Blogs

  • Latest Guidelines for Malware Detection

    by Robert Moskowitz on November 28, 2014

    Leading image

    Today's malware brings a wide range of threats that—without proper detection and defense—can wreak havoc on any computer system. While various kinds of malware can get onto your system via the original manufacturer, information-seeking government agencies, and covert infiltrators, the vast majority of malware still comes over the Internet as software downloads. Deceptive Downloads Because a steady stream of advances in software security have made direct attacks difficult and expensive, …

  • Public or Private Cloud: How Secure Is Your Cloud?

    by Christopher Burgess on November 27, 2014

    Public and private cloud service providers have many providers to choose from. The cloud offers low-cost data storage solutions and infrastructure to host web applications and processes. The company can remove applications from client-side devices and they don’t need skilled IT professionals to manage the infrastructure. In a September Forbes article, "How to Avoid a Cloud Strategy Fail,"…

  • Bulletproof SSL and TLS

    by Ben Rothke on November 24, 2014

    If SSL is the emperor’s new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it’s indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS…

  • Network Intrusion: NIDS and Detection

    by Robert Moskowitz on November 24, 2014

    Network intrusions—any unauthorized activity on a computer network—utilize network resources that can be better used for other, authorized, purposes. They threaten the security of the network and data. There are a variety of ways to detect an intrusion, including monitoring network logs, sniffing network traffic, and real-time filtering for specific network events. At a minimum, network security…

  • Which Is It: Privacy vs. Security, or Privacy and Security?

    by Christopher Burgess on November 21, 2014

    The age-old question: is it "privacy vs. security" or "privacy and security"? This year, we’ve seen data breach after data breach affecting companies of all sizes and across all industries. We’ve also seen victims grapple with privacy headaches in the aftermath. It would seem, then, that security and privacy are intertwined. But when considering the users and how they interact with company data, …

  • Registration is Now OPEN for RSA Conference 2015!

    by Linda Gray on November 20, 2014

    The holidays are fast approaching and that means another year has flown by. For everyone here at RSA Conference, that also means it’s crunch time as we prepare for the 2015 event. With that, we’re excited to announce registration for RSA Conference 2015 is now open! Be sure to mark your calendars – this year’s event is April 20-24 at our usual location in San Francisco’s Moscone Center. Each year, …

  • Guidelines For Retailers This Holiday Shopping Season

    by Fahmida Y. Rashid on November 19, 2014

    The holiday shopping season is looming, and retailers are gearing up for Black Friday and other sales. It's been a year since criminals infiltrated Target's networks with malware and made off with millions of credit card details. Retailers are scrambling to get everything ready for the shoppers and deals; we hope their networks are secure and ready, as well. Or will cyber-criminals have another…

  • Security Storage: To HSM or Not To HSM?

    by Joshua Marpet on November 18, 2014

    Information security storage is necessary; without it, how would Amazon know what it is selling or what product recommendations to make? How could it store the shopper’s credit card information to make purchases with a single click? While consumers would like to think their credit card information, purchase history, and other personalized data is stored securely, that is not always the case. …

  • The Human Element in the Data Breach

    by Christopher Burgess on November 17, 2014

    We are all familiar with the adage, "to err is human; to really foul things up requires a computer," which implies that the computer may be to blame for many data breach calamities. Alas, it appears the erring human is also culpable. Take, for example, the recent kerfuffle surrounding Apple's iCloud and the compromise of celebrity accounts containing salacious photos. After much slinging of…

  • Social Engineering 2.0: Old-Fashioned Targets, Cutting-Edge Techniques

    by John Linkous on November 14, 2014

    Back in 2006, a large company in Chicago contracted my company to conduct an advanced information security controls assessment. In addition to looking for technical vulnerabilities—unpatched servers, web app vulnerabilities, open ports that should be closed, and the like—we were also contracted to conduct a social engineering assessment. On the first day of our technical assessment, our team…

  • Source Code: The Last Frontier of Security Threats

    by John Linkous on November 13, 2014

    My consulting firm is increasingly receiving requests from customers to help them address what seems to be the last frontier of security analysis: source code. As an analyst, I have a lot of tools at my disposal for identifying problems in both compiled code and p-code. Security, after all, started out as a black box-oriented approach to figuring out answers to problems; we know what the specs of…

This document was retrieved from http://www.rsaconference.com/blogs on Fri, 28 Nov 2014 07:06:36 -0500.
© 2014 EMC Corporation. All rights reserved.