Multiple Perspectives on Security

Security Journal

Subscribe to Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from Security Journal
The concept of Application programming interfaces (APIs) has been around for a while. According to CSC Distinguished Engineer & Chief Product Architect (and bass player) Martin Bartlett. An API is a set of routine definitions, protocols, and tools for building software and applicatio...
For the month of June, DevCentral is highlighting our Programmability Month and Codeshare Challenge. A fantastic opportunity to catch up on the power of programmability and learn how the BIG-IP platform can transform your infrastructure with a few lines of code. Since my coding abilit...
Digital Initiatives create new ways of conducting business, which drive the need for increasingly advanced security and regulatory compliance challenges with exponentially more damaging consequences. In the BMC and Forbes Insights Survey in 2016, 97% of executives said they expect a ri...
Many of you are very familiar with iRules, our Tool Command Language (Tcl) based scripter. It’s a powerful application delivery tool to have a programmable proxy that allows you to manipulate – in real time – any network traffic passing through the BIG-IP. Many BIG-IP fans have used it...
We now work in a world in which data flows to and from the cloud across platforms, geographies and applications. In his session at 18th Cloud Expo, Jeff Greenwald, Senior Director of Market Development at HGST, will discuss the millennial approach to managing how data is stored, prote...
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc....
As organizations shift towards IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. Commvault can ensure protection, access and E-Discovery of your data – whether in a private cloud, a Service Pro...
Many banks and financial institutions are experimenting with containers in development environments, but when will they move into production? Containers are seen as the key to achieving the ultimate in information technology flexibility and agility. Containers work on both public and p...
Choosing the right cloud for your workloads is a balancing act that can cost your organization time, money and aggravation - unless you get it right the first time. Economics, speed, performance, accessibility, administrative needs and security all play a vital role in dictating your ...
As the march to connect each and every noun on this planet continues with a blistering pace, the various ways, contraptions and sensors used to collect data is greatly expanding. What once was a (relatively) small collection of fitness trackers, smartwatches, thermostats, automobiles a...
Internet of Things (IoT), hybrid cloud services, mobile-first, and DevOps are increasing the demands and complexity of the overall development process. Key factors to improving both development speed and security despite these new challenges include new levels of collaboration and com...
As we have seen the growth in security challenges across the organization, we have also seen the growth in security spending and number of products that an enterprise buys. But have we, as an industry, been able to show that we are better off or worse? There is no clear yardstick to me...
The purpose of this document describes how to generate a report for all the certificates using in the Java environment by using a simple shell script. The script checks all certificates that are stored in Keystores. The script generates a report in the form of CSV file and the report c...
If we are involved in a cyber-war, where are the frontlines? What are the defenses that will work? Much of the efforts done so far in cybersecurity are nothing more than building an ineffective Maginot Line for cyber-defenses. Should we be spending more time (and money) in figuring ou...
Imagine if the temporary tattoos that come in a box of Cracker Jack (if you’re lucky) had an electronic display logo that lights up when you put it on. Or a fitness tracker that you tape to yourself rather than wearing it around your wrist. Or a watch so thin that it lights the time wh...
Software as a Service (SaaS) is a model that has become a popular choice for deploying enterprise applications, delivering efficiencies and value to organizations in many ways. The benefits SaaS solutions deliver include not only avoiding the major resource drain and licensing costs as...
The Domain Name Service (DNS) is one of the most important components in networking infrastructure, enabling users and services to access applications by translating URLs (names) into IP addresses (numbers). Because every icon and URL and all embedded content on a website requires a DN...
We all awoke last week to the latest regulatory and reputational risk since names like Madoff and Snowden burst into the headline. Weekly, there are smaller local skirmishes between the behavior of companies, public officials and the prying eyes of an ever more symbiotic relationship b...
Avnet Memec - Silica, StarChip, and Trusted Objects have announced their partnership for the deployment of an optimized security platform, encompassing a family of certified secure elements with tailored security protocols from sensor to enterprise server and unique personalization ser...
Whether intentional or accidental, data leaks are a huge concern for organizations. And it has been for years. Going back to a 2004 survey from an IT security forum hosted by Qualys, found that 67% of security executives do not have controls in place to prevent data leakage, A December...
VASCO Data Security International has announced that eSignLive ™, the e-signature choice for government organizations, has worked with Cloud Services Provider (CSP) Project Hosts to deliver its electronic signature solution in a FedRAMP SaaS-level compliant cloud. U.S. government agenc...
If you read our blog regularly then you know we’re pretty bullish about our OnPrem Agent product and its behind-the-firewall user-experience monitoring capabilities. What does it mean to monitor behind the firewall? Essentially you’re bringing Catchpoint’s Synthetic Monitoring capab...
This is an excerpt of some concepts from his upcoming book, NANOKRIEG: BEYOND BLITZKRIEG, a book covering the changes in Military Infrastructure, Strategies and Tactics needed to win the War on Terrorism. It includes chapters on cyberterrorism and cyberwarfare. With the latest terrori...
Trend Micro International has announced the close of an agreement to acquire TippingPoint from Hewlett Packard Enterprise (HPE). Trend Micro TippingPoint solutions are immediately available to bring customers comprehensive threat intelligence and protection for current and zero-day vul...
There are always threats out there on the big bad internet. The majority of breaches happen at the application layer and many OWASP Top 10s like SQL injection are still malicious favorites to gain entry. Add to that the availability of DDoS tools, anonymous proxies and the rise of hack...
This week we came across an interesting phishing campaign. Users receive a file named “paymentxxx.pdf.” The file is a recently created PDF v1.5 made with Microsoft Word 2007, which can be opened by any PDF reader—Adobe or any other. The PDF is a single-page document and contains a hype...
Thanks to the professional, virtuous work of security researchers Chris Valasek and Charlie Miller and some fantastic reporting on this research by Andy Greenberg of Wired Magazine, we have long known that theoretical hacks against cars are no longer theoretical. They are real. Many co...
Impetus Technologies has announced that StreamAnalytix™ has been selected by Hortonworks® as a complementary solution to provide real-time streaming capabilities for the new version of Hortonworks DataFlow (HDF™). HDF powered by Apache NiFi is an integrated platform to collect, conduc...
Radware has announced that TeraGo Networks has chosen Radware’s DDoS Attack Mitigation solution to power their new suite of security services. Headquartered in Ontario, Canada, TeraGo Networks owns and manages a national IP network, providing service to 46 major markets across Canada....
SYS-CON Events announced today that LeaseWeb USA Inc., one of the world's largest hosting brands, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. LeaseWeb USA has announced that its platform ...
In December 1998 when transitioning into a job doing intelligence support to DoD computer network defense, one of my mentors reminded me of a Reagan-era publication that helped the public better understand the Soviet threat called "Soviet Military Power." This document was based on th...
Recently I changed some of my passwords. Some due to typical rotation time and a couple due to potential breaches and encouragement from the affected site. No, I’m not going to tell you which ones or how I go about it but I noticed that it took about 3 days for my fingers to key the co...
In the 1946 classic ‘Hair Raising Hare,’ Bugs Bunny asks, ‘Have you ever have the feeling you were being watched? Like the eyes of strange things are upon you?’ Like Bugs often did, he breaks the fourth wall and involves the audience directly, invoking a feeling that someone is looking...
This post provides an update on the ongoing battle between Apple and the U.S. government regarding Syed Rizwan Farook's iPhone, recovered by police after the horrific massacre in San Bernadino on December 2, 2015. It is just days before the March 22, 2016 hearing in this long-running...
In part one of this series, "Rugged DevOps: Survival is Not Mandatory", I shared news that 1 in 16 open source and third-party components downloaded last year included a known vulnerability. That may not seem like too many until you realize the average company downloads well over 200,...
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic has a...
DevOps simply represents the better fusion of the usually quite distinct departments of software engineering and IT operations. The goal is faster and safer rates of software innovation. A simple objective but a troublesome one in reality – As many experts explain the core issue is th...
How well do you know your code? It sounds like a strange question, but please indulge me. Maybe you're a manager or business analyst. If this is the case, you ‘know' the code through a translation layer in which the developers in your organization explain what it does. Sometimes ...
I am sure you are aware, the business computing environment is evolving. From all of us and the multitude of devices we now carry and interact with, along with the various ways we access information…to all of the applications and the interdependency among those applications that we req...
There once was a time when organizations wouldn’t consider deploying critical applications in the cloud. It was too much of a business risk from both an access and an attack perspective—and for good reason, since 28 percent of enterprises have experienced more security breaches in the ...