Honeypots, used to detect cyber attacks, have been around information security for a long time.
The non-profit Honeynet Project is dedicated to investigating the latest attacks and working to improve the utility of honeypots in today's changing network environment.
In this podcast Vic Wheatman speaks with Gartner VP of Research Dr. Anton Chuvakin about this sticky issue. They look at the benefits of Low-interaction honeypots, which simulate only the services frequently requested by attackers, versus High-interaction honeypots that imitate the activities of the production systems that host a variety of services.
Why should a commercial entity consider a defense contractor for security projects? Answering the question is Edward Hammersla, President of Raytheon's Trusted Computer Solutions, Inc.
Hammersla provides perspective on the role of trusted operating systems, the ways of protecting data in a highly sensitive bring your own device (BYOD) environment and the appeal of using the term "cyber" in describing today's approaches to information security.
Hammersla was speaking with securitycurrent's Vic Wheatman.
Black Hat Series
There are a multitude of threat data sources used by Intrusion Prevention Systems (IPS) and anti-malware products to strengthen enterprise protections. Differentiating in this competitive almost commodity service market is a matter of numbers.
securitycurrent's Vic Wheatman speaks with Jeff Harrell, Sr. Director of Product Marketing for Norse, a threat intelligence company that offers an appliance it says is designed to detect and defend against attacks from "darknets" as well as other Internet-based attacks.
They talk about this saturated market and Harrell discusses the x-ray machine that was used to verify the validity of stolen credit cards.
With an increase in cyber attacks across industries, and in particular healthcare with medical-related identity theft accounting for 43 percent of all identity thefts reported in the United States last year according to the Identity Theft Resource Center, managing risk has never been more pressing for organizations.
With risk growing daily and the consequences -- both in terms of data loss, patient and employee confidence and potential fines -- looming large, one healthcare organization that takes cyber security seriously is Yale New Haven Health System.
Steve Bartolotta, who heads the health system's information security and risk management program talks about the challenges facing organizations today across verticals and what measures he recommends taking.
In this podcast with securitycurrent's Vic Wheatman, Bartolotta talks about the actual tools he uses to support Yale New Haven's risk management system and what he has gained. Or you can read about it too by clicking here.
BLACK HAT SERIES
Hackers continue to go after the easiest target -- the branch or remote office be it a gas station, retail store, bank branch, local health clinic or the like.
Armed with the knowledge that organizations are increasingly distributed and most organizations' budgets are allocated to headquarters, a branch or remote office often provides an easy access point for attackers.
Vic Wheatman speaks at Black Hat with Dave Porcello, CTO and founder of Pwnie Express on what kinds of attack the organization should actually be concerned about.
Is it the advanced persistent threat or is it that unknown rogue access point? As you'll hear from Porcello, your organization may have unbelievable security 99 percent of the time but it's that one computer, or air conditioning duct, that often opens the door.
BLACK HAT SERIES
Purpose-built, specialized malware dubbed "Backoff" is being found in point-of-sales (POS) systems. At the time of discovery, the malware, which is gathering magnetic strip information, keyed data and more, had low to zero percent anti-virus detection rates.
That meant that fully updated anti-virus engines on fully patched computers could not identify malware as malicious, according to the National Cybersecurity and Communications Integration Center (NCCIC), US Secret Service (USSS), Financial Sector Information and Sharing and Analysis Center (FS-ISAC), and Trustwave SpiderLabs.
Meanwhile, exploit kits enabling ransomware are holding data hostage. These business models for criminals are proving to be very lucrative. securitycurrent's Vic Wheatman spoke at Black Hat with Karl Sigler, Manager SpiderLabs Threat Intelligence at Trustwave, on "Backoff" and the latest findings from Trustwave's Global Security Report.
BLACK HAT SERIES
IBM's Security Systems X-Force recommends that a shift takes place from focusing on protecting the perimeter to securing applications.
The X-Force publishes a Threat Quarterly Report that analyzes security breaches and methods used by the bad guys. Based on over one million data points, the report found that Java, SQL injections, cross-site scripting and authentication problems remain challenges for developers and recommends they adopt Secure Lifecycle Development to reduce system vulnerabilities.
At Black Hat in Las Vegas, securitycurrent's Vic Wheatman spoke with Michael Hamelin, IBM's Lead X-Force Security Architect on today's most prevalent forms of attack and what should be done.
A recent movie, "Sex Tape," shows what happens when a private video goes "up into the cloud" for everyone to see.
A memorable refrain from one of the characters is "Nobody Understands the Cloud."
In this sponsored podcast, securitycurrent's Vic Wheatman speaks with cloud expert JD Sherry of Trend Micro about the controls and protective services organizations should implement to protect their cloud-based applications.
Security analysts and experts often talk about big data security analytics as a burgeoning space. Is that the really the case?
What is the reality behind big data analytics for security? Is it mainstream? Does a security analytics market even exist?
securitycurrent's Aimee Rhodes speaks with Gartner Research Vice President Anton Chuvakin who researched big data security analytics to find out what it is good for, where it is heading, who is using it, who isn't using it and who should be using it.
Many consumer-facing e-commerce implementations depend on 1960s technology to identify and authenticate customers. SecureKey is bringing authentication down to the device and chip level in order to combat fraud. It also is working to share digital IDs across an Identity Federation.
securitycurrent's Vic Wheatman speaks with SecureKey's CEO Charles Walton about these timely issues.