The percentage of the IT budget allocated to security is increasing. In fact, it is growing at a faster rate than the overall IT budget.

But what about staffing? Security departments have too many consoles to manage, and have too many false positives to consider. I

n this podcast recorded on one of the shuttle buses at RSA, Security Current's Vic Wheatman speaks with Greg Young, Vice President and Research Director for Gartner, who offers specific advice for both CISOs and the vendors who sell to them, about these trends.More than 90 percent of enterprise security problems are reportedly caused by malicious email.

 

Some 2.5 billion emails containing malware were sent in 2014. Malware URLs are on the rise. Phishing URLs are on the rise. And according to CYREN's 2015 Cyber Threats Yearbook it doesn't appear that attackers will be letting up any time soon.

The CYREN report, which analyzed 5 trillion Internet transactions, found that while high-profile breaches like Home Depot and Sony made headlines, attackers have set their sights on enterprises of all sizes and notoriety. No organization is immune. It also found that BYOD, consumer grade products, are creating new vulnerabilities in the enterprise.

Knowing the threat sources and how armies of botnet machines are being spawned to spread malware is key to building effective defensive strategies.

In this sponsored podcast, Security Current's Vic Wheatman speaks with Lior Kohavi, CYREN's Chief Technology Officer. They discuss the reports findings and how cloud-based security solutions are being use to predict and subsequently mitigate against attacks.

Read the complimentary CYREN Cyber Threat Yearbook

More than 90 percent of enterprise security problems are reportedly caused by malicious email.

The number of corporate phishing attacks is growing. It isn’t a matter of if an employee will click on that malicious email or voicemail but just a matter of when.

Blocking, detecting and responding to phishing, spear phishing and other email-based attacks is now a fundamental enterprise security requirement.

And looming large on the horizon are attacks launched via social media. In fact, according to security vendor Proofpoint 1 out of every 5 large enterprise brands on Twitter last year did not actually belong to the brand.

In this sponsored podcast Security Current’s Vic Wheatman speaks Kevin Epstein, Vice President of Advanced Security and Governance with Proofpoint about combatting today’s advanced targeted attacks.

 

2015 has been dubbed the year of the security start-up and competition has never been greater. How do CISOs who are responsible for the security of their enterprises identify cutting edge technologies?  And how do the start-ups rise above the tide?

Security Current launched its inaugural High Stakes competition during the 2015 RSA Conference. The invitation-only High Stakes offered CISOs the opportunity to hear from today's cutting edge security start-ups.

One sponsor of the event waas Tempered Networks. Led by Jeff Hussey, Tempered Networks co-founder and CEO, the Seattle-based company aims to address a fundamental security vulnerability in TCP/IP to ensure secure connectivity for business critical information and infrastructure. A serial entrepreneur with a focus on security, Hussey previously founded F5.

In this sponsored podcast with Security Current's Vic Wheatman, Hussey discusses how his company's approach differs from other solutions, such as firewalls and encrypted links, and why the CISOs should select Tempered Networks to secure their environments.

 

How big a market is Security Analytics? If you ask our guest, Gartner Research VP Dr. Anton Chuvakin you'll hear that there actually is no specific or defined market called Security Analytics. He says that while there are technology providers offering products or services so labeled they all do somewhat different things in different ways.

There are vendors who look at packets, others that look at logs or roles and those that look at malware among other things and they all carry a label of analytics but according to Dr. Chuvakin the fact that all of the vendors do different things in different ways indicates that there is no market that you can just go to and buy a security analytics product.

Organizations need to self define what they want to analyze and then assemble the required pieces and perhaps integrate with a Security Information and Event Management (SIEM) system, which in some cases is essential for aspects of security analytics to work.

In any case, the buy versus build discussion becomes much more than binary. Dr. Chuvakin explores this largely undefined territory with Security Current's Vic Wheatman.

 

Five-time CISO Jeff Klaben, who is currently at a Silicon Valley think tank and also is an adjunct professor, says there is a shortage of skilled security professionals, especially at the management level, to combat an increasingly complex enterprise attack surface.

Klaben was exploring the connection between cyber security education, threat intelligence and incident response. He told Security Current's Vic Wheatman that the aim was to create actionable intelligence but the question remained, "how do we prepare folks to leverage these tools and capabilities?"

He said education and particularly mentoring within an organization would be integral to a successful security program and encouraged CISOs to mentor up and coming security professionals within. Klaben also called on CISOs to work with security start-up vendors to, at the very minimum, provide them feedback so as to ensure they are developing cutting edge technologies.

He was speaking at the Security Innovation Network's (SINET) Conference at the Computer History Museum in Mountain View California.

 

Imagine a future when cars are no longer controlled by the driver.

With automatically controlled cars coming "just around the corner" and with more automation features being introduced there are concerns that vehicles might be vulnerable to security attacks.

But advancements in connectivity and automation need to keep pace with market needs. Automation may be able to make a dent in the 33 thousand annual road fatalities.

So what should be the relative roles of government and industry? Should the automobile companies collaborate on security and are they doing it already?

Security Current's Vic Wheatman spoke with Dr. Peter Sweatman, Director of the University of Michigan's Transportation Research Institute, about the self-driving car. The podcast was recorded at SINET, the Security Innovation Network's recent conference in Mountain View, California.

 

Monitoring new cloud environments for adequate security is challenging, particularly when trying to determine which approach might be best.

Most Managed Security Service Providers (MSSPs), while "out there" in someone else's data center, are not operating from the cloud and are not necessarily the right choice for monitoring the security of cloud instances.

Organizations have a responsibility to manage the relationship when MSSPs are used or money could be wasted.

Emerging between the enterprise and the cloud are Cloud Access Security Brokers or CASBs. These topics are explored in this discussion between Security Current's Vic Wheatman and Gartner Research Vice President Dr. Anton Chuvakin.

 

Scanning a network, devices or applications for security vulnerabilities may not tell the whole story or even tell the true story. IP addresses and host names are a moving target, constantly changing. This leads to frustration and potentially remediation of the wrong assets while broken assets may remain unevaluated and vulnerable. And the problem is worse as organizations use cloud environments.

In this sponsored podcast, Security Current's Vic Wheatman speaks with security expert Tom Desot, CIO of Digital Defense Inc., who talks about the problem and offers ways to mitigate.

 

Some research suggests that 97 percent of organizations are already compromised, according to former Gartner analyst Eric Ouellet. And according to Oullet the hackers are smarter and more persistent than ever, often having a better understanding of an organization's particular computing environment better than its owners.

Recorded on the streets of San Francisco with Security Current's Vic Wheatman, Ouellet who is currently VP of Strategy for Bay Dynamics says that hackers will find a way to get inside an organization's network even if it takes a long time. There is only so much you can do to protect your environment, Ouellet adds and points to credit card companies use of anomalous behaviors as where the industry needs to head to mitigate attacks.

 

1 9 10 11 12 13 16