Blogs

Showing Blog Posts: 1–10 of 25 by John Linkous

  • The Once and Future Network Security Appliance

    by John Linkous on September 16, 2014

    In the early 2000s, the network security appliance became ubiquitous. Beginning with Web application firewalls (WAFs), and eventually extending through all seven layers of the network model, security appliances were being popped into server racks like candy. "Need to filter spam? There's an appliance for that!" "Do you want to analyze the flow data generated on your firewalls? There's an…

  • Security Audit: The Pitfalls of Third-Party Assessments

    by John Linkous on September 9, 2014

    Everyone is aware of last year’s data breach at Target. Millions of records of cardholder data were stolen and Target is still recovering, with current costs at $148 million. What's not well-known, or openly discussed, is the behind-the-scenes conversations the company has had with its PCI assessor and the standards organization. The PCI Security Standards Council (SSC), consisting of major credit…

  • Don't Let Hybrid Clouds Rain on Your Security

    by John Linkous on September 4, 2014

    Enterprises of all sizes have wholeheartedly adopted the cloud in all its various forms: Infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and other, more exotic and granular definitions of "aaS" implementations are being developed every day. For many organizations, however, the hybrid cloud is key to scaling their services while still maintaining…

  • Mobile Device Management and the Ubiquity of Mobile Authentication

    by John Linkous on September 2, 2014

    We all know that mobile devices are rapidly becoming an absolutely indispensable component of the online world. , This makes mobile device management even more critical, regardless of who is managing the device: a large enterprise, a small business, or just you. Online banking and other sites require a mobile device in order to send a one-time password to authenticate transactions. Smartphone…

  • A Cloud Is Still a Cloud: The Private Cloud and Security

    by John Linkous on August 28, 2014

    The options today for moving business functions to private clouds are staggering. Organizations adopt the cloud for various applications, from direct-to-buyer sales and content delivery, to back office functions such as supply chain management, finance operations, and human resources. The increasingly granular ways in which they can slice-and-dice cloud delivery are tremendous. Private clouds, in…

  • Intelligence-Driven Security and the Future of Threat Detection

    by John Linkous on August 21, 2014

    For many years, signature-based detection was the hallmark of finding and eliminating security threats in the enterprise. While antivirus and similar products were successful against single-vector attacks, the fact is, we're seeing more and more major security breaches where traditional approaches to security no longer work. To address these new threats, intelligence-driven security is needed. …

  • Identity Management and the Cloud: It's Easier Than You Think

    by John Linkous on August 14, 2014

    How do you create an identity management cloud? Identity management (IDM) has in the past hovered on the periphery of information security. No longer. As organizations become more aware of the risks of not keeping track of users, what they access, and what privileges they have, identity management is moving to the forefront. And identity management is not just limited to the largest enterprises, …

  • No Easy Answer for In-App Data Security on Mobile Devices

    by John Linkous on August 7, 2014

    The proliferation of mobile devices—smartphones, tablets, convertibles, and more—is leading to a fundamental shift in how technology is used both for individuals and businesses. It's also leading to major problems for ensuring mobile security, especially inside of apps. App data is managed through Internet-connected, platform-specific programs for mobile devices, delivered through trusted app…

  • The Future Is Now: Threats That Were Never Supposed to Happen Are Here

    by John Linkous on July 29, 2014

    Recently, I took the opportunity to install the latest version of Pwnie Express's Pwn Pad 2014ce on my Google Nexus 7 tablet. For those who aren't familiar with the Pwn Pad, it's a modified version of the Kali Linux distribution that provides a complete, walking environment for detecting and—as a white-hat only, of course—testing information security threats. While the Pwn Pad is a great mobile…

  • Upping the Ante: Security in Mobile Health Care Devices

    by John Linkous on July 24, 2014

    You might wonder what mobile healthcare has to do with Stuxnet. A few years ago when the Stuxnet malware first hit, a client asked me to provide an overview of why it was different than the other malware that came before it. At the time, my first inclination was to do exactly that: write up a nice, brief assessment of how Stuxnet was the first tangible evidence of malware affecting "real world"…

This document was retrieved from http://www.rsaconference.com/blogs/by/102/linkous on Sun, 21 Sep 2014 14:10:07 -0400.
© 2014 EMC Corporation. All rights reserved.