Security Experts:

Security Infrastructure
long dotted

NEWS & INDUSTRY UPDATES

LogRhythm has raised a $40 million round of new equity financing, the company announced.
The Splunk App for Enterprise Security 3.1 has introduced a new risk scoring framework to enable easier, faster threat detection and containment by empowering users to assign risk scores to any data.
Four recently-patched OpenSSL vulnerabilities have been found to affect several industrial products from Siemens.
Nearly half of the IT professionals surveyed at the Gartner Security & Risk Management Summit believe that the Java applications used by their organizations are vulnerable.
A buffer overflow flaw affecting the Web server embedded into Cisco devices can be leveraged by a remote, unauthenticated attacker to inject arbitrary commands and execute arbitrary code with elevated privileges.
According to Arbor Networks, the first six months of 2014 saw the most volumetric DDoS attacks ever, with more than 100 events of more than 100 GB/sec reported.
Security website Abuse.ch announced the creation of a blacklist containing SSL certificates that are known to be associated with malware and botnet activities such as command and control (C&C) traffic.
A vulnerability in Microsoft's Active Directory service can be exploited by an attacker to change a targeted user's password.
Application networking solutions provider A10 Networks has added distributed denial-of-service (DDoS) protection to its Thunder CGN (Carrier Grade Networking) products, and has introduced a new product family that leverages the company's Security and Policy Engine (SPE).
To protect sensitive data from prying eyes, some organizations are turning to Bring-Your-Own-Encryption (BYOE), but experts warn that there are some aspects that need to be take into consideration before making the move.

FEATURES, INSIGHTS // Security Infrastructure

rss icon

Adam Ely's picture
Security teams and lines of business have reached a turning point on BYOD. It’s now become more important than ever for the CISO to figure out how to manage risk without inhibiting users.
Torsten George's picture
While the initial investment in a proof of concept can be costly, the end results might not only justify the additional expenses, but in the long-term save you money (and your job).
Joshua Goldfarb's picture
Not all security technologies are alert driven, but for those that are, there is huge potential value in turning off the default rule set
Marc Solomon's picture
With the right approach to security you can protect your organization’s sensitive information from both insiders and outsiders.
Jason Polancich's picture
Studying a problem from every angle and every level always leads to more practical solutions and quicker (re)action.
Aviv Raff's picture
While the phrase “cyber kill chain” is embedded in the cyber security vocabulary, many enterprises are still not proactive about keeping their assets, data, and reputations safe from bad actors.
Danelle Au's picture
As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...
Joshua Goldfarb's picture
Conceptually, integrating actionable intelligence is a logical endeavor, though it does contain details requiring specialized skills and technical knowledge. If you can better collect, vet, retain, and leverage intelligence, it will serve you well in the long run!
Scott Simkin's picture
While SSL decryption is necessary for maintaining network security, security admins need to establish strict rules about how they handle decrypted data.
Jon-Louis Heimerl's picture
Do people really understand what the U.S. Intelligence Community (IC) does and what classified information is? As someone who worked in the IC for about 10 years, here is an inside look.