Blogs

  • The Evolution of Data Mining for Security Operations

    by John Linkous on November 6, 2014

    One of the more depressing pieces of information from Verizon's 2014 Data Breach Investigations Report is the fact that, over the past five years, the time difference between when a data breach occurs and when it is discovered has been on the rise. Yes, that's right: despite investing in countless security tools to detect security threats, we're actually getting worse at the job. This is largely…

  • Webcast Recap: Finding Security Resources Inside Your Organization

    by Fahmida Y. Rashid on November 5, 2014

    As part of the budget planning exercise, security leaders have to prioritize their projects and initiatives for the next year. Savvy security leaders know to look for security resources in other areas of the organization, Denim Group principal John Dickson said in a recent RSAC webcast. "This is not about vendors selling security solutions to CISOs or CSOs," Dickson said. "This is about internal…

  • News Pick: Data Breach Targets Speak

    by Fahmida Y. Rashid on November 4, 2014

    While any organization can suffer a data breach, some organizations seem to be bigger targets than others. Representatives from financial services, retail, media, and healthcare organizations talked about their security strategies at this year's Privacy Xchange Forum in Scottsdale, Ariz., Dark Reading reported. Not all industry sectors face the same threats. Organizations have to finetune their…

  • Security Reality: Special Challenges in Q4

    by Fahmida Y. Rashid on November 3, 2014

    The end of the year is a busy time for information security professionals. There are a lot of balls to juggle, and our adversaries are poised to attack if we look in the wrong direction. The team behind Target’s data breach last year took advantage of the retailer’s increased traffic volume—both online as well as through its brick-and-mortar stores—to sneak in and infect the point-of-sale…

  • Security Infrastructure: What Does It Really Entail?

    by Robert Moskowitz on October 31, 2014

    For years, the goal behind security infrastructure has been to thwart—or at least, mitigate—malicious attacks against an organization's secure data. But in today's world of interconnected computer systems and new generation of information technology capabilities, this old-style infrastructure is no longer capable of guaranteeing privacy for sensitive data. Modern industry needs requires features…

  • Update on charity:water Efforts in Nepal

    by Linda Gray on October 30, 2014

    As many of you know, at RSA Conference in San Francisco this past February, we joined the charity: water mission asking our attendees to participate in a Waterwalk. In exchange for their participation, RSA Conference vowed to make a donation that would help fund two water projects for schools in Nepal. In August we checked in with charity: water Growth Associate, Makena Cunningham, for a Q&A on the…

  • Network Security Appliance: Build or Buy?

    by Joshua Marpet on October 29, 2014

    Monitoring your network can be a seriously unpleasant task. It involves everything from maintaining firewall rules, watching traffic, looking for problems, keeping track of the latest issues on the Internet, checking log data on the dashboard, correlating events—oh dear God, it keeps going! So, what do you do? Do you use a myriad of tools, stitch them together with some scripting, document the…

  • A Whole New Way to Spot Malware Before It Spots You

    by Robert Moskowitz on October 28, 2014

    Enterprise networks still rely on antivirus software and blacklists to keep known malware at arm's length. But researchers suggest another approach, one which promises to spot a dangerous piece of code before it shows up on a list somewhere. This form of detection doesn't look for malicious code, but for malicious networks communicating with that code. Internet service providers, and any…

  • Measuring and Managing Information Risk: A FAIR Approach

    by Ben Rothke on October 27, 2014

    If you work in IT, you can’t go a day without some sort of data about information security and risk. Research from firms like Gartner are accepted without question; even though they can get their results from untrusted and unvetted sources. The current irrational panic around Ebola shows how people are clueless about risk. While distressing over Ebola, the media is oblivious to legitimate public…

  • Around the Web: Backoff, Online Payments, Security

    by Fahmida Y. Rashid on October 24, 2014

    Data breaches, point-of-sale malware, and payment card security were among the hottest topics this week. Information security professionals have to sift through and absorb a lot of information throughout the week, including news reports, survey results, threat advisories, and security warnings. That's just the beginning. Don't forget breaking research, insightful blog posts from other security…

This document was retrieved from http://www.rsaconference.com/blogs on Thu, 20 Nov 2014 21:14:11 -0500.
© 2014 EMC Corporation. All rights reserved.