Security Experts:

Security Infrastructure
long dotted

NEWS & INDUSTRY UPDATES

Iranian security services have arrested several "spies" in Bushehr province, where the country's sole nuclear plant is based, Intelligence Minister Mahmoud Alavi announced Sept.21.
Zscaler announced the availability of a new version of the its cloud-based Internet security platform, which now provides protection against advanced persistent threats (APT).
BAE Systems plans to acquire SilverSky for $232.5 million
Cisco has been analyzing its products to determine which of them are affected by the recently disclosed Secure Sockets Layer (SSL) version 3 protocol flaw dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE).
PHP released versions 5.6.2, 5.5.18 and 5.4.34 of the scripting language. In addition to some functionality bugs, the latest releases address a series of security-related flaws.
Researchers have found that the components of the FDT/DTM specification, designed to ease the management of industrial control systems (ICS) contains serious vulnerabilities.
Trustwave researcher Ben Hayak presented an attack method, which he calls Same Origin Method Execution (SOME), at the Back Hat Europe security conference in Amsterdam, the Netherlands.
A vulnerability in SSL 3.0 lets attackers extract session cookies and other secrets from encrypted online communications, but experts believe the seriousness is tempered by the overall difficulty in exploiting the vulnerability.
Hundreds of professionals from around the world will come together on October 20-23 for the 14th edition of the ICS Cyber Security Conference, the longest-running cyber security conference dedicated to the industrial control system sector.
A security researcher has uncovered a new attack vector called "Reflected File Download" where a malicious file can be downloaded without actually being uploaded anywhere.

FEATURES, INSIGHTS // Security Infrastructure

rss icon

Jason Polancich's picture
Your employees, partners, customers and suppliers are your “survival group” battle-buddies now and it’s important to know how the zombies behave and where they hide.
Travis Greene's picture
IAM is sometimes forgotten in the discussion of controls. However, it’s best to have these conversations when planning and evaluating controls, rather than after a breach.
Scott Simkin's picture
The network edge is the ideal location for quickly preventing the vast majority of attacks, but looking forward, you should consider how pervasive deployments can stop the new breed of advanced attack.
Marc Solomon's picture
Advancing our security controls isn’t going to happen overnight. But we are well on our way with technology and capabilities that are already headed in this direction, implementing dynamic controls to see more, learn more, and adapt quickly.
Rebecca Lawson's picture
There is a widening gap between detection of a threat and enforcement that causes the threat to stop at the firewall, rather than play out its malicious intent.
Mark Hatton's picture
Software and hardware alone are not enough to manage a massive enterprise security program. You need security professionals and experienced leaders who can keep the team (and the tools) operating effectively.
Eddie Garcia's picture
Many features are available for Apache Hadoop that can help enterprises pass internal and external security requirements and audits.
Travis Greene's picture
Though there are unique risks associated with identity and access from mobile devices, there are also opportunities that mobile devices bring to address identity concerns.
Wade Williamson's picture
As we build more accessible, scalable, and efficient computing models, we likewise open ourselves up to attacks that are likewise more accessible, scalable and efficient.
Marc Solomon's picture
Thanks to significant technological advances what we can do is use knowledge of the past and the present to drive a desired future outcome. That capability is extremely important for better security given today’s threat landscape and the vicious cycle defenders face.