News, analysis and context on enterprise technology for the CTO
Editor's note: the post below by Anup Ghosh first appeared on the Invincea blog and is republished here with the author's permission. bg Prediction 2012: Hackers Will Find New Fertile Ground to Pharm Posted by Anup Ghosh on November 29, 2011 Invincea is on record that the year 2011 will go down as the year the fundamental underpinnings of Internet security fell. In fact, it is the bloodiest year on record for Internet security. Not only did we … [Read more...]
USB is a wonderful technology -- it allows us to be platform-agnostic, gives us compatibility, ease of use, and more durability than some previous connectors we have used in the past. It also presents a very difficult security challenge to security professionals. USB devices have become so ubiquitous, we don't think twice about just plugging one into a computer. We have USB plasma balls, drink refrigerators, coffee heaters, thumb drives, keyboards, … [Read more...]
Philip Ewing reports on a nightmare scenario for the Department of Defense. Suppose a worker’s Android phone is infected with malware, and she innocently plugs it into her work computer to charge and sync contacts. You can imagine the government IT workers turning green at the thought of thousands of unknown phones running unknown software being plugged into official computers, even when the workers doing it are being scrupulous about handling secure … [Read more...]
On Wednesday 16 March 2011, Carahsoft is hosting the Symantec Government Technology Summit. This session promises to be full of useful context and helpful information for any technologist seeking better ways to defend their enterprise. Location is the Grand Hyatt Washington at 1000 H Street NW, Washington DC 20001. The day starts at 0800 and the formal agenda will go till 345pm. To register … [Read more...]
I've previously written about a company I advise called Invincea. They have just been named a finalist for the Most Innovative Company at the RSA 2011 conference. This is a big deal. And it is for good reason. If you are concerned with malicious code please check them out. Invincea has allowed me to contribute some context on key issues with malicious code in the enterprise. Some of that context is in a short video clip pasted … [Read more...]
This July, the Ponemon Institute performed a benchmark study of US companies to identify the cost that companies can attribute to cyber incidents. There are a whole host of different ways in which a company can be targeted by a cyber attack, including corporate espionage. To complete their research, Ponemon examined 45 organizations, examining thousands of independent cyber attacks. They found that attacks varied between $1M and $52M, averaging … [Read more...]
There are some important strategic changes occurring in the national security landscape. A new kind of cyber attack has been noted, one that involves use of malicious code to attack infrastructure. There are some important points in this attack that should be understood by national security decision-makers. With the launch of the code the security community calls Stuxnet, an attack was made against a programmable logic controller (PLC) that runs a … [Read more...]
I know some guys who are really good at external validation of enterprise security posture. There are some folks so good that nothing will totally stop them. The history of computer science makes me think world-class-best folks like that will always be with us and there will never be a system that is perfectly defendable. But still, there are steps you can take to dramatically enhance the security of your enterprise. I've reviewed some of these before, … [Read more...]
One of the things I've observed and personally believe regarding computer security: No enterprise will ever be able to fully train users to take the right action regarding computer security. The reason: the threat is too dynamic. Of course we have to try, and one of the marks of maturity for an organization is how successful the organization is at training. But the fact is, at this very moment, some user in your enterprise is probably clicking on … [Read more...]