Posted by
Erica Benton in
Cloud, Cyber crime
Nov 5th, 2012 |
No Comments
“A knight’s fork: an attack by one chess piece (as a knight) on two pieces simultaneously.”
- Merriam-Webster Dictionary
When was the last time you played chess? If you are responsible for Cybersecurity you are unwittingly playing it every day. Tom Kellerman uses this ancient sport to look at the strategies and tactics of modern hackers in his latest paper ”The Knight Fork: Defining Defense in 2013.”
In it, he reviews the innovation and evolution of Advanced Persistent Threats, and recommends tactics for developing a custom defense against targeted attacks — a “cyber...
Posted by
Christine Drake in
Cloud, Cyber crime, Privacy, Compliance and Identity, Securing the Cloud, Security, Threats
Feb 2nd, 2012 |
1 Comment
Recently I became a victim of identity theft. Criminals gained access to my name, address, date of birth, driver’s license number, social security number, and bank account number. I’ve spent the last 10 years marketing Internet security solutions, but now I know firsthand how painful it can be to individuals when a data breach occurs.
How did they get my personal information? Working in the security industry, I’m pretty careful. I’m good at recognizing phishing scams; emails that use various ploys to get you to reveal your personal information (see this paper I co-authored on the...
Posted by
Christine Drake in
Cloud, Privacy, Compliance and Identity, public cloud, Securing the Cloud
Jan 18th, 2012 |
1 Comment
Dave Asprey and Jonathan Gershater bring up good points in their blog posts about the USA PATRIOT Act (“The USA PATRIOT Act is Bad for Business” and “Patriot Act is not the first (nor likely) last law of its kind”). The U.S. might seize your data or other governments might gain access for a multitude of reasons. Even if your government doesn’t have laws that allow data access, they may work with a government that does, and may hand over your data—perhaps without your knowledge.
But governmental seizure of data is only a small component of potential data loss. It doesn’t really...
Posted by
Christine Drake in
Cloud, Cyber crime, DataCenter, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Secure Data Centers, Securing the Cloud, Security, Threats, Threats from the Cloud, Virtualization
Sep 8th, 2011 |
7 Comments
We often hear that security and privacy concerns are the main inhibitors to cloud adoption. But what are the true threats? Is the cloud really more dangerous than your on-site data center? I would say that virtualization and cloud computing aren’t inherently more dangerous, but they have unique infrastructure that must be addressed when creating a security foundation.
There are similar attacks across physical, virtual, and cloud infrastructures—data-stealing malware, web threats, spam, phishing, bots, etc. So many companies are tempted to deploy their security for dedicated physical...
Posted by
Rik Ferguson in
Cloud, Cloud-based Security, Cyber crime, Malware, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud
May 31st, 2011 |
2 Comments
With the launch announcements of various Google Chrome netbooks, the focus of the press and security companies alike is beginning to take a closer look at the security promises made and also at some of the more ’media friendly‘ statements such as, “…users don’t have to deal with viruses, malware and security updates”.
Let’s have a look at some of the security features of Chrome OS:
1 – Get out of my playpen. Each process runs in its own sandbox. Effectively this means that if an application is malicious or compromised, it is unable to interact with or otherwise affect...
Posted by
Greg Boyle in
Cloud, Cloud-based Security, Cyber crime, Malware, public cloud, SaaS, Securing the Cloud, Security, Threats, Virtualization
May 23rd, 2011 |
2 Comments
I recently had an interesting chat with the operator of our snack vending machine while making a coffee in the kitchen. She was restocking our machine and had her iPad sitting on the table. In their 2 person company they now have 2 iPads and a PC. They do their inventory control and tracking while onsite at customer premises via the iPad. Then they sync it with their PC and, using an online storage solution they transfer it to the cloud; this then syncs with their online accounting package. Her reason was very, very simple: she wants to reduce the amount of time they spend on bookkeeping and back-office...
Posted by
Dave Rand in
Cloud, Cloud-based Security, Cyber crime, IPv6, Malware, Privacy, Compliance and Identity, public cloud, SaaS, Securing the Cloud, Security, Smart Protection Network
May 4th, 2011 |
1 Comment
Part 1 of 2 parts
IPv6 will change how we use the internet, again. To the typical user, there is no difference; web sites work the same. But email is a different story.
When using IPv6, addresses are allocated in a different manner. Most end-users today get one IP address, which is shared between multiple machines using a Network Address Translation (NAT) router. In IPv6, each user gets an address block – a /64 – of address space. This is great news, because end-to-end application on the Internet will work much better, and there will be no NAT in the way.
A /64 is a huge amount of space –...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, Cyber crime, IaaS, PaaS, public cloud, SaaS, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud, Virtualization
Apr 7th, 2011 |
1 Comment
For years now, if you knew where to shop on the shady side of the Internet cloud, you could pick up a botnet for cheap. But it was so much work to log in to IRC and pay with egold that a busy cybercriminal just couldn’t be bothered.
That’s not a problem anymore, thanks to Robopak. Applying the latest cloud provisioning and marketing analytics technologies, they’ve created an entirely new type of cloud service, Exploits as a Service, or EaaS. Robopak’s EaaS lets you pay as little as $30 per day to access Java, PDF, and IE exploits and roll them out to build your cybercrime...
Posted by
Dave Asprey in
Cloud, Cloud-based Security, Cyber crime, IaaS, Malware, PaaS, SaaS, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud
Feb 6th, 2011 |
6 Comments
In a recent eWeek interview, Citrix CTO Simon Crosby described Conficker malware as “the world’s largest cloud.” He’s right. Cybercriminals use Conficker to create massive clouds of remotely-controlled PCs capable of carrying out a variety of cyber-attacks, including DDoS (Distributed Denial of Service) attacks on a scale larger than any centralized cloud provider could. We tend to think about data center-based clouds with names like Infrastructure-as-a-Service or Software-as-a-Service, but the future of really big clouds looks more like Conficker’s very powerful networks of distributed...
Posted by
Jon Oliver in
Cloud, Cloud-based Security, Cyber crime, Malware, Securing the Cloud, Security, Smart Protection Network, Threats, Threats from the Cloud
Jan 17th, 2011 |
2 Comments
Today’s threat landscape has required security vendors to change their approach to protecting customer data. TrendLabs℠, Trend Micro’s threat research arm, states there are now 3.5 new threats released every second by cybercriminals. Traditional approaches to security just cannot keep up with this. Those traditional processes looked like this:
Customers would submit a suspicious file to their security vendor for analysis
The security vendor would analyze and confirm it as malicious
A signature would be created to identify that file as suspicious
The signature file would be published...
