Multiple Perspectives on Security

Security Journal

Subscribe to Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Is Your Company Ready for the General Data Protection Regulation? Remember the Y2K bug, the computer coding flaw that was predicted to cause global havoc when the two-digit dates embedded in software rolled over from 1999 to 2000? After organizations around the world spent a year checking and upgrading their systems to deal with the issue, few major problems ended up occurring. The world is now on the brink of what could be called the Y2K bug of data privacy - the European Union's General Data Protection Regulation (GDPR), tough rules that require companies to be more transparent about the information they collect on individuals and how it is used. GDPR's impact reaches beyond Europe because it covers any company with data about European Union citizens on its servers. Are you a U.S. bank with a subsidiary in Europe or a retailer with online customers on the continent... (more)

When “IoC” Meets “SoC” | @DevOpsSummit @Cavirin #DevOps #DevSecOps

DevSecOps - When "Infrastructure as Code" Meets "Security as Code" Not very long ago, in my IT consulting career, I used to be responsible for the launch of mission-critical applications that help enterprises leap into the cutting edge of the digital business revolution. There were a lot of hard skills required for leading such a mission that involved getting the system architecture and software design right early, mentoring and managing the engineering resources, and tracking the progress to the satisfaction of the business analysts who put together the requirements and the stakeholders who funded the projects. Those skills, while hard, were largely deterministic and manageable vs another set of skills required to ensure that the built applications come alive in production environments, and run reliably and securely thereafter. This other set of skills often pit the... (more)

Security Top-of-Mind | @DevOpsSummit #DevOps #Security #Compliance

Because security is an increasing concern for developers, a new movement is emerging, known as DevSecOps, which encourages developers to bring security and standards to the forefront while building applications. That means there's good reason to stay on top of security information and event management trends and best practices, as well as the solutions that support it. With that in mind, let's take a look at how it works, benefits for developers, and why it matters. Definition of SIEM Security information and event management or SIEM is a security management approach that gives you a comprehensive look into how your information technology is performing. Simply put, it involves the real-time analysis of all security alerts that are generated by applications and network hardware. Security information and event management brings together all the relevant security infor... (more)

[session] Security in a Cloud-First World Is Cloudy | @CloudExpo #API #Cloud #Security

Security in a Cloud-First World Is Cloudy Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it's unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, Co-Founder and CTO of Obsidian Security, will explore how both groups must do more to make cloud more secure, from leveraging AI to improving APIs, to incorporating cloud into current security programs. Speaker Bio Ben Johnson, Co-Founder and CTO of Obsidian Security, is a prominent voice in cybersecurity, having co-founded and been CTO ... (more)

Network Security Today | @CloudExpo #Cloud #AI #SDN #Security #Analytics

In its 2017 State of Malware Report, Malwarebytes Labs recorded a 267 percent increase in ransomware between January 2016 and November 2016, with over 400 different variants in total. The report noted that while malware authors mostly relied on ransomware to make the bulk of their revenues, there was an increase in ad fraud as well. Botnets and mobile malware also continue to expand and evolve. The report predicts that until IoT devices become secure out of the box, botnets will get even bigger and pose an even greater threat to the internet - and any company connected to it. Financial services organizations are facing a relentless and determined cyber assault. Many recent factors have converged to create greater complexity and threat opportunity in the network, undermining the effectiveness of security prevention solutions. Bring Your Own Device (BYOD) can act as a... (more)

Calligo Named “Bronze Sponsor” of @CloudExpo | @CalligoCloud #Security #DevOps #AI #DX

SYS-CON Events announced today that Calligo has been named "Bronze Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo is an innovative cloud service provider offering mid-sized companies the highest levels of data privacy. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalized support service from its globally located cloud platforms. Through its four pillars of focus, Calligo delivers a platform that businesses can trust to deliver the high level of service and protection they expect and is lacking in many cloud offerings. For more information, please visit https://calligo.cloud/. 21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Cl... (more)

[session] #SecDevOps for Cloud Building | @CloudExpo #CloudNative #DevOps

A SecDevOps Approach to Cloud Building As more and more companies are making the shift from on-premises to public cloud, the standard approach to DevOps is evolving. From encryption, compliance and regulations like GDPR, security in the cloud has become a hot topic. Many DevOps-focused companies have hired dedicated staff to fulfill these requirements, often creating further siloes, complexity and cost. This session aims to highlight existing DevOps cultural approaches, tooling and how security can be wrapped in every facet of the build and release cycle and how to get sales and customer facing resources wrapped in. In his session at 21st Cloud Expo, Scott Moore, Global Black Belt TSP at Microsoft, will share real-life experiences working with customers and explain how focusing on ‘security first' transformed their business from product ideation to creation. Spea... (more)

[video] #IoT Security with @SecureChannels | @ThingsExpo #BigData #AI #M2M

"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Download Show Prospectus ▸ Here The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researcher... (more)

[slides] #IoT and Security | @ThingsExpo #IIoT #AI #ML #DX #DigitalTransformation

Download Slide Deck: ▸ Here Download Slide Deck: ▸ Here IoT and the Implications for Security Inside and Outside the Enterprise In the enterprise today, connected IoT devices are everywhere - both inside and outside corporate environments. The need to identify, manage, control and secure a quickly growing web of connections and outside devices is making the already challenging task of security even more important, and onerous. Download Slide Deck: ▸ Here In his session at @ThingsExpo, Rich Boyer, CISO and Chief Architect for Security at NTT i3, discussed new ways of thinking and the approaches needed to address the emerging challenges of security in the enterprise. With a focus on the challenges and specific technical solutions possible using distributed trust, mutability, autonomy, and disposability, he showed how a single cohesive security management infrastruct... (more)

[video] @TwistlockTeam's #DevOps Security | @CloudExpo #AI #DX #Serverless #CloudNative

"Suddenly a lot of companies started focusing on producing services in the cloud. I like to call it Cloud Native - everything is built for the cloud. The main concept there is to enable developers to work fast," explained Ben Bernstein, CEO & Co-Founder of Twistlock, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY. With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo, October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation. Track 1. Enterprise Cloud | Cloud-Native Track 2. Big Data | Analytics Track 3. Int... (more)

Calligo Named “Bronze Sponsor” of @CloudExpo | @CalligoCloud #Security #DevOps #AI #DX

SYS-CON Events announced today that Calligo has been named "Bronze Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo is an innovative cloud service provider offering mid-sized companies the highest levels of data privacy. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalized support service from its globally located cloud platforms. Through its four pillars of focus, Calligo delivers a platform that businesses can trust to deliver the high level of service and protection they expect and is lacking in many cloud offerings. For more information, please visit https://calligo.cloud/. 21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa C... (more)