NormShield reduces the uncertainty of your cyber risk with a high quality platform that does the work for you. Created from a hacker’s perspective, we’re not another cyber rating tool. Our platform tells you which vendors pose the highest risk to your company without creating more labor on your end. The platform is scalable, all-encompassing, and tailored to identify your problem areas. NormShield is also the ONLY cyber risk rating system that can measure the cost associated with a potential third party cyber breach. Know the risk every organization in your ecosystem poses in dollars and cents. Learn more at www.normshield.com.

The post NormShield appeared first on Security Current.

A CISO’s Guide to Principles of Data Privacy and Security by David Sheidlower, currently CISO for an international media and advertising firm, examines the key issues surrounding data privacy and security.

In this Security Current ebook, David Sheidlower provides his perspective on topics, which include privacy policies, big data, consent, governance, and security.

According to the author: “The fundamental principles of privacy and security continue to evolve. I’ve tried to look into each of them from the consent process, which most people find problematic, to the need for a framework for data protection, which is where an organization’s security program comes in.

The post A CISO’s Guide to Principles of Data Privacy and Security appeared first on Security Current.

A CISO’s Guide to Phishing and Malware examines real-world examples of advanced targeted attacks via email and social media to show how these evolving threats are increading an organization’s business risks.

Cybercrime is very much a B2B affair with surging returns on investment. From a business perspective, there is always a number associated with a breach. For example, Columbia University calculates every exposed Social Security number costs organizations $195. This number represents only a fraction of the total cost; losses to the breached companies, the people whose data has been stolen, and to society as a whole aren’t easily measured.

More specifically, this book explores attack vectors such as email, in particular, the Business Email Compromise (BEC) that are being exploited as never before.

It also presents ways CISOs can confront those increasing risks and offers best practices for articulating the value of these tools to the C-suite.

The post A CISO’s Guide to Phishing and Malware appeared first on Security Current.

Adversaries have patience and expect to persevere over any and all obstacles that stand in front of them. Their toolkit is not limited and if at first they don’t succeed they’ll try again until they complete their mission. The enterprise’s challenge: find and disrupt them before they fulfill their mission and prepare for the next one, never relinquishing their hold.

Cybersecurity threats to the enterprise continue to move at a pace whereby many organizations are not able to keep up with the known, let alone advanced adversarial tactics. For years the industry has concluded that advanced attacks involve some sort of malware in order to be successful. While malware can be used to exploit a target, there’s an evolution occurring that extends beyond the need for malware or zero-day exploits: attack campaigns. An attack campaign is not just an opportunistic attack aiming to compromise an endpoint, but rather a deliberately focused effort with a specific motive and mission with the intention to persevere until the campaign’s successful conclusion.

The post Attack Campaigns: Connecting the Dots to Disrupt the Adversary – sponsored appeared first on Security Current.

Adversaries have patience and expect to persevere over any and all obstacles that stand in front of them. Their toolkit is not limited and if at first they don’t succeed they’ll try again until they complete their mission. The enterprise’s challenge: find and disrupt them before they fulfill their mission and prepare for the next one, never relinquishing their hold.

Cybersecurity threats to the enterprise continue to move at a pace whereby many organizations are not able to keep up with the known, let alone advanced adversarial tactics. For years the industry has concluded that advanced attacks involve some sort of malware in order to be successful. While malware can be used to exploit a target, there’s an evolution occurring that extends beyond the need for malware or zero-day exploits: attack campaigns. An attack campaign is not just an opportunistic attack aiming to compromise an endpoint, but rather a deliberately focused effort with a specific motive and mission with the intention to persevere until the campaign’s successful conclusion.

The post Attack Campaigns: Connecting the Dots to Disrupt the Adversary – sponsored appeared first on Security Current.

It’s no secret, password secrets haven’t held up for quite some time against attacks targeting consumers and enterprise organizations.

Breach after breach, credential compromise seems to be the path of least resistance. Why bother attempting to exploit a remote server against an unknown or even known vulnerability, when phishing a human will do just fine?

Open, click, and enter credentials – it doesn’t get any easier for an attacker. To make matters worse, the universal password is just that, it is universally re-used oftentimes across multiple sites.

Harvest one set of credentials and chances are good it is re-used elsewhere. Time and time again this has been increasingly clear through interacting with everyday people who are the end users within our corporations.

With dozens and dozens of different sites requiring a login, can you blame them for using weak or the same password across personal and corporate accounts? How many sites do you have to remember passwords for as a security professional?

This White Paper reviews how security and convenience have historically been at polar opposites. It examines Authentify xFA™ which bridges the gap between convenience and strong authentication.

The post User Authentication Gets Flexible – sponsored appeared first on Security Current.

As the world becomes more connected, it is no longer enough for enterprises to react once an alert indicates an attacker is on the network. What if security teams seek out the attacker as opposed to waiting for them to slip up and trip an alert?

With motivated attackers penetrating successfully, security leaders are creating internal teams of hunters to locate the attacker and to eradicate them as quickly as possible. This is a change in mindset from the way teams have long been accustomed to identifying incidents.

The simple fact of the matter is that attackers are penetrating networks and advanced security teams have begun to recognize the need to
 move from sitting and waiting to go on the hunt for the attacker.

This white paper explains how the hunter becomes the hunted and how Arbor Networks’ Pravail® Security Analytics empowers security teams to have a fighting chance defending the enterprise. To be successful at hunting for an attacker, security teams need visibility, speed, accuracy, and analysis across historical and real-time data.

The post The Hunter Becomes the Hunted – sponsored appeared first on Security Current.

Agencies grant access privileges easily and out of necessity, but they struggle to manage these privileges as employees move throughout divisions. Revoking unnecessary access tends to be forgotten and the process of recertification of access privileges is error-prone, time consuming, or worse, forgotten.

“Insider and privilege misuse” was identified by the 2014 Verizon Data Breach Investigations Report as one of the 9 basic patterns of activity in the past decade that have resulted in confirmed data breaches.

The post Beyond Trust – Privileged Account Management for Federal Agencies appeared first on Security Current.

Organizations are adopting virtualization and cloud technologies as a foundation for their strategic business growth. Whether they deploy private cloud, public cloud or hybrid architectures, this is where IT investments are going today and in the years ahead.

The bulk of new IT spending by 2016 will be for cloud computing platforms and applications, with nearly half of large enterprises having cloud deployments by the end of 2017, according to Gartner, Inc.

The post Trend Micro – Elastic Infrastructure Needs Elastic Security appeared first on Security Current.

CISOs Investigate: Endpoint Security includes the viewpoints of 13 security leaders who have deployed or are looking to deploy third-party solutions. This report replaces the ad hoc, often informal and time- consuming processes of personally gathering peer insight.

Spanning verticals, the CISO contributors share real-world use cases and provide guidance.

[contact-form-7]

The post CISOs Investigate: Endpoint Security appeared first on Security Current.