Multiple Perspectives on Security

Security Journal

Subscribe to Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from Security Journal
Recently, Forrester analyst Rick Holland brought up the point of quality vs. quantity when it comes to threat indicators. We agree, the focus should never be on the quantity of data, it should be on the quality of data. So the question becomes, where and how can you gather or make sens...
While news about the malicious hacking trade and the actions of elusive cyber-criminals continue to grab headlines, the third of our annual Insider Threat reports confirm that the risk posed by those legitimately ‘inside the fence’ continues to top business data security concerns. Of c...
I offer a preview of VMware PEX2015 in San Francisco along with some of the videos that are planned for next week. Call this a PEX Promo!
As we continue to work with global companies focused on everything mobile, one thing is clear – the mobile space is changing rapidly and with that comes opportunity for security attacks and identity theft. We are committed to delivering the best-of-breed mobile identity and mobile loca...
Recent data breaches involved an unclassified computer network used by President Obama’s senior staff, prompting countermeasures by the administration and resulting in temporary system outages. Officials said the attack did not appear to be aimed at destruction of either data or hardwa...
The steadily increasing frequency of data breach occurrences in 2014 has been both astounding and worrisome. From Target and Neiman Marcus to Michaels, Chick-fil-A and Home Depot, fraudsters are leaving no stone unturned, and the millions of customers unlucky enough to use infected poi...
Last summer I wrote about the some of the cool technology that the NFL was going to use during the 2014/15 season. There were sensors in the player’s shoulder pads tracking all their on field movements. It measured player acceleration rates, top speed, length of runs, and even the dist...
Everyone has done it, used some kind of wild way to remember user names and passwords. Let’s face it, the rules for managing passwords is overwhelming. People are required to remember numerous sets of credentials for all of the systems and applications they need to access their job and...
Cyber threats are becoming more advanced, persistent, and focused. The threat landscape is rapidly changing, and evolving faster than ever. Today it is difficult to determine who is winning: either those behind the cyber threats, or those fighting to prevent and remediate the threats. ...
When properly implemented and managed, secure enterprise file sync-and-share (EFSS) applications can improve project management and empower your workforce. Unfortunately, making the business case for secure EFSS isn’t always easy – especially when users and management aren’t aware of t...
With every New Year it is time to look back at the industry events of the past 12 months, and use our expertise to predict what lies ahead, in order to be more prepared. With regards to DDoS attacks, here is a short list of what to expect in 2015. We expect to see an increase in DDoS...
Cloud security is a top concern for chief security officers. In almost any enterprise, cloud migration is a given fact and recent attacks have proven, yet again, that data security is a critical component in any cloud migration strategy. Below are four tips, specific to Infrastructur...
2014 was a year of cloud security and compliance accomplishments and 2015 will certainly bring new challenges and new successes. In 2014, we worked closely with many customers who needed to adhere to HIPAA and PCI DSS compliance requirements. We made sure all bases were covered, data ...
While a year ago the big breach of the day involved likes of Target, now the breach landscape – which was once about financial gain – has exploded. It’s exploded to a world of state-sponsored attacks, of hackers getting more intelligent and of political organizations cyber-attacking al...
From Baby Boomers to Gen X, Y, & Z, there are certain characteristics that define, at least according to demographers and historians, each generation. Generation X, specifically, might also remember a Rush song called The Analog Kid. While not as frequently played as Tom Sawyer or Subd...
Reliable access to mission-critical applications is a key success factor for enterprises. For many organizations, moving applications from physical data centers to the cloud can increase resource capacity and ensure availability while reducing system management and IT infrastructure co...
Web app attacks are on the rise. According to Verizon's Data Breach Investigations Report, web app attacks doubled in frequency from 2012 to 2013, jumping from under 20% to 40% of recorded incidents. That should be a concern, because it's an application world and that means we're also...
DPS, or damage per second, is a somewhat self-describing term for the amount of damage that can be dealt (by a single person or a group) in one second. It's typically used by players of online games such as World of Warcraft or Diablo. Not that us old skool table top gamers don't calcu...
How much risk do you have of someone stealing disks from your datacenter? Take the average life span of a hard drive. The enterprise class hard drive is designed to last a minimum of 5 years. During that 5 years a SAN or NAS filled with hard disks is expected to have at least 99.999 pe...
Now that we’re past the New Year, it’s time to learn from what happened in 2013 and 2014, especially when it comes to IT Security. One of those things we in IT Security should learn, is that there has been a strong insider related component in the vast majority of the large breaches th...
The shift to the cloud is in full swing. More and more organizations are adopting Software-as-a-Service(SaaS), forcing IT organizations to develop new strategies to secure the onslaught of data created and stored in cloud applications. Failure to develop strategies to close security g...
In 2014, we saw AWS customers (especially in the small and mid-size segments) start to lay claim that they couldn’t make their own networks as secure as using Amazon’s EC2/S3 infrastructure services. This trend will accelerate in 2015. Small and medium businesses usage of cloud applic...
Once again after a couple weeks off and the calendar odometer flipping another year, I’m sitting here with a blinking curser wondering what to write about. And the thing that pops into my head are Things. The Everythings. While 2014 was the hype year for the Internet of Things (IoT), a...
The Internet of Things or IoT is the next big trend promising to connect literally every device on the planet to the internet. IoT will fuel a data explosion that will provide the data needed to improve services, offerings and life in general by analysis and use of the information gene...
Tis’ the season – the season where I look back at predictions I made last year, the season where I evaluate and take a deep dive into the breach landscape and the season where I look into where 2015 is headed. In a March 2014 blog post, I discussed how the sheer amount of data breaches...
Long story short, remote wipes aren’t a perfect solution. The original intent had some validity, but it also raises too many concerns. Wiping is really only an effective solution in an ideal world. Unfortunately, thieves don’t play by the rules and find ways around our solutions. For t...
I try to keep on top of the news, particularly as it relates to the nature and severity of cyber attacks taking place. Sadly, there’s been no shortage of reading material lately. Last month, there were reports on breaches at Kmart and Dairy Queen (my family loves Blizzards). Updates t...
Increased Security: Perhaps the most controversial benefit of SDS is that it offers increased security. Hardware enthusiasts will argue that there is nothing stronger than the sticks and bricks of the physical data center and the metal of the hardware devices. But this is not necessari...
When asked how companies can protect themselves, Schmidt says “They need to properly scope encryption [and] use encryption where it is available.” According to another expert, BBC.com writer Paul Rubens, “Even if cloud service providers are infiltrated or compelled to disclose data,...
There are boggling challenges on the planet, each of them affecting all of us, one way or another. Food. Clean water. Vaccinations. Health care in general. Then those second-level concerns which are also catalysts for the big problems: transportation, communications, finance. There ...
By Bob Gourley The FBI just posted the first official written articulation of why they believe North Korea is linked to the ongoing Sony Hack. As someone who has worked with FBI investigators in the past I have to tell you they do not go public like this unless they have evidence. It ...
By Anup Ghosh Editor’s note: As an advisor to Invincea I closely track not only their capabilities but the context they provide the community. Anup Ghosh, CEO of Invincea published well reasoned context on the Sony Hack at the Invincea blog, it is reposted below for your conside...
For business leaders today, it’s not enough to drive company growth, seek competitive advantages and provide vision. In this era of advanced cyberattacks, executives also need to keep their companies’ data security strategies top of mind. The Ponemon Institute’s 2014 Cost of Data Breac...
Successful hacks can paralyze websites, enable corporate or personal data to fall into the wrong hands and potentially damage the image, reputation and sales pipeline of the organization under attack. For many, this begs the question ‘Why us?’ To find out, let’s delve into the psyche o...
For many of us in the enterprise software industry, modernizing IT while maintaining legacy systems is a tightrope walk where it pays to look ahead, stay balanced, and be nimble. As 2014 races to a close, those of us focused on terminal emulation software solutions have a responsibil...
It’s that time of year when we gift and re-gift, just like this text from last year. And the perfect opportunity to re-post, re-purpose and re-use all my 2014 blog entries. If you missed any of the 96 attempts including 57 videos, here they are wrapped in one simple entry. I read somew...
Now that cloud services have become part of IT’s “new normal,” commonly referred to as “hybrid,” it seems obvious that the approaches and tools we use to manage IT would also evolve and mature, though the pace of evolution varies amongst companies, of course. According to a Website Mag...
The time of year that crystal balls get a viewing and many pundits put out their annual predictions for the coming year. Rather than thinking up my own, I figured I’d regurgitate what many others are expecting to happen.
Data security has long been thought the exclusive domain of large enterprises. Why would cyber-criminals bother with small and midsized companies when the big prizes are to be found hacking into large organizations? Unfortunately an increasing number of smaller companies find themselv...
Eighty-nine percent of knowledge workers retain access to the sensitive corporate applications and files of former employers. Earlier this year, a member of the team at Site-Eye, one of the top time-lapse film companies in the UK, noticed a disturbing problem with one of its client'...