MySpace and Tumblr Breaches Put Other Consumer Brands on Alert

With the unveiling of two more “mega breaches” this morning, the headlines and news cycles are clamoring for continued updates.  The more serious of the two involved the breach at MySpace with 427 million email addresses and linked passwords stolen.  The other involved 65 million unique emails and passwords stolen from the popular site, Tumblr. …

Advanced Detection Methods: Tips for Detecting Potential Insider Threat

In the new era of information security, traditional controls designed to deter attackers and protect assets are being augmented by advanced detection methods and new capabilities for response and remediation. The fundamental idea is to monitor the activities and behaviors taking place within your organization’s systems, applications, and data, then use this information to distinguish…

Security at Scale: Making Security Analytics Work for the Internet of Things

This year more than 10 billion devices will connect to networks around the world. And in the next few years, that number will increase by over an order of magnitude. With the veritable explosion of smart devices, many of which connect not just to the network, but to each other, significant security concerns arise. Despite…

Monitoring Assets and Vulnerabilities: Matching Data With Action

Monitoring assets and vulnerabilities has become a high-priority security practice for many enterprises. As RSA President Amit Yoran said in his RSA Conference 2016 keynote, the inevitability of an attack is so well-known that it’s almost cliche. However, the increasing persistence and stealth of attacks is less cliche. Attack campaigns increasingly use multiple exploit methods…

New PCI Multifactor Authentication Rules: Is it Too Late?

The PCI Security Council just extended its requirements for multi-factor authentication to anyone who has access to credit card data. These requirements, which comes on the heels of the European Parliament adopting its revised Directive on Payment Services (PSD2) late last year, require strong authentication for all Internet transactions. PSD2 also introduces strict security requirements…

How to Tailor a Continuous Monitoring Policy to Focus on Critical Assets

Many organizations want to implement a continuous monitoring policy, which combines processes and technology to ensure security systems are working efficiently and effectively. Continuous monitoring enables IT teams to identify issues that could introduce risk or lead to compliance violations. As such, a continuous monitoring policy not only makes good business sense but is increasingly…

Continuous Identity Assurance Allows You To Step Away

Have you ever wondered how do applications know if “its still you” 10 minutes after you log in to the app? Suppose you have to join a conference call, leave for a meeting, or take a bio break. As far as the app is concerned, since you haven’t performed any activity for a given period…

Not on My Dime: When Fraudsters Take a Phantom Ride

As any parent with children in sports knows, it is simply not possible to be in two places at the same time.  I have tried to defy the laws of time and space by magically appearing at two different baseball fields when my sons’ games are conveniently scheduled at the same time on different fields…

5 Must-Read Articles on Advanced Detection and Incident Response Speed

In his 2016 RSA Conference keynote, RSA President Amit Yoran explained that modern security is moving away from the traditional focus on prevention toward a mindset that includes monitoring and response as key security components. In particular, Yoran stressed that accelerating incident response speed is crucial for overcoming current known security threats and future attacks.…

LinkedIn Breach: The Death of Passwords Has Finally Arrived

The headline screamed at me this morning when I opened my inbox, “117 million LinkedIn user credentials compromised.”  I had no reaction as I went to get my first cup of coffee.   Credentials have become a commodity to hackers and are sold widely and cheaply in different venues—both in the deep-and open-web.   Stolen credit cards…