Sort results by: Published date | Company name
Showing items 1-25

No Respect. CISOs Misunderstood and Underappreciated by their C-Level Peers [ Source: ThreatTrack Security ]

October 2014- C-level executives regard the role of CISO primarily as a target for finger-pointing in the event of a data breach, and have little faith that individuals in the role could hold other leadership positions.

Prevent Data Breaches with Stronger Email Security [ Source: ThreatTrack Security ]

October 2014- Email remains the #1 threat vector for many organizations. To fight the onslaught of cyber threats, nothing short of a multilayered security architecture, backed by strict security policies and staff training, can protect an organization.

eGuide to Advanced Threat Hunting [ Source: Bit9 ]

October 2014- With the number of advanced attacks increasing every day-most undiscovered through traditional detection and response solutions-truly hunting for threats within your environment can be a laborious task. To combat this, enterprises must focus on prioritizing endpoint data collection over detection, leveraging comprehensive threat intelligence, and expanding detection beyond the moment of compromise.

2014 Cost of Cyber Crime study: Global [ Source: HP ]

October 2014- Ponemon Institute has completed its fifth year studying the cost of cyber crime to businesses around the world. The 2014 Cost of Cyber Crime study taps the collective experience of 257 organizations in seven countries. It shows that cyber crime and its associated cost to businesses continue to rise. But there is good news, too. Security defenses and a strong security posture help drive down the losses.

Separate reports exist for each country, and this ...

2014 Cost of Cyber Crime study: United States [ Source: HP ]

October 2014- For the fifth year running, the United States led the world in number and cost of cyber attacks. The Ponemon Institute surveyed 59 U.S. companies, performing 544 individual interviews to assess their experience with cyber crime. The mean annualized cost for the U.S. companies surveyed was $12.7 million—up 9.3 percent from last year. There is good news, though. A strong security posture and deployment of security intelligence systems drives down the cost for many companies. ...

Endpoint Security Trends [ Source: Absolute Software ]

September 2014- This report outlines Forrester's take on the endpoint security trends seen from Q2 2013 to Q4 2014, looking at IT spend, and the adoption of Endpoint Security Software-As-A-Service. Forrester provides data for organizations to benchmark their spending patterns against their peers, and strategize their endpoint security adoption decisions.

Guide to Data Security [ Source: DLT / Symantec ]

September 2014- Protecting the government's data is an all-consuming, top priority. As the federal government's data growth continues to spiral, and as the types of data threats and leakage change, data and storage managers have no choice but to be on the front lines of protecting their agencies' data. That means first building a solid data storage and management foundation – one that ensures that all data is accounted for at all times and that it's continually backed ...

White Paper: Web Application Scanning with Nessus [ Source: Tenable ]

September 2014- Why is it that so many web applications are certified to be compliant with a particular standard such as PCI DSS and yet are still compromised? According to data compiled by the DatalossDB project, breaches caused by web applications and web-related flaws comprise 11% of all breaches while another 18% fall into the "hack" category (some of which are likely web application related).
Is the scanner the problem? Is it the auditor? On the other hand, ...

White Paper: Vulnerability Management and Risk Assessment for the Cyber-Security Framework [ Source: Tenable ]

February 2014- This paper provides insight to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which calls for "a set of industry standards and best practices to help organizations manage cybersecurity risks". Specifically, this paper describes how Tenable’s solutions can be leveraged to help meet the guidelines and practices outlined in the components of the Cybersecurity Framework. Organizations can use the Framework to focus on a risk - based approach to align its vulnerability ...

White Paper: Continuous Monitoring for the New IT Landscape [ Source: Tenable ]

July 2014- Recent breaches have targeted a fatal flaw in the way organizations have approached security over the last two decades. While the focus has been on investing in multiple preventive security technologies-centralized authentication, desktop virus prevention, automated patching, next generation firewalls, sandboxes for zero-day malware, and security event management-adversaries have taken advantage of blind spots that have widened as the IT landscape has evolved. The recent breaches occurred not because of unknown weaknesses in the defensive ...

Privileged Identity Management [ Source: Gemalto ]

September 2014- Every week brings new stories of companies damaged by the breach of sensitive information, a problem that can be prevented by identity-centric best practices. Preventing data loss and protecting sensitive information from unauthorized access should be a top concern of every company. Although implementing strong authentication throughout your organization should be a consideration, starting with those employees who have elevated access is a good start.

Privileged users exist in every organization and they ...

Consumer Web Portals at Risk [ Source: RSA ]

September 2014- This report discusses the top business risks related to the security of consumer facing portals and the latest identity-related technologies that some organizations are already using or plan to adopt to minimize their risk.

The State of Advanced Persistent Threats [ Source: IBM ]

September 2014- Enterprises are unprepared to deal with APT attacks. According to a new Ponemon Institute study, APTs are changing the threat landscape, rendering current security controls ineffective.

In Advanced Persistent Threats (APTs) and targeted attacks, attackers use a myriad of tools and techniques to breach into an organizations' network, steal sensitive information and compromise its operations. Many APTs are launched with a specific purpose such as to gather information, including financial data, PII, or ...

Why Threat Intelligence is Critical for Next-Generation Firewalls [ Source: Dell Software ]

August 2014- Few organizations evaluating a next-generation firewall take the time to look at the threat intelligence network behind it. Yet this security resource analyzes and distributes intelligence that is essential to blocking advanced malware, zero-day attacks, targeted attacks and other advanced threats.

A top-tier threat intelligence network makes a major difference between a really effective next-generation firewall (NGFW) and a mediocre one, and some vendors invest far more in this area than others. This ...

Next-Gen Security [ Source: Dell Software ]

August 2014- SSL decryption and inspection keeps attackers away from your data and out of your network. Today between 25 and 35 percent of enterprise traffic is secured using the secure sockets layer (SSL) protocol, according to NSS Labs. In some vertical industries SSL traffic comprises as much as 70 percent of network traffic. This is expected, since SSL is commonly used for everything from e-commerce to online banking. More recently, however, cybercriminals have started using SSL to hide their ...

Understanding & Addressing OWASP's Newest Top Ten Threat: Using Components with Known Vulnerabilities [ Source: Sonatype ]

August 2014- Many organizations turn to the Open Web Application Security Project (OWASP) to help ensure that their code and applications are secure. Recently OWASP's Top Ten list of application security risks was updated to include "A9: Using components with known vulnerabilities." This means organizations need to expand their security approach to accommodate components - which are reusable blocks of code that are assembled together to create an application. These re-usable components now comprise 90% of an average ...

Information Security Buyer's Guide [ Source: AccessData ]

August 2014- This Buyer's Guide will aid organizations in specifying information security solutions for rapid detection and resolution. The need for these solutions has never been greater as organizations struggle to fight a deluge of sophisticated cyber threats and breaches. Many go undetected until it's too late to do much more than conduct triage, assess the damage and initiate massive shareholder and public damage control. This situation puts board members, c-suite executives and security experts in the ...

Advanced Evasion Techniques for Dummies [ Source: McAfee ]

July 2014- This book provides an overview of network security in general, and explains how cybercriminals can use hidden or currently undetectable methods to penetrate protected network systems. Advanced evasion techniques (AETs) bypass current common network security solutions. They can transport any attack or exploit through network security devices and firewalls, next generation firewalls, intrusion detection and prevention systems, and even routers doing deep packet inspection. In this book you'll find out all about AETs, and get ...

10 Best Practices for URL Filtering [ Source: McAfee ]

July 2014- URL filtering, which blocks users from accessing websites that are malicious or erode productivity, is an essential security best practice. Discover 10 ways to make this easier and more effective to implement.

Seven Key Features to Help You Stop Advanced Evasion Techniques at the Firewall [ Source: McAfee ]

July 2014- Computer networks are built to facilitate the flow of communication, not stop it. Unfortunately, data packets can be manipulated to look normal yet contain an exploit. These techniques evade standard security measures and, in most cases, can deliver a malicious payload without detection. Often, these advanced evasion techniques (AETs) take advantage of rarely used protocol properties in unexpected combinations.

Most network security devices are not capable of detecting them. While many pass industry ...

Mitigate Compensation Risk in Banking [ Source: IBM ]

July 2014- Read this new paper to learn about the current challenges faced by banking organization around compensation and see how incentive compensation management (ICM) solution can overcome these common challenges and turn ICM into an effective competitive tool.

You'll discover, how ICM can

• Align sales behaviors with corporate goals

• Automate commission calculations

• Improve transparency and performance in reporting and auditing

Learn how you ...

eBook: An IT Auditor's Guide to Security Controls & Risk Compliance [ Source: Bit9 ]

July 2014- Most organizations must comply with multiple standards covering privacy, corporate financial data, Protected Health Information and credit card data. Fortunately, the overlapping standards agree on a single concept; implementing appropriate security controls to protect information from improper disclosure.

However, GRC requirements do not exist in a vacuum. Organizational objectives must also be supported. Critical functions can be disrupted if business needs are not considered when establishing compliance activities. In addition, providing evidence that ...

5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain [ Source: SurfWatch Labs ]

July 2014- Cybersecurity for the enterprise. There is no silver bullet. But as business becomes more connected and as data moves further outside the organizational walls, enterprises need look at weaknesses in the security chain - and a good place to start is in the supply chain.

Small businesses sit on the "front lines" in the round-the-clock cybercrime battle. Think about how many small businesses, suppliers and customers have access to different areas of an ...

Top 10 Things Every Web Application Firewall Should Provide [ Source: Imperva ]

July 2014- Securing Web applications against cybercriminals, hacktivists, and state-sponsored hackers is a never-ending effort. Web application firewalls have become the central platform for protecting applications against all online threats. This white paper explains in detail the 10 features that every Web application firewall should provide.

Forensic Domain Mapping: How to Reverse Engineer Domain Ownership in a Cyber Investigation [ Source: DomainTools ]

July 2014- For investigators tasked with identifying the perpetrator of online fraud, it's often the little things that can make the difference. Cyber investigators must work diligently to ferret out the smallest details in order to snare their quarry. Investigating a digital crime is not so dissimilar as investigating a crime in the 'real world'. While popular TV shows might have you believe that a single fiber found at the scene of a crime will lead directly ...

Domain Attribution: Piercing the Veil of Masked Domain Owners [ Source: DomainTools ]

July 2014- As the Internet has evolved to become a primary channel of trade and commerce, so has the sophistication of criminal organizations and other perpetrators of fraudulent schemes who take advantage of domain privacy features as a means by which to mask their true identity. Domain privacy, a controversial topic since its introduction in 2003, provides domain owners with the option to substitute the registrar's contract information for their own. While there are a variety of legitimate ...

Next 25