AETs and software-based security

May 23, 2012

A special feature of advanced evasion techniques (AETs) is that they have an infinite number of possible combinations, meaning only software-based security systems can provide effective protection against them.
 

One week to be cookie-compliant

May 21, 2012

Over the past year, websites have begun to include a paragraph in small text at the top of the page.
 

Is your printer the weak link in your security chain?

May 18, 2012

Print security is rapidly rising up the political and business agenda.
 

Safeguarding intellectual property from loss

May 16, 2012

Organisations have been hit with a deluge of cyber attacks in recent years, and it's only set to increase with the modernising security landscape.
 

The changing face and growing threat of DDoS

May 14, 2012

The internet is an ideal destination for like-minded people to come together.
 

How penetration testing can enhance your company's security posture

May 02, 2012

Based on the fundamental principle that prevention is better than cure, penetration testing (pen testing) is essentially an information assurance activity to determine if information is appropriately secured.
 

100 days until the London Olympics - on your marks!

April 18, 2012

Today marks 100 days until the start of the London Olympics - and for IT departments, a call to the starting blocks for possibly the most demanding period in many years.
 

Building trust beyond BYOD and migration into the cloud

April 12, 2012

As more users, devices and data move beyond the traditional security of the corporate campus, attacks on information have grown in both diversity and sophistication.
 

All malware is not the same

April 12, 2012

As we talk about new variants of major malware 'families', it dawned on me that the more general malware was getting to be more sophisticated.
 

Taking on the challenge of e-disclosure

April 05, 2012

Whether in the wake of IP theft, data breach, litigation or harassment, digital investigations are a fact of life for many organisations.
 

2012: The year of the CISO

April 02, 2012

This year has already proved to be one where security procedures assume the utmost importance within an enterprise, catapulting the CISO's role to the forefront of the business.
 

Back to the future - learning network security lessons from history

March 28, 2012

In the Middle Ages, castles were the regional centres of commerce and imposing manifestations of power across Europe, offering protection and security to royalty, landowners, merchants and local employees.
 

Security in a virtualised world - moving with the times

March 26, 2012

For almost every single organisation, its data is its lifeblood. Preserving the integrity is paramount, and so securing data has become one of the biggest challenges of doing business in the digital age.
 

So what has the Information Commissioner got against local councils?

March 22, 2012

When the Information Commissioner's Office (ICO) announced that serious data breaches would be punished with a fine of up to £500,000 in April 2010, there was a suspicion that the toothless tiger would become a beast.
 

Threat intelligence: what to share?

March 19, 2012

Year after year, I hear the same refrain in information security: "We need to share more data about security threats." I know I, too, have been singing the same song for at least a decade.
 

IAM: back together, but disliked by users?

March 16, 2012

This week I attended the Gartner conference on identity and access management (IAM) with a view to getting a clearer vision of this sector.
 

Protecting the public sector

March 13, 2012

The threat from cyber crime is growing, with the UK witnessing an increase in criminals targeting theft of citizen and employee information, credit-card data and organisations' intellectual property.
 

Cyber security: the carrot and the stick

March 05, 2012

Cyber security is the latest business battleground and an international issue that's rarely out of the headlines, while cyber crime is an ever-present threat to companies.
 

A slight case of typosquatting

March 01, 2012

Ahead of last Christmas, some research appeared from Websense Security Labs which revealed that nearly 2,000 typosquatted domains of major high-street stores had been detected.
 

Everything changes: removing risk from network and security change management

February 27, 2012

"There is nothing wrong with change, if it's in the right direction," said Winston Churchill. But speak to a hard-pressed CSO or CIO and they'll tell you that any type of change is a potential risk. Most will happily take a lot less change in order to get better security.
 

McKinnon's lost decade

February 24, 2012

It is ten years since Gary McKinnon's life turned into a recurring nightmare. His casual and, thanks to poor IT security, simple hack into US military computers as he was searching for evidence of UFOs turned into something far, far more serious.
 

DDoS attacks - about more than a flood

February 24, 2012

This week featured a new launch of distributed denial of service (DDoS) protection technology, while research revealed the scale of attacks on businesses.
 

How secure e-commerce sites can survive the crunch

February 20, 2012

Listening to popular media, you could be fooled into thinking that retail is soon to be delivered a fatal blow by a failing capitalist system.
 

New rules for combating new threats

February 16, 2012

Today's security attacks are more insidious than they used to be. They use a combination of techniques and are aimed at achieving a particular result, such as stealing information that can be used for financial gain.
 

Extortion, ransom demands and code leak - what would you have done in Symantec's shoes?

February 10, 2012

This week Symantec's tussle with a hacker went public.
 

Hybrid theory

February 09, 2012

'But is it secure?' is invariably the first question I'm asked by CISOs in relation to cloud solutions and services.
 

Why hackers are targeting CAs - and what you can do about it

February 07, 2012

Probably the most disturbing data breaches of 2011 involved security companies themselves coming under determined and sustained attacks. RSA and DigiNotar both fell victim to hackers, sending shockwaves through the security community.
 

Google Android: now secure

February 07, 2012

The security business has had little positive to say about Google's Android platform in recent times.
 

ISO 27001 - a beginner's guide

February 01, 2012

These days, barely a week will go past without a news story about a security breach at a high-profile organisation.
 

What can others learn from Stratfor's mistakes?

January 31, 2012

In the last year, there has been an unprecedented wave of hacking attempts across a variety of organisations.
 

Why cyber security represents a new cold war

January 26, 2012

The nuclear standoff of the 60s may be behind us, but a new cold war, or rather code war, has started to grip the globe.
 

Could a distributed denial-of-service attack be made on your inbox?

January 24, 2012

The distributed denial-of-service (DDoS) attack is a modern form of action and takedown that is not impossible to defend against, but is a challenge nonetheless for victims.
 

How private equity investment can support the growth of businesses in the IT security sector

January 18, 2012

Private equity investors are always on the lookout for opportunities to invest in businesses with real potential in growth areas.
 

With new devices come new challenges

January 17, 2012

As the UK returns to work, so the pressure on IT managers increases as Christmas presents are attached to the network.
 

What Stratfor said

January 13, 2012

At the start of this week, the main theme around Stratfor was the strength of the Anonymous assault and the brashness in publishing email addresses.
 

Next-generation policies for managing the people factor

January 12, 2012

What does next generation mean? It implies we have something new and beyond what came before it.
 

Stratfor attacked, but it's the same old password security story

January 09, 2012

The attack on Stratfor by Anonymous over the Christmas period raised plenty of eyebrows at the tenacity of the hacktivists and its ongoing capabilities.
 

2012: security predictions for the future of mobile, cloud, attacks, data loss and big data

December 21, 2011

Over the past few weeks I have been inundated with 'predictions' for what 2012 will bring to the security market.
 

Advanced evasion techniques - protection and preventive measures

December 15, 2011

Advanced evasion techniques (AETs) offer cyber criminals a virtually unlimited number of options for the undetected infiltration of networks with malware.
 

So who exactly is the brains behind the next-generation firewall, and is it something to take seriously?

December 08, 2011

This week Sourcefire became the latest company to enter the emerging sector of the next-generation firewall.
 

Techniques for disguising hacker attacks

December 06, 2011

There are methods for attacking networks that even cutting-edge security systems cannot detect, and Advanced Evasion Techniques (AETs) are one example.
 

The IPv6 switchover: what should enterprises be doing in preparation?

December 02, 2011

Earlier this year, the Internet Assigned Numbers Authority (IANA) allocated its last IPv4 address blocks to the regional internet registries (RIRs).
 

Disguising hacker attacks - history and morphology of advanced evasion techniques

December 01, 2011

Intrusion prevention systems (IPS) protect networks and systems against attacks and since the early days of IPS technology, hackers have tried to circumvent these systems. They slip malware into networks undetected, like a kind of invisibility cloak.
 

Preparing for mobile emergencies

November 29, 2011

Recently a friend asked me to recommend a mobile anti-malware product for his use.
 

The government's Cyber Security Strategy: friend or foe?

November 28, 2011

Friday saw the release of the government's Cyber Security Strategy that set out the UK's plans to build a more trusted and resilient digital environment.
 

Accrediting with a white hat

November 17, 2011

I recently met with an organisation keen to prove themselves in the accreditation space as an approver for ethical testers.
 

Can't we just ignore PCI-DSS and get on with life?

November 11, 2011

The Payment Card Industry Data Security Standard (PCI-DSS) has now been around for over six years, giving anyone who handles card data ample time to have achieved an acceptable level of compliance, but every day we speak to organisations that have yet to implement any PCI measures.
 

Security patches for your people

November 08, 2011

If there's one thing the big security breaches of the past few years have taught us, it's that employees are just as critical to network security as the technology.
 

The industry who cried wolf

November 07, 2011

Malware is mostly created as a tool for gangsters to steal people's identities or a company's data and to use their computing power to amass a giant army to send emails hocking 'male enhancement' pills.
 

APT: Ladies and gentleman, it's the theme of the week!

October 14, 2011

As predicted by SC Magazine some time ago, the RSA Conference Europe has been all about the advanced persistent threat (APT).
 

Is the US leading the UK banking sector towards multi-factor authentication as standard?

October 04, 2011

New guidelines published in the US this summer by the Federal Financial Institutions Examination Council (FFIEC) strongly advised banks that they should offer multi-factor authentication to corporate customers by January 2012.
 

Was the Lurid hack the next stage for targeted attacks?

September 30, 2011

Last week we reported on the 'Lurid' attack that had impacted users in Russia and former Soviet states.
 

Does 'targeted attack' sound more threatening than 'APT'?

September 26, 2011

Earlier this year, we looked at the 'advanced persistent threat' (APT) and what it meant for those in the line of fire.
 

The death of #DigiNotar

September 22, 2011

This week saw the much-maligned Dutch certificate authority (CA) DigiNotar declared bankrupt by the Haarlem district court.
 

Protecting the navigation layer from cyber attacks

September 21, 2011

Cyber attacks are no longer largely committed by teenagers trying to look smarter than their friends. In the past few years, organised crime has become increasingly involved, and these criminals have many more resources and much more motivation for both financial and political gain.
 

The trickle-down effects of advanced persistent threats

September 16, 2011

The increase in sophistication and abilities of computer hackers and malware programmers worldwide is, unfortunately, rather common news.
 

The way forward for monitoring and inspection

September 12, 2011

A recent revolution in IT security has been the use of high levels of automation when analysing data transmissions for malware, hacks and other attack vectors.
 

Data breach issues can't be solved by IT departments alone

August 31, 2011

Dave Jevans, chairman of IronKey and the Anti Phishing Working Group, looks at why locking down internal systems is not enough to combat sophisticated cyber criminals.
 

Professional Monitor: in association with (ISC)2

August 26, 2011

Are companies thinking about how young people's attitude to technology will affect their business when they come to join the workforce? If not, then they certainly should be.
 

Following hacking attacks at the Defcon conference, just who can you trust?

August 26, 2011

The cheeky hacking stunts carried out against conference delegates show just how much we all still have to learn.
 

Show me the Tunny

August 26, 2011

Bletchley Park's new gallery provides an important working record of history-making technology.
 

As easy as APT? It's not as simple as that

August 25, 2011

With the imminent arrival of the annual European RSA Conference, I expect we will be hearing three letters mentioned a lot: 'A, P and T'.
 

A thousand days of Conficker

August 19, 2011

This week marked 1,000 days since the first appearance of Conficker, a worm that went on to terrorise businesses for most of 2009. Aryeh Goretsky, distinguished researcher at ESET, looks back at the first thousand days and how businesses are keeping up the fight.
 

Who is responsible for enforcing password etiquette in your business?

August 17, 2011

It was hardly a surprise that using the same password twice led to a data breach in a school last week, but perhaps more startling was that a pupil had intercepted the password and accessed two databases.
 

What should you do in the event of a data loss?

August 12, 2011

Edy Almer, vice president of product marketing at Safend, looks at the best practices that businesses should be following to ensure the protection of data.
 

Is your IT policy just a signature on a piece of paper?

August 09, 2011

Dan Raywood looks at the thorny problem of IT policies and employees taking them seriously
 

DLP is only as good as the people empowered to use it: your IT staff!

August 08, 2011

As the UK's data watchdog levies its first major fine for mishandling data by email, how can organisations protect themselves against data losses, without IT drowning in email traffic? Nick Lowe, head of sales in Western Europe for Check Point explains.
 

How did intrusions go on for five years without being noticed?

August 05, 2011

The Shady RAT report from McAfee this week found that some sensitive organisations had been under attack for up to five years in some cases.
 

Mobile Encryption: driving productivity, enforcing security

July 28, 2011

If smartphones are to be as powerful as PCs, shouldn't they be as secure? Andres Kohn, vice president of technology at Proofpoint, looks at the growth of devices and how mobile encryption could be one solution.
 

Risk management and compliance - is it finally all coming together?

July 27, 2011

No one has been able to escape the news and numerous commentaries on the recent high profile breaches. Evidently, hackers are no longer lonely teenagers in their back room trying to impress their friends: today's cyber crime industry has evolved and automated itself to improve efficiency, scalability and profitability with a clear intent on obtaining information that can be monetised.
 

Could a BYOD policy be the solution to your consumerisation problems?

July 25, 2011

The last six months has taught us that the consumerisation of IT continues to be the greatest challenge for businesses and that solutions are emerging, but perhaps one policy-based initiative could be the answer.
 

Managing security in the cloud

July 22, 2011

The decision on whether or not to move security to the cloud could be one of the biggest you will make in the near future. Stephen Schmidt, chief information security officer at Amazon Web Services, looks at the decisions, options and opportunities of security in the cloud.
 

Data everywhere and no way to control it?

July 14, 2011

One of the reasons why there has been debate on data loss prevention (DLP) is because data gets into so many places and it is so hard to track.
 

Professional monitor: in association with (ISC)2

July 12, 2011

Information security professionals need to better understand and develop business skills - because focusing on technology alone will not command respect in the boardroom.
 

Testing the resilience of IT systems can help businesses prevent hacking attacks

July 12, 2011

The best way to test whether your organisation is secured against a hack is to try and hack it yourself.
 

Not your typical information security event

July 12, 2011

Alternative security events such as BSides and 44Con have injected much-needed life into the conference circuit.
 

Is DLP a blunt instrument or a misused technology?

June 28, 2011

Following on from the introduction of monetary penalties by the Information Commissioner's Office last year, I looked at the likelihood of data loss prevention (DLP) solutions rising in popularity in line with the regulatory increase.
 

They came, they hacked, they lulz'ed a lot and they went

June 28, 2011

At the weekend, LulzSec announced its decision to end its hacking campaign against government, technology and law enforcement organisations after 50 days of action.
 

Turning point

June 27, 2011

There has been talk in the anti-malware industry as long as I can remember about what sort of event it will take to get people to take computer security seriously.
 

Apple and the public cloud: new threats, new solutions

June 22, 2011

The launch of Apple's iCloud will bring cloud computing to the masses and with it, new security challenges. CryptoCard SVP Europe Jason Hart looks at the proposition and risks with one of the key launches of 2011.
 

Could you specify a 'champion' role to a member of your staff?

June 22, 2011

The issue around the shortage of skilled professionals within IT security have been well documented and the work of initiatives such as the Cyber Security Challenge has gone some way to addressing that.
 

What have we learned from six months of consumerisation?

June 17, 2011

It was sitting in a boardroom in the Abingdon headquarters of Sophos where I first heard a word that probably summarises 2011 so far.
 

Cyber Security Challenge announces cipher winner and talks of the continuing skills gap

June 10, 2011

This week saw the Cyber Security Challenge announce new winners, sponsors and tasks. SC Magazine was among the attendees at a gala evening.
 

Will World IPv6 day raise awareness for users or cyber criminals?

June 08, 2011

Today marks 'World IPv6 day', when those websites that have prepared themselves demonstrate their 21st century sites and awareness is raised overall.
 

Are we blasé about breaches?

June 06, 2011

A month ago we ran a story about the early Sony breaches against its PlayStation network which has spiralled into a campaign of attacks against the technology giant.
 

Hackers coming in through the front door

June 02, 2011

Why would anyone take the trouble to scale a fence and crowbar their way through a virtual back window when there's a much easier route to break in: unlocking the front door?
 

Respect and security

June 01, 2011

Can't take me anywhere, I start finding security messages at the most inappropriate places.
 

Countering cyber terrorism

May 31, 2011

The cyber war is intensifying each year and cyber attacks and those behind them are in no mood to cease their efforts. Rather than burying your head in the sand and assuming this is a US problem because of disclosure laws, Rob Warmack, Tripwire's senior marketing director in EMEA argues that this is a global issue and looks at mitigation solutions.
 

A whole new era for cookies begins this week

May 23, 2011

This week marks the introduction of the Information Commissioner's new laws on privacy and online data retention.
 

Malware hits the Mac but is it worth worrying about?

May 23, 2011

Friday's news was dominated by issues relating to Apple and the exploitation of a rogue anti-virus for the Mac OS.
 

2011 is proving there is more to be done, so how are you approaching payment card security?

May 23, 2011

With high profile data breaches affecting millions so far this year, Jeremy King, European director of the PCI Security Standards Council looks at the impact upon users and what merchants can do to prevent and protect.
 

Log management in virtualised environments

May 17, 2011

Log management may be seen as a purely on-premise solution, but following LogLogic's new partnership with VMware, its chief marketing officer Bill Roth looks at the potential future of logs in the cloud.
 

Putting a padlock on the cloud

May 13, 2011

Ask anyone in IT what the biggest barrier to adopting cloud computing services is and the most likely answer is security.
 

Social media hard to ignore for businesses

May 09, 2011

Richard Turner, CEO of Clearswift, looks at the security challenges being faced as a result of the increasing adoption of Web 2.0 in businesses and how good policy should be the cornerstone of a modern organisation's information security strategy.
 

Small businesses need to embrace big technology

April 15, 2011

Claiming that developing businesses are missing a trick by assuming the cloud is not for them, Steve Ball, managing director of Cloud 9, provider of IT services to small businesses, looks at how and why modern technology should be embraced.
 

Professional monitor: in association with (ISC)2

April 15, 2011

End-users are changing the game for information security professionals by bringing consumer technology - and the expectations rasied by it - into the workplace.
 

Businesses need to patch up or fall down

April 14, 2011

Security products often do the unthinkable and give the route in because they have not been updated.
 

The protection of corporate data needs to be addressed by top-level executives

William Beer April 14, 2011

The priority for security teams is to get senior management genuinely interested in data protection.
 

Despite criticism anti-virus technologies work hard to keep up with threats

April 14, 2011

Malware has come a long way since the attack on my Amiga - but so too, despite the criticism have the anti-virus brigade.
 

The rights, wrongs and moral debate on employee monitoring

April 14, 2011

A report from earlier this week claimed that several high-level security managers were in favour of employee monitoring technology.
 
Popular Topics
Breaches & Exposures Browser Flaws Compliance Consumer Threats Email Security Emerging Threats Finance Government Groundbreakers Healthcare High Tech Insider Threats IT Security Training Lawbreakers & Cybercrime Legal & Professional Services Manufacturing Microsoft Mobile Endpoint Security Patch Management Phishing Privacy Regulation Product News Spam Techniques Trojans Vulnerabilities & Flaws
Home | News | Products | Whitepapers | Jobs | Subscribe | Contact Us | About Us | Advertising | Sitemap | Editorial | Subscribe to our RSS feeds RSS

This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions