image of these companies, and may also have had a negative impact on their business. Due to these incidents, CIOs of many organizations have had to re-evaluate their info-security strategy in general, while also placing specific focus on their user authentication and ...

Secure the Breach Manifesto [ Source: SafeNet ]

January 2015- As hackers continue to successfully conduct large-scale attacks against financial services, retail and entertainment companies, organizations must rethink their security strategy. No longer are network firewalls and other perimeter “breach-prevention” technologies good enough. Many enterprises today rely on these technologies as the foundation for their data security strategy and unfortunately there is no fool-proof way to prevent a breach from occurring. This paper outlines SafeNet’s 3 step approach to help your company accept the ...

Threat Intelligence Defined [ Source: Solutionary ]

January 2015- The entire security industry has focused in on the newest buzzwords: Threat Intelligence. The term is so broadly used the definition of "intelligence" is sometimes lost. Some services are simply offering access to minimally analyzed (or even raw) data. Learn how to tell what "intelligence" really means and how to differentiate the offerings in this Solutionary white paper.

Top-Down Security and the Security Life Cycle [ Source: Solutionary ]

December 2014- Security is a necessary component in the corporate digital infrastructure. Unfortunately, rallying support behind security initiatives is often easier said than done. By improving mutual understanding of management and analyst perspectives, IT security professionals and non-technical managers can define a smoother process to develop and improve the organization's security infrastructure.

Malware Detection with Network Monitoring: Not Quite Enough [ Source: Solutionary ]

September 2014- When IT professionals think about information security, they often think about network intrusion detection systems (IDS) and intrusion protection systems (IPS) early in the process. Network IDS/IPS has long been a mainstay for detecting malicious activity and continues to be a very important piece of the security puzzle. Unfortunately for security professionals, that puzzle continues to evolve and becomes increasingly large and complex.

Enterprise Security & the Mainframe: A Holistic Approach [ Source: CA Technologies ]

January 2015- Ten years ago security breaches were mostly widespread nuisances perpetrated by young script kiddies out for notoriety. Today, they are targeted, sophisticated, and highly damaging. Most are perpetrated by well-funded elements of organized crime, foreign governments, and terrorist groups out for money and a competitive edge. Newer advanced persistent threats (APT's) can penetrate a single victim's network and secretly remain there for months or years, stealing large volumes of valuable proprietary or private customer information.

Why Your Next Generation Firewall Protection Isn't Enough [ Source: Webroot ]

November 2014- Enterprise security organizations face a daily onslaught of external attacks. According to a recent survey by IBM X-Force and Verizon's 2014 Data Breach Report, 92% of attacks being perpetrated are by outsiders. Because of this, organizations have to focus on how these attacks successfully penetrate their network perimeter security defenses. Many organizations have invested in next generation firewalls (NGFWs) to protect them from network-based attacks.

Detect and Investigate Malicious IP Activities in SIEM with Predictive Threat Intelligence [ Source: Webroot ]

October 2014- Malicious IPs are a new and growing problem for enterprises. To effectively defend against these malicious IPs, enterprises need to augment their SIEM solutions with real-time predictive threat Intelligence so they can detect attacks from unknown IPs as early as possible and respond to them before they lead to more severe incidents and costly breaches.

A Smarter Solution to Malware Prevention [ Source: Webroot ]

November 2014- Traditional endpoint security has failed to keep up with today's threats and is exposing organizations to unacceptable levels of risk. It's time for smarter, next-generation malware prevention to replace or supplement traditional defenses. New approaches to malware can wrest back control and give security administrators greater visibility and control over their endpoints at a lower cost than traditional solutions. This paper looks at the endpoint threats organizations are facing, the means to combat those threats, ...

Next 25