Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Entrust launched a new cloud-based service that consolidates the management of digital identities, SSL certificates and credentials via a single solution platform.
Bradford Networks, a provider of threat response solutions, unveiled a new offering designed to help organizations rapidly contain advanced cyber threats.
A plan unveiled last month would see the US relinquish its key oversight role for the Internet, handing that over to "the global multi-stakeholder community."
Seattle, Washington-based network security firm WatchGuard Technologies has added a new level of defense to its Unified Threat Management (UTM) and Next-Gen Firewall (NGFW) appliances to help block Advance Persistent Threats.
McAfee’s report explains how Advanced Evasion Techniques (AETs), are used to evade detection for long periods of time.
Yahoo’s recently-appointed VP of Information Security and CISO said on Wednesday that as of this week, Internet traffic moving between Yahoo’s data centers is now fully encrypted.
A recent senate hearing examined the progress in implementing the White House cybersecurity executive order as well as understanding the challenges facing public-private information sharing programs.
The FTC alleged that Fandango and Credit Karma both disabled the SSL certificate validation process in mobile apps, making them vulnerable to Man-in-the-Middle attacks.
Chinese telecommunications equipment giant Huawei pledged to protect cyber security, following reports this month that a US government agency had been secretly tapping the company's networks.
FireEye has released a new report that analyzes 11 zero-day vulnerabilities discovered in 2013 by the security firm and provides context around the threats these vulnerabilities create for enterprises, along with mitigation guidance.

FEATURES, INSIGHTS // Network Security

rss icon

Nimmy Reichenberg's picture
Security practitioners have long had a love-hate relationship with automation, and for good reason.
Torsten George's picture
A threat is the agent that takes advantage of a vulnerability. This relationship must be a key factor in the risk assessment process and can no longer be treated as risk’s neglected step child.
Wade Williamson's picture
As enterprises become increasingly focused on security, it’s important to take an honest look not just at what security measures are in place, but how they are really used.
Marcus Ranum's picture
When you start your metrics program, you'll find that a great deal of information can be gleaned from existing data that gets stored in various places – most likely in your system logs.
Chris Hinkley's picture
The most advanced technology in the world is only as good as the people and systems behind it. Otherwise your sophisticated security device is nothing more than a paperweight.
Danelle Au's picture
Trying to defend against modern, advanced attacks with one-off point solutions is like playing a whack-a-mole game, always one step behind the attacker and trying to play catch up with the alerts as they’re received.
Nimmy Reichenberg's picture
By properly segregating the network, you are essentially minimizing the level of access to sensitive information for those applications, servers, and people who don’t need it, while enabling access for those that do.
Torsten George's picture
The NIST Cybersecurity Framework is a good first step towards creating a standardized approach to cyber security, but requires many substantial updates before really improving our nation’s cyber resilience.
Marc Solomon's picture
The energy sector requires an approach to cybersecurity that doesn’t rely exclusively on air gaps or point-in-time detection tools but addresses the full attack continuum – before, during, and after an attack.
Marcus Ranum's picture
Security Metrics are critical for our ability to do better at our jobs, to quantify where we are succeeding and to measure what works, and how well it's working.