Security in multiplesImage by ShutterstockThe Internet of Things (IoT) describes an interconnected system of standalone devices, which communicate and transfer data within the existing internet infrastructure, providing greater insight and control over elements in our increasingly connected lives. With an estimated 30 billion connected devices to be deployed across the globe by 2020, the promise of a global Internet of Things is fast approaching, posing a whole new level of threats to connected organizations. To a potential attacker, a device presents an interesting target for several reasons. First, many of the devices will have an inherent value by the simple nature of their function. A connected security camera, for example, could provide valuable information about the security posture of a given location when compromised. Hackers are already using IoT devices for their malicious purposes in multiple types of attacks on networks and servers. DSL, DDoS and bot attacks in 2016 have proven that there is no shortage of opportunities that hackers are willing to exploit. Portnox explains these common misconceptions.To read this article in full or to leave a comment, please click here
Security in multiplesImage by ShutterstockThe Internet of Things (IoT) describes an interconnected system of standalone devices, which communicate and transfer data within the existing internet infrastructure, providing greater insight and control over elements in our increasingly connected lives. With an estimated 30 billion connected devices to be deployed across the globe by 2020, the promise of a global Internet of Things is fast approaching, posing a whole new level of threats to connected organizations. To a potential attacker, a device presents an interesting target for several reasons. First, many of the devices will have an inherent value by the simple nature of their function. A connected security camera, for example, could provide valuable information about the security posture of a given location when compromised. Hackers are already using IoT devices for their malicious purposes in multiple types of attacks on networks and servers. DSL, DDoS and bot attacks in 2016 have proven that there is no shortage of opportunities that hackers are willing to exploit. Portnox explains these common misconceptions.To read this article in full or to leave a comment, please click here
Penetration testing was much like taking a battering ram to the door of the fortress. Keep pounding away and maybe find a secret backdoor to enter through. But what happens if pieces of the network are outside of the fortress? With the flurry of Internet of Things devices, is it harder to conduct a pen test with that many devices and end points?Claud Xiao, principal security researcher, Unit 42 at Palo Alto Networks, said for just testing some network services on IoT devices in a black box way, the difficulty level and the steps are similar with regular pen testing. But if you're discovering vulnerabilities via analyzing firmware or via analyzing wireless communications (e.g., Bluetooth or ZigBee), that's much harder.To read this article in full or to leave a comment, please click here
Penetration testing was much like taking a battering ram to the door of the fortress. Keep pounding away and maybe find a secret backdoor to enter through. But what happens if pieces of the network are outside of the fortress? With the flurry of Internet of Things devices, is it harder to conduct a pen test with that many devices and end points?Claud Xiao, principal security researcher, Unit 42 at Palo Alto Networks, said for just testing some network services on IoT devices in a black box way, the difficulty level and the steps are similar with regular pen testing. But if you're discovering vulnerabilities via analyzing firmware or via analyzing wireless communications (e.g., Bluetooth or ZigBee), that's much harder.To read this article in full or to leave a comment, please click here
Running its courseImage by UntangleNetwork World's long-running product of the week slideshow has come to an end with this edition. Vendors are still welcome to discuss their products with reporters. Thank you to all who have submitted products. CyphonImage by dunbarTo read this article in full or to leave a comment, please click here
Running its courseImage by UntangleNetwork World's long-running product of the week slideshow has come to an end with this edition. Vendors are still welcome to discuss their products with reporters. Thank you to all who have submitted products. CyphonImage by dunbarTo read this article in full or to leave a comment, please click here
Data at riskImage by George HodanBefore his retirement, an employee of the Office of the Comptroller of the Currency (OCC) uploaded more than 10,000 OCC records onto two removable thumb drives. He retired in November 2015; the agency didn’t discover the breach until the following September. That left almost a year between breach and detection. The OCC was not able to recover the thumb drives.To read this article in full or to leave a comment, please click here
Data at riskImage by George HodanBefore his retirement, an employee of the Office of the Comptroller of the Currency (OCC) uploaded more than 10,000 OCC records onto two removable thumb drives. He retired in November 2015; the agency didn’t discover the breach until the following September. That left almost a year between breach and detection. The OCC was not able to recover the thumb drives.To read this article in full or to leave a comment, please click here
Years ago it would have been unthinkable to give up control to securing your most valuable assets. But for some companies the risk of handing the security keys to a third party is less than the idea of facing the daily barrage of attacks.When asked why a company would cede control, many vendors said it depends on the level of staffing that company has. If the expertise is lacking, why take the chance. Or if it is a small to midsize enterprise, maybe there is just not a budget for creating a security staff up to the level needed. Therefore, partnering with a managed security services provider (MSSP) has become almost a must when faced with worries over data theft and the number of mobile devices entering the workplace. To read this article in full or to leave a comment, please click here
Years ago it would have been unthinkable to give up control to securing your most valuable assets. But for some companies the risk of handing the security keys to a third party is less than the idea of facing the daily barrage of attacks.When asked why a company would cede control, many vendors said it depends on the level of staffing that company has. If the expertise is lacking, why take the chance. Or if it is a small to midsize enterprise, maybe there is just not a budget for creating a security staff up to the level needed. Therefore, partnering with a managed security services provider (MSSP) has become almost a must when faced with worries over data theft and the number of mobile devices entering the workplace. To read this article in full or to leave a comment, please click here
What is incident response?Image by ThinkstockIncident response is like investigating a real burglary. You look for evidence of the intruder at the crime scene, find his targets and his getaway car, and repair any holes. Discover any cuts in your chain link fence. Take a few steps back for more perspective. Find the intruder’s targets. What assets are near the compromised fence? Investigate in both directions to find the intruder's target and getaway car. Fix the fence. Resolve any issues and patch vulnerabilities.To read this article in full or to leave a comment, please click here
What is incident response?Image by ThinkstockIncident response is like investigating a real burglary. You look for evidence of the intruder at the crime scene, find his targets and his getaway car, and repair any holes. Discover any cuts in your chain link fence. Take a few steps back for more perspective. Find the intruder’s targets. What assets are near the compromised fence? Investigate in both directions to find the intruder's target and getaway car. Fix the fence. Resolve any issues and patch vulnerabilities.To read this article in full or to leave a comment, please click here
What is incident response?Image by ThinkstockIncident response is like investigating a real burglary. You look for evidence of the intruder at the crime scene, find his targets and his getaway car, and repair any holes. Discover any cuts in your chain link fence. Take a few steps back for more perspective. Find the intruder’s targets. What assets are near the compromised fence? Investigate in both directions to find the intruder's target and getaway car. Fix the fence. Resolve any issues and patch vulnerabilities.To read this article in full or to leave a comment, please click here
The CEO puts all the trust in the chief security officer to keep the company off the front page and out of danger. But as the number of attacks across the internet skyrockets, that trust has slowly eroded or at the very least is increasingly questioned.CEOs don’t want to be caught off-guard, so they are asking pointed questions to ensure they know what security precautions are being taken. Here is a hypothetical Q&A between a CEO or board member and the CISO. Lucas Moody, vice president and CISO at Palo Alto Networks, and Dottie Schindlinger, Governance Technology Evangelist at Diligent, provided insight with these interactions.CEO: Why are we getting more phishing attacks? And what are we doing about all these phishing attacks?To read this article in full or to leave a comment, please click here
The CEO puts all the trust in the chief security officer to keep the company off the front page and out of danger. But as the number of attacks across the internet skyrockets, that trust has slowly eroded or at the very least is increasingly questioned.CEOs don’t want to be caught off-guard, so they are asking pointed questions to ensure they know what security precautions are being taken. Here is a hypothetical Q&A between a CEO or board member and the CISO. Lucas Moody, vice president and CISO at Palo Alto Networks, and Dottie Schindlinger, Governance Technology Evangelist at Diligent, provided insight with these interactions.CEO: Why are we getting more phishing attacks? And what are we doing about all these phishing attacks?To read this article in full or to leave a comment, please click here
New products of the weekImage by ArrayOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.FastCollect for Archives Commvault EditionImage by archive360To read this article in full or to leave a comment, please click here
New products of the weekImage by ArrayOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.FastCollect for Archives Commvault EditionImage by archive360To read this article in full or to leave a comment, please click here
Citrix’s CSO Stan Black has been in the cybersecurity field for 20 years. He has seen generations of employees come and go at the software and data security company. There are three generations working side by side at Citrix – and a fourth on the way. Citrix has 9,500 employees with 51 percent being Millennials. With each generation comes a new security challenge that employers need to be overcome so that eventually enterprise security is second nature by the time future generations are in the workforce. CSO Managing Editor Ryan Francis recently asked Black how these challenges can be lessened in future generations. What is the biggest security issue you see of new employees?To read this article in full or to leave a comment, please click here
Citrix’s CSO Stan Black has been in the cybersecurity field for 20 years. He has seen generations of employees come and go at the software and data security company. There are three generations working side by side at Citrix – and a fourth on the way. Citrix has 9,500 employees with 51 percent being Millennials. With each generation comes a new security challenge that employers need to be overcome so that eventually enterprise security is second nature by the time future generations are in the workforce. CSO Managing Editor Ryan Francis recently asked Black how these challenges can be lessened in future generations. What is the biggest security issue you see of new employees?To read this article in full or to leave a comment, please click here
Forrester Research recently released its report naming Sungard AS, Bluelock, IBM and iland as the top disaster recovery-as-a-service companies.With enterprises expecting their network up at all times, backup and recovery are key to keeping things running smoothly with no downtime. With ransomware waiting to pounce the minute a user clicks on a link, companies rely on network recovery in a matter of minutes not days.To read this article in full or to leave a comment, please click here
Ryan Francis