Mar 30th, 2012 |
We recently wrote a post on Cloud Security and APT Defense in which we discuss the nature of an Advanced Persistent Threat as well as a few tips on how to stay safe. Now we have a real-world example to learn from. Our researchers have put together some comprehensive analysis for LuckyCat Redux which includes a study and an infographic which compares LuckyCat with other well-known threats.
Jonathan Gershater in
Cloud, Cloud-based Security, Privacy, Compliance and Identity, public cloud, Securing the Cloud, Security
Mar 28th, 2012 |
I recently read a blog post outlining how a customer should evaluate where they should store their encryption keys when encrypting data in the cloud. The post outlines the various options for storing keys and concludes, “Enterprises must assess their risk tolerance and audit requirements before they can select a solution that best meets their encryption key management needs.“
I completely agree with the post. Risk tolerance assessments and adherence to audit standards are essential elements of any quality data security program. I would argue though, that if the customer is following...
Andy Dancer in
Mar 26th, 2012 |
I recently presented on this topic at RSA and enough people, who didn’t managed to catch the presentation, asked what the link was between these two seemly unrelated areas, that I promised to write it up for a wider audience – here goes:
Many people assume that the ‘Advanced’ in Advanced Persistent Threats means the use of some incredibly new sophisticated malware but typically that’s not the case. Usually the ‘Advanced’ element is in the research effort and the social engineering to tip a specific target over the edge and get them to click though to a URL of the attackers choosing. ...
Dave Asprey in
Mar 2nd, 2012 |
Throughout the last two years, there has been a tremendous amount of activity regarding two areas; The Consumerization of IT, and the Cloud. This includes tons of postings and articles published about each one as to their impact, unique value and issues to computing utilization. Now the question needs to be posed as to what may be the relationship between these, are they separate areas, or are they intertwined environments of the modern computing world. And if the case is that they are intertwined, how do we address the issues this brings up, both the good and the bad.
My belief is that these are...