Menu

Blogs

  • Hijacking Made Easy: Ransomware, Bitcoin, the Dark Web, and Intellectual Property Theft

    by John Linkous on May 27, 2015

    Leading image

    The FBI may have shut down CryptoLocker last year, but researchers report new variants of Cryptolocker have already started infecting users. Other ransomware families continue to make its way into corporate networks. Unlike other, stealthier malware focused on committing intellectual property theft without being seen, CryptoWall and its malware brethren flaunt their presence right in your face. Ransomware encrypts data using public-key cryptography with strong ciphers and huge key lengths, and…

  • The Human Element of Computer Security

    by Robert Moskowitz on May 25, 2015

    Most organizations spend significant sums on high-tech defenses such as firewalls, anti-virus software, intrusion detection systems, and biometric locking devices as part of their computer security efforts. But even the strongest hardware and software defenses cannot withstand the human element. The damage can be inflicted intentionally by demotivated employees or unintentionally by…

  • Effective Database Cloud Security: The Holy Grail of Every Company

    by Christopher Burgess on May 22, 2015

    Enterprises rely on metrics to track where they are and where they're heading. Databases have three: availability, accessibility, security. The latter—securing data at rest and in motion while users engage with the data—is still a challenge for many organizations. Database cloud security is still a relatively new concept, and isn't always easy to grasp. It was already complex for many C-suite…

  • Security By Any Other Name

    by Wendy Nather on May 21, 2015

    If you went up to a pharmacist and said, “Hi, I need something to cure a case of the APTs,” what do you think she would recommend? A big issue with the security industry has to deal with the way we market and describe security technology. It used to be that products were described by functionality, with point features that were well understood: firewall, anti-virus, anti-spam, web filter, log…

  • Intellectual Property Theft: The Insider

    by Christopher Burgess on May 20, 2015

    If you are responsible for protecting your company from the risk of a trusted insider stealing intellectual property, consider packing a lunch because it's going to be a bit of a journey. Intellectual property (IP) means different things to different people. And far too many believe they don’t have access to the company's IP, and therefore are not responsible for protecting it. First, …

  • What's Next in Our Security Conversation

    by Fahmida Y. Rashid on May 18, 2015

    There were a lot of interesting conversations at RSA Conference last month. With everyone back home and back to the pressures of the daily job, what happens next? Where does all that energy and excitement go? Hopefully, it is being channeled into informal conversations and new initiatives. One of the key themes was that security is broken and it needs to change. Every company needs a holistic…

  • The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014

    by Ben Rothke on May 18, 2015

    The infinite monkey theorem states that a monkey hitting random typewriter keys for an infinite amount of time will eventually be able to create the complete works of Shakespeare. Various scientists such as Nobel laureate Arno Penzias have shown how the theorem is mathematically impossible. Using that metaphor, if you took every member of United States Congress and House of Representatives and…

  • CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security

    by Ben Rothke on May 16, 2015

    Full disclosure: this book is sponsored by the Cloud Security Alliance of which I am a founding member. I am also friends with 2 of the authors. Even though cloud computing is mainstream such that even the Federal Government is on board; it’s not necessarily so that it will always make computing cheaper and faster. And all the more so when it comes to security and privacy. The challenge is how to…

  • SANS NetWars at RSAC 2015

    by Fahmida Y. Rashid on May 15, 2015

    SANS Institute brought its NetWars competition to RSA Conference 2015 in San Francisco. A hands-on, interactive learning environment, SANS NetWars lets information security professionals develop and master skills they need in their jobs. The program focuses on developing skills in vulnerability assessment, system hardening, malware analysis, digital forensics, incident response, packet analysis, …

  • Mining Your Banking Data Gold Mine

    by Dale "Woody" Wooden on May 14, 2015

    Dale "Woody" Wooden illustrates security concepts through stories. His past posts discussed how attackers mine employees' social media accounts for information and how social media can be used against you. This story is about companies asking for way too much information about your business. Would you give up all your itemized bank statements to a third party? Hand over information about…

  • Today’s Attack Mode Mindset to Pen Testing

    by Eric Cowperthwaite on May 13, 2015

    Let’s start off by getting on the same page about what a penetration test is. The goal is generally to provide or your management team with an evaluation and snapshot of the organization’s security posture at a specified time. The actual testing involves mimicking what real attackers do, usually by leveraging a chain of vulnerabilities (i.e. attack path) in an attempt to reach critical assets. …

This document was retrieved from http://www.rsaconference.com/blogs on Thu, 28 May 2015 16:03:17 -0400.
© 2015 EMC Corporation. All rights reserved.