Despite the fact that today's IT security threats have advanced across a spectrum of sophistication and scale, defenses continue to fail with alarming consistency. The evolution of defense has produced fragmentation among security tools that keeps them from working together to deliver more effective response. The gap between network security technologies and defenses on endpoints and servers is a particularly pointed example.
Download this whitepaper and learn how to close these gaps and ...
It's an unprecedented time of cyber attacks and information about attacker methods is difficult to obtain unless you are the victim, and let's face it, by then, it's too late.
This whitepaper details lessons learned about cyber attacks from extensive interviews with security analysts. One common thread that emerged was the difficulty of preventing the delivery of APT malware to systems and quickly detecting the attack once the malware was active. In between ...
June 2013- Protecting enterprise operations from hacks, malware, targeted attacks, advanced persistent threats (APTs) and other malicious activity remains a challenge for organizations, large and small. The number of breaches continues to grow and shows no signs of slowing despite technology advances and a market flush with cybersecurity products. In fact, according to the 2013 Verizon Data Breach Investigations Report (DBIR), 66 percent of surveyed organizations didn't discover security breaches until months after the fact, and 69 percent of these ...
As businesses continue to move critical
operations online, distributed denial of service
(DDoS) attacks are increasing in frequency,
sophistication and range of targets. In a 2011
Verisign study, 63 percent of respondents
reported experiencing at least one attack that
year, while 51 percent reported revenue loss
as a result of downtime from the attack. Those
numbers are undoubtedly higher today as
the size, frequency and complexity of DDoS
attacks continue to grow.
Mitigation against these types ...
May 2013- The most recent financial institution attacks have been launched via the BroBot/itsoknobroblembro toolkit. This advanced toolkit supports multiple attack methods, including HTTP, HTTPS and DNS.
May 2013- While most enterprise risk managers are accustomed to addressing regulatory compliance, data integrity and data privacy within an IT risk management framework, many have not fully accounted for IT availability as it relates to business continuity. Even risk managers who do consider IT availability may focus only on operational and environmental threats (e.g., human error, fires and floods) while overlooking distributed denial of service (DDoS) attacks, which are one of the leading causes of ...
May 2013- Though most organizations have invested considerable time and effort in improving their endpoint risk management processes, many of them are ill-equipped to handle the myriad of third-party applications that are increasingly introducing the most risk into today's IT environment. That's because as the typical IT organization has worked on reducing the risk profile of PC and server operating systems, cyber criminals have started to look for greener pastures - namely among third-party applications. This white ...
May 2013- Unfortunately, stopping known threats isn't enough to protect real-world networks. Solutions must also stop unknown threats at every stage of an attack. This white paper reveals the results, conducted by the leading independent test laboratory Miercom, from over 2.2 million live web requests of unknown nature simulated as a typical day on a network like yours.
May 2013- The IBM X-Force Trend and Risk Report is produced twice per year: once at mid-year and once at year-end. This report provides statistical information about all aspects of threats that affect Internet security, including software vulnerabilities and public exploitation, malware, spam, phishing, web-based threats, and general cyber criminal activity. They are intended to help customers, fellow researchers, and the public at large understand the changing nature of the threat landscape and what might be done ...
May 2013- The most menacing type of cyberattack is invisible. Using sophisticated techniques to hide its presence, a stealth attack may operate outside of the OS or move dynamically across endpoints to conceal the attackers' actions. The risk to enterprises is real, with high-profile attacks such as Operation High Roller impacting companies around the globe. Traditional antivirus or intrusion prevention systems are no match for this new breed of attack; instead, enterprises need layered security controls that ...
May 2013- In a hyper-connected era, a proactive integrated and strategic approach to security can empower businesses to do more than just cope with current threats - it can actually help reduce future risks. Read the IBM study, "Finding a strategic voice," and discover more insights from the 2012 IBM Chief Information Security Officer Assessment.
April 2013- Organizations are discovering that effective Advanced Persistent Threats (APTs) protection is a critical priority. Without APT protection, organizations are vulnerable to potentially devastating malware attacks that could last for months or years before they're identified.
In the wake of the numerous server data breaches reported this year, it is clear that traditional signature-based blacklisting security strategies are inadequate in addressing today's sophisticated cyber threats. Advanced threats are targeting servers to steal valuable corporate intellectual property. These attacks happen fast - in less than 15-20 minutes - and are bypassing traditional security tools.
In this whitepaper, Industry Analyst Frost and Sullivan examines today's advanced threat landscape and recommends that ...
Historically, IT defense has focused largely on the threat. So-called "blacklist" technologies maintain an inventory of specific attack types, and provide defense against each. Today, the volume, variety and sophistication of attacks highlights the limitations of such approaches, as signature databases approach their upper limits and leave exploitable gaps in defense.
These changes in the threat landscape have led many organizations to consider the alternative to a blacklist approach. In contrast to blacklisting ...
Every enterprise has high-value information that is vital to its success.
As cyber-attack techniques become more sophisticated your "digital gold" is increasingly vulnerable. Today's cyber threats have changed in sophistication, in focus, and in their potential impact on your business.
Download this eBook to learn:
• What cybercriminals are doing to target you and your business
• Why today's advanced attacks require real-time detection
• The steps you can take ...
Download this workbook to create a personalized scorecard that assesses the effectiveness of your current security strategy and shows you why a trust-based security solution is your best defense against advanced malware. This workbook will:
Show you why traditional antivirus solutions are no longer effective against today's advanced threats
Offer tools to measure how your current security posture affects the productivity of your IT and operations staff and end users
March 2013- Many IT security professionals recognize that advanced persistent threats (APTs) pose a growing risk to their organizations. However, recent UBM Tech research discovered that only a few are taking the necessary steps to combat APTs and protect their organizations. In fact, many appear to have a misplaced sense of confidence in their ability to detect these attacks, even though few have developed strategies for dealing with them. This gap is particularly troubling since security experts ...
Big Data repositories enable enterprises to use large volumes of varied data to make more rapid decisions, but repositories frequently include sensitive data that must be secured. Most Hadoop and NoSQL environments that manipulate Big Data have little to no integrated security.
This technical paper provides an overview of NoSQL Big Data security issues and includes security recommendations that enterprises should consider when securing Big Data environments.
March 2013- The Securing and Controlling Data in the Cloud white paper describes the various cloud formations (Private Cloud, Public Cloud, SaaS, PaaS, IaaS), the new security challenges posed by the cloud and solutions that enterprises can bring to bear for securing and controlling sensitive data in cloud environments.
The last few years have seen a dramatic increase in the use of email as a vehicle for cyberattacks on organizations and large corporations.
Such attacks have evolved from the simple inclusion of malware as a non-disguised executable file, to more socially engineered "phishing"style attacks, which attempt to persuade the recipient voluntarily provide valid security credentials-often simply by clicking a link that leads to a malicious or fraudulent website. But how can ...
February 2013- Law enforcement and domain registrars will continue to curb cybercrime efforts. This will likely be coordinated through CERT groups and relations with security firms. However, a more comprehensive, multi-layered approach to security will be key in bolstering that effort.
October 2012- This document reviews new malware analysis technology, Cerberus, which determines the behavior and intent of suspect binaries without the need for signatures, white lists or a sandbox environment. Using this “triage” approach, organizations are able to detect unknown threats that signature-based technologies will miss. In addition, they are able to gain critical information immediately, allowing them to take decisive action prior to engaging a malware team. There are tens of thousands of static executables on ...
80% of organizations suffering payment card breaches had not achieved compliance with PCI DSS at the time of the breach. – Verizon 2011 Data Breach Investigation Report
As regulation and litigation increase, internal investigators must support an alphabet soup of compliance obligations: SOX, GLBA, FISMA, HIPAA, PCI DSS, regional privacy laws, and more. Although each regulation is different, these laws share common investigation requirements in three areas: policy, control infrastructure, and incident response.
“The theft began with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program… Ultimately, the intruders were able to gain control of a software repository used by the development team.” - New York Times - Cyberattack on Google Said to Hit Password System
While we still use many of the same old names - viruses, Trojans, and worms - today’s malware enables potent multistage ...
View All Categories
Business Intelligence : Analytics, Business Process Management, Content management, Dashboards, Data Mining, Data Quality, Databases, Datamarts/Data Warehouses, Information Management, Knowledge Management, Performance Management
Hardware : Blades, Data centers, Desktops/PCs, Grid/Cluster Computing, Handhelds/PDAs, Macintosh, Peripherals, Processors, Supercomputers, Unix/Linux servers, Utility/On-demand Computing, Virtualization Hardware, Windows Servers
Infrastructure : ATM, Ethernet/Gigabit Ethernet, Frame relay, IPv6, Traffic Management, Network/Systems Management, PBXs, Printers, Remote Access, Routers, Switches, UPS, VPNs, WAN Optimization/Acceleration, Wide Area File Services
Internet : B2B, B2C, Browsers, E-Business/E-Commerce, E-retail, Google, Internet Policy, Internet Security, Search, Social Networks, Traffic Reporting/Monitoring, Web 2.0, Web Development, Social Business
Management : Career Development, Executive Insights/Interviews, H-1B, Legal, Outsourcing, Personnel Management, Recruiting, Regulation/Compliance, ROI/TCO, Salary/Compensation, Small-Medium Business, Training, Workplace Trends
Personal Tech : Blackberry, Bluetooth, Bluray, Digital Cameras, Digital Music, Digital Rights Management, Global Positioning Systems, iPhone, iPod, Peripherals, Smartphones, TVs/Home Theater, Virtual worlds
Security : Antivirus, Application Security, Attacks/Breaches, Cyberterror, Encryption, End user/Client Security, Intrusion Prevention, NAC, Perimeter Security, Privacy, Security Administration, Storage Security, Vulnerabilities and Threats
Services : Business Process Outsourcing, Business Services, Disaster Recovery, Hosted Applications, Hosted Storage, Internet/Data Services, Outsourcing, Software as a Service, Systems Integration, Telecom/Voice Services
Software : Integration, Application Optimization, Business Systems Management, CRM, Database Applications, Databases, Development Tools, ERP, Hosted Software/Applications, Linux, Open Source, Operating Systems, Productivity Applications, Server Virtualization, Service Oriented Architecture, Web Services