Security Experts:

Security Infrastructure
long dotted

NEWS & INDUSTRY UPDATES

Yahoo announced a new way to let users to login to their account without the need for a password. With the new features, when signing in, an on-demand password is texted directly to a user’s mobile phone.
A cloud security report published by Bitglass shows the barriers to cloud adoption, and the solutions for overcoming security challenges.
The Senate Intelligence Committee passed the controversial Cybersecurity Information Sharing Act, or CISA, by a vote of 14 to 1 on Thursday afternoon.
HP Cyber Risk Report 2015 contains more than 70 pages jam packed with data and analysis detailing the threat landscape and how hackers exploit it.
Elastica, a San Jose, Calif.-based provider of cloud application security solutions, today announced that it has closed its series B funding round with an investment of $30 million.
Dell launches new Data Protection | Endpoint Security Suite (DDP | ESS). Pricing starts at $109 per client.
Many financial services organizations do not have a concerted cloud strategy with appropriate controls and security, according to a new report from the Cloud Security Alliance.
Radware, a provider of application delivery DDoS attack protection solutions, this week unveiled its latest attack mitigation platform designed to help carriers and cloud providers protect against high volume DDoS attacks.
Mozilla will introduce OneCRL to streamline the certificate revocation process. The feature will be available starting with Firefox 37.
Researchers uncovered vulnerability that enables attackers to decrypt HTTPS-protected traffic.

FEATURES, INSIGHTS // Security Infrastructure

rss icon

Wade Williamson's picture
By establishing an enterprise-wide context focused on key assets and user behaviors, organizations can build a unified security framework that encompasses all locations and all of their assets.
Rafal Los's picture
As long as the “hikers and bear” analogy is told in boardrooms we will have difficulty communicating the value of a proportionate security model where we design security measures for different types of adversaries with different types of objectives.
David Holmes's picture
Normally you wouldn’t think something as mundane as farming equipment could incite a lot of cyber malice, right? But that’s exactly what happened.
Eddie Garcia's picture
Eddie Garcia explains how to grant user permissions to a subset of data in Hadoop and limit the type of operations the user is allowed to perform.
Joshua Goldfarb's picture
Although home is where the heart is, it’s important to remember not to devote the overwhelming percentage of security resources to your home geographic area if that’s not where the overwhelming amount of your business and its assets are located.
Travis Greene's picture
Like those college recruiting compliance departments that are constantly training, monitoring, and enforcing policies, the IT compliance activity of access certifications needs to become more intelligent and real-time.
Avi Chesla's picture
When security technologies are bypassed, they cannot be “programmed” to detect and prevent the new attack behavior, the same attack that has breached their protection-space borders.  
David Holmes's picture
If Let’s Encrypt succeeds, will self-signed certificates go extinct? I’m guessing no, and that’s not necessarily a bad thing.
Pat Calhoun's picture
To evade network security defenses, Advanced evasion techniques (AETs) disguise malicious payloads by splitting them into smaller pieces and then delivering the pieces simultaneously, or at varying times, across multiple or rarely used network protocols.
Marcus Ranum's picture
With security data, you will almost never benefit from using a pie chart instead of a time/value chart, unless you only have a single instance of data.