Adapt Your Information Security to Meet the Challenges of Tomorrow

There is a basic recipe for network and computer security that most organizations follow without question: The network firewall guards the perimeter, and anti-malware software protects the various endpoints. Security is based on protecting the individual servers and PCs inside the perimeter from the various threats outside of the network perimeter. However, that formula is…

Recent Hospital Breaches Remind of Need for IAM

Last week, I discussed Kaspersky Lab’s claim that fraudster hackers are no longer as prevalent as ideologically motivated “hacktivists.”   As a consequence of this shift in the threat landscape, Kaspersky and others (hi!) urged enterprises to consider more rigorous cybersecurity measures, such as an Identity and Access Management (IAM) solution, in order to help combat external threats.   …

Get Your Money for Nothing and Your Clicks For Free: Software Referral Programs Spur Crimeware-as-a-Service

When it comes to malware, most people think of nasty viruses that steal personal credit card information, or lock up your system until you pay a ransom to the malware author.  And while those types of malware are still in the wild, an increasingly common breed of malware is custom-designed to target corporations that pay…

Is Your Incident Response Program Ad Hoc, Emerging, or a Key Force in Your Security Defense?

Security defenses need to change.  There is now a broad realization that the security status quo just won’t cut it.  I agree with my RSA colleague who recently published a blog entitled, prevention is ideal, but detection is a must.  Effective detection (or monitoring) is often where today’s security programs are weakest and in most…

Intelligence Needs to be Operationalized

One of the hot words (and much-abused terms) in the security arena this year is “threat intelligence” and not because it is a new term but because it is going through an evolutionary period where many organizations are recognizing the value of this information. As described in the article The next marketing buzzword in security…

Kaspersky Lab Names Top Cybersecurity Threats of 2013

This week, Kaspersky Lab released their list of the top cybersecurity threats of 2013.  If you’ve been following the RSA Aveksa blog or RSA’s Speaking of Security blog, the results should come as no surprise—“hacktivism” and cyber espionage rank first and second respectively. Where this year differs from others is that fraudsters (a term Aveksa…

From SIEM to Security Analytics: The Path Forward

“The trail is dusty and my road it might be rough / But the better roads are waiting and boys it ain’t far off.” – from Paths of Victory by Bob Dylan   It has been close to a year since RSA announced RSA Security Analytics, our foray into big data security analytics.  Being first…

Business of Security: Three Tips for Improved Alignment

Last month, Capital One launched “SureSwipe” for their Credit Card Mobile App (“Capital One introduces pattern tracing to simplify mobile banking log-ins”).  What you may not know, is that the concept for SureSwipe was initially developed by the security team responsible for authentication controls.  At Capital One, the Digital Customer Protection Team leverages a balanced…

SEA Once Again Hacks Time Magazine

Back in August, I wrote about the surge of attacks perpetrated by the Syrian Electronic Army.   That month, the hacker collective commandeered the websites and social media accounts of several prominent media outlets, launching themselves into the national conversation and solidifying the group as a legitimate and dangerous threat to cyber security.   When the possibility of…

Behind the Scenes of a Fake Token Mobile App Operation

In the last few years, we have seen the mobile space explode with malware. According to a recent report by Trend Micro, the number of malware and high-risk apps available on the Android platform has crossed the one million mark, growing more than a thousand fold in under 3 years. To the financial industry, the…