Past, Present and Future of Endpoint Security

In the throes of holiday shopping season, 110 million Target customers woke to the news that cleverly placed malware had pilfered their credit- and debit card numbers, along with other sensitive data. We aren’t yet certain who was behind the massive attack on Target and, evidently other large retailers, or how the heist was orchestrated.

> Read More

The ABCs of APTs

As employees and IT professionals return from the holidays, many are doing so with 2014 New Year’s resolutions in mind. For IT pros, we hope that one of your resolutions is to bolster your organization’s security and defenses in 2014. One of the rising threats that many IT professionals should be concerned about defending against in the new year is advanced persistent threats (APTs).

> Read More

Keeping Pace with Evolving Risk

Today we released the 5th annual State of the Endpoint study, together with our colleagues at independent research firm, the Ponemon Institute. We’ve all known for some time the bad guys keep getting better and IT pros are continually challenged to keep the pace. Reinforcing the idea that it isn’t if an organization will be attacked but when,

> Read More

Is Mobile Shopping Safer This Holiday Season?

With the holiday shopping season upon us, scammers, cyber criminals and other nefarious characters come out of the Internet woodwork. Security experts are warning consumers should be cautious during the holiday shopping season to protect personal and financial data from being compromised. Banks and retailers should also be on high-alert.

Consider just a couple of the telling statistics: Trend Micro researchers identified more than 200,000 malware infections targeting online banking in the third quarter.

> Read More

Employ a Targeted Defense Against Targeted Threats

In my last post, I discussed the reality of APT hitting unsuspecting organizations with a predictable pattern. Study after study indicates people are being hit by malicious hackers and the attack goes on for months before anyone is any the wiser. If they ever know.

Some very large companies, with hundreds of business units and locations,

> Read More

The Predictable Pattern of APTs

It used to be that only large, Fortune 500-sized businesses had to worry about targeted threats, or APTs. Today, it’s a whole new ballgame. Sophisticated, malicious hackers use focused resources for small- and medium-sized companies too. Everyone is a target and your risk is multiplied if you do business with important partners and business associates who have valuable intellectual property.

> Read More

The Many Forms of Server-Side Risk

We recently worked with the editors at SC Magazine on a reader survey about server-side risk. As expected, companies of all sizes are concerned about varied attack vectors that could allow bad-guy access to their mission-critical data. The results show that malware, server misconfigurations (which lead to malware intrusions) and targeted attacks (aka APTs) are the top most concerning threats.

> Read More

APT is a Hacking Strategy

When you have something that someone else wants, you’re forced to protect it if you want that something to remain yours. Since the beginning of time, theft has been our unfortunate reality. As our world moved online and everything became digitally interconnected, thieves quickly recognized that’s where real value resides. To swipe it, they have gotten increasingly creative with their tactics and,

> Read More

No, Perimeter Protection is Not Dead

Oracle is offering what it calls some “shocking conclusions” about cybersecurity, but will these conclusions cause any shift in emphasis away from the perimeter for the sake of protecting the database?

According to a 110-company Oracle-sponsored survey from IDG Research’s CSO Customer Solutions Group, most IT security resources in today’s enterprise are allocated to protecting network assets,

> Read More

Whitehat Lessons from $300M Cyber Crime Spree

By now you’ve read about the new indictment of five hackers from Russia and Ukraine in what is being called the “largest data breach scheme in the US.” You can read the DOJ press release here and/or a redacted copy of the indictment here [PDF]. In what is really a continuation of the Albert Gonzalez saga,

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

Are APTs Bad?
All Your Data Iz Theirs. Yes,
China In Your Sh1t


### Notes ###
* HT to Mike Rothman for this one.
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus …

> Read More

Hacking the Hacker: The Downside to Vigilante Justice

Imagine you woke up one morning to find all of your possessions gone. Someone broke into your house in the dead of night and stole all of your things. You don’t know how they did it or who it was, but the fact remains: your stuff is gone. You might step outside, see the broken window or the ruined lock,

> Read More