Security Experts:

Security Infrastructure
long dotted

NEWS & INDUSTRY UPDATES

Iranian security services have arrested several "spies" in Bushehr province, where the country's sole nuclear plant is based, Intelligence Minister Mahmoud Alavi announced Sept.21.
Zscaler announced the availability of a new version of the its cloud-based Internet security platform, which now provides protection against advanced persistent threats (APT).
BAE Systems plans to acquire SilverSky for $232.5 million.
Cisco has been analyzing its products to determine which of them are affected by the recently disclosed Secure Sockets Layer (SSL) version 3 protocol flaw dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE).
PHP released versions 5.6.2, 5.5.18 and 5.4.34 of the scripting language. In addition to some functionality bugs, the latest releases address a series of security-related flaws.
Researchers have found that the components of the FDT/DTM specification, designed to ease the management of industrial control systems (ICS) contains serious vulnerabilities.
Trustwave researcher Ben Hayak presented an attack method, which he calls Same Origin Method Execution (SOME), at the Back Hat Europe security conference in Amsterdam, the Netherlands.
A vulnerability in SSL 3.0 lets attackers extract session cookies and other secrets from encrypted online communications, but experts believe the seriousness is tempered by the overall difficulty in exploiting the vulnerability.
Hundreds of professionals from around the world will come together on October 20-23 for the 14th edition of the ICS Cyber Security Conference, the longest-running cyber security conference dedicated to the industrial control system sector.
A security researcher has uncovered a new attack vector called "Reflected File Download" where a malicious file can be downloaded without actually being uploaded anywhere.

FEATURES, INSIGHTS // Security Infrastructure

rss icon

Marc Solomon's picture
Thanks to significant technological advances what we can do is use knowledge of the past and the present to drive a desired future outcome. That capability is extremely important for better security given today’s threat landscape and the vicious cycle defenders face.
Joshua Goldfarb's picture
Although it may be tempting to envision a world where the analyst has been fully automated, this does not seem particularly reasonable.
Pat Calhoun's picture
Being connected is critical and all the elements of an organization’s security platform should work in concert together to provide adaptive security for the entire environment.
Rebecca Lawson's picture
There is a common misconception that in order to move to virtual security solutions, companies can, or should, replace physical security technologies they rely on to keep their networks safe today.
Travis Greene's picture
If you can’t interpret user activity with the context of identity and what is normal behavior, your organization may be living with a false sense of security, providing a significant window of opportunity for attackers.
Danelle Au's picture
The recent iCloud attack brings up very important considerations on data security, not only for consumers, but for any enterprise that uses the cloud.
Jason Polancich's picture
Collecting just a small amount of info regularly and diligently for your supply chain can not only help you secure your back doors, but the front entrances too.
Scott Simkin's picture
Enterprises must tailor their security policy and protections to the actual threats they experience and to the threat landscape at large.
James McFarlin's picture
Creative disruption, where a paradigm shift in thinking replaces an existing order, may be an elusive concept but its power as a driving force of human behavior cannot be denied.
Marc Solomon's picture
With the right information, security professionals can quickly pivot from detection to a full understanding of the scope of the outbreak and take action to head off wider compromises