Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

According to Mandiant’s M-Trends report, organizations are discovering breaches in their networks faster, but still not nearly soon as they must in order to contain damage and prevent loss of sensitive data.
The Heartbleed vulnerability is "catastrophic” for SSL and Internet security, Bruce Schneier, told SecurityWeek. “On the scale of 1 to 10, this is an 11,” he said. Here is what organizations need to know and what actions they should take.
After being named as a defendant in a lawsuit related to the massive data breach that hit Target late last year, Trustwave’s top executive says the claims against the firm are without merit
There is a perception that how quickly an organization detects a security incident and executes a response plan can enhance its reputation. This potential return on investment is encouraging more organizations to focus their energies on a formal incident response team and plan, according to a survey by Arbor Networks.
The recently-disclosed data breach at Neiman Marcus has turned out to not be as bad as the company originally thought.
The University of Maryland is the latest victim of a significant data breach, stemming from what school officials described as a “sophisticated computer security attack” that exposed records containing personal information.
Tacoma, Washington-based IID, launched a new information sharing platform this week, where government agencies and enterprises can share data about the latest threats and ongoing attacks.
Bit9 announced that it has raised $38.25 million in new funding, and has acquired Carbon Black, a provider of incident response solutions.
According to a recent survey of security and compliance professionals from U.S. government agencies and contractors, a dysfunctional Congress could be “the biggest security threat we face.”
Target will spend $100 million to equip its "REDcards" and store card readers in the U.S. with chip-enabled smart-card technology by the first quarter of 2015, more than six months ahead of previous plans.

FEATURES, INSIGHTS // Incident Management

rss icon

Dr. Mike Lloyd's picture
The fact that insurance companies – well respected by every business-centric executive – look at cyber risk and say “no, thanks” is a pretty clear indicator that something is rotten...
Marcus Ranum's picture
When you start your metrics program, you'll find that a great deal of information can be gleaned from existing data that gets stored in various places – most likely in your system logs.
Chris Hinkley's picture
The most advanced technology in the world is only as good as the people and systems behind it. Otherwise your sophisticated security device is nothing more than a paperweight.
Wade Williamson's picture
If criminals can’t use or sell stolen data without being caught, then the data quickly becomes worthless. As a result it’s critical to understand what happens to data after a breach.
Aviv Raff's picture
Without the elements of prevention, detection, and protection all working together, threat actors will always have the advantage, and will find a way to carry out their illicit economic, political or social agendas.
Dr. Mike Lloyd's picture
Every security team that can fog a mirror is asking the question “what just happened at Target, and how do we make sure that doesn’t happen to us?”
Jeff Hudson's picture
Making decisions based on anomalies is predicated by one very important assumption—you must understand what “normal” looks like.
Torsten George's picture
What steps can be taken to implement and leverage incident response management as a valuable weapon for limiting material or reputational damages associated with data breaches?
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
Gil Zimmermann's picture
Understanding why passwords are so valuable to hackers can both explain and prepare enterprises to deal with potential security vulnerabilities. There are potentially hundreds of uses for stolen passwords once they are obtained.