Securing the Branch Location and Remote Sites


Hackers continue to go after the easiest target — the branch or remote office be it a gas station, retail store, bank branch, local health clinic or the like.

Armed with the knowledge that organizations are increasingly distributed and most organizations’ budgets are allocated to headquarters, a branch or remote office often provides an easy access point for attackers.

Vic Wheatman speaks at Black Hat with Dave Porcello, CTO and founder of Pwnie Express on what kinds of attack the organization should actually be concerned about.

Is it the advanced persistent threat or is it that unknown rogue access point? As you’ll hear from Porcello, your organization may have unbelievable security 99 percent of the time but it’s that one computer, or air conditioning duct, that often opens the door.



“Backoff” Point of Sales Malware, Ransomware, and More


Purpose-built, specialized malware dubbed “Backoff” is being found in point-of-sales (POS) systems. At the time of discovery, the malware, which is gathering magnetic strip information, keyed data and more, had low to zero percent anti-virus detection rates.

That meant that fully updated anti-virus engines on fully patched computers could not identify malware as malicious, according to the National Cybersecurity and Communications Integration Center (NCCIC), US Secret Service (USSS), Financial Sector Information and Sharing and Analysis Center (FS-ISAC), and Trustwave SpiderLabs.

Meanwhile, exploit kits enabling ransomware are holding data hostage. These business models for criminals are proving to be very lucrative. securitycurrent’s Vic Wheatman spoke at Black Hat with Karl Sigler, Manager SpiderLabs Threat Intelligence at Trustwave, on “Backoff” and the latest findings from Trustwave’s Global Security Report.



The Bad Guys Get Smarter 


IBM’s Security Systems X-Force recommends that a shift takes place from focusing on protecting the perimeter to  securing applications.

The X-Force publishes a Threat Quarterly Report that analyzes security breaches and methods used by the bad guys. Based on over one million data points, the report found that Java, SQL injections, cross-site scripting and authentication problems remain challenges for developers and recommends they adopt Secure Lifecycle Development to reduce system vulnerabilities.

At Black Hat in Las Vegas, securitycurrent’s Vic Wheatman spoke with Michael Hamelin, IBM’s Lead X-Force Security Architect on today’s most prevalent forms of attack and what should be done.



Sex Tapes, Cloud and Security

A recent movie, “Sex Tape,” shows what happens when a private video goes “up into the cloud” for everyone to see.

A memorable refrain from one of the characters is “Nobody Understands the Cloud.”

In this sponsored podcast, securitycurrent’s Vic Wheatman speaks with cloud expert JD Sherry of Trend Micro about the controls and protective services organizations should implement to protect their cloud-based applications.



Is Big Data Analytics for Security Mainstream?

Security analysts and experts often talk about big data security analytics as a burgeoning space. Is that the really the case?

What is the reality behind big data analytics for security? Is it mainstream? Does a security analytics market even exist?

securitycurrent’s Aimee Rhodes speaks with Gartner Research Vice President Anton Chuvakin who researched big data security analytics to find out what it is good for, where it is heading, who is using it, who isn’t using it and who should be using it.



From UserID and Password to Digital ID 

Many consumer-facing e-commerce implementations depend on 1960s technology to identify and authenticate customers. SecureKey is bringing authentication down to the device and chip level in order to combat fraud. It also is working to share digital IDs across an Identity Federation.

securitycurrent’s Vic Wheatman speaks with SecureKey’s CEO Charles Walton about these timely issues.



The Flavors of Intelligence.

What are intelligence aware security controls? Intelligence sharing domains? Shared response infrastructures?  Are they just information security buzz words or do they have actionable meaning?

securitycurrent’s Vic Wheatman speaks with Gartner Research Director Lawrence Pingree about these concepts and their usefulness as part of an information security program.



Voltage Spies Secure Email.

From email to texting and other forms of social media, the need for protected communications underscores the requirement to continue encrypted messaging development.

Despite legacy and current solutions on this matter, academic and private research continues in an effort to apply encryption to solving new business problems in numerous contexts.

securitycurrent’s Vic Wheatman speaks with Voltage’s Chief Technology Officer Terrence Spies about the continuing evolution of secure messaging.



PCI DSS Version 3: What’s New?

Does the Payment Card Industry Data Security Standard (PCI DSS), now in its 3rd version, actually increase safeguards required to be taken by enterprises to ensure customer data?

According to the PCI Security Standards Council, PCI DSS is a comprehensive standard “intended to help organizations proactively protect customer account data.”

But with the continuous news of breaches, is it successful? Is being compliant for an audit, essentially a snapshot in time, enough or has the latest version succeeded in bolstering security over the long haul?

securitycurrent’s Aimee Rhodes speaks with Gartner Research Vice President Anton Chuvakin, who has spoken with the Standards Council, on the changes in the latest version, how the standard has made real progress in fostering security and what to look forward to in the future with mobile processing.



Security Tools in the Cloud.

What are use cases for security tools for protecting information in the cloud?

What organizational changes can trigger an enterprise to adopt additional cloud-based protection?

We are increasingly seeing a growth in cloud security providers offering tools to protect information and retain control.

securitycurrent’s Vic Wheatman speaks with CipherCloud’s Chief Trust Officer Bob West about what we can expect to see in the growing field of cloud security.