Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
I was at a customer event recently and was party to a discussion on the ‘disappointment’ or disillusionment in deploying Data Loss Prevention and comments like ‘well, it just doesn’t do what it’s supposed to do’ or ‘it’s too tricky to deploy’. Well, the truth is DLP technology is not something that comes off the shelf in a one size fits all package. Here are the things DLP is not going to do for you:
The fallout from the news of the Global Payments breach may be just subsiding, but one thing can already be said – this probably isn’t the last processor that will be breached.
Mystery shopper scams are nothing new, but I now have the experience of being personally targeted by one. From my research, most of these scams are carried out in a “pull method,” whereby ads are placed in classified sections asking for applicants for a part time job. I was targeted by someone using the “push method,” whereby a live (fraudulent) check was mailed to me in a haphazardly stuffed envelope with an official looking letter and survey form.
When the House Republican Cybersecurity Task Force released its recommendations last October, U.S. Representative Mac Thornberry (R-TX), the Chairman of the Task Force said that the time had come for the U.S. Congress to act on cyber security legislation. In a blog post on October 11th, 2011, he stated: “We simply cannot allow legislative gridlock to continue on this issue. And we cannot let the quest for the perfect cyber bill prevent a good one from passing.”
Intel recently announced the Intel Xeon Processor Series that helps enable comprehensive and verifiable security and compliance in cloud environments. With these technologies Intel is providing a foundation to make cloud deployments suitable for increasingly sensitive workloads.
Last week my colleague Matthew Gardiner and I, along with Kim Cameron of Microsoft and Edwin van der Wal of Everett Consulting, presented a panel on “Security Intelligence and IAM” at the European Identity and Cloud Conference in Münich. Prompted by questions from our moderator, Dr. Horst Walther, we had a lively discussion about the [...]
Discussion and buzz about the burgeoning Fraud-as-a-Service (FaaS) trend in the cybercrime economy is as constant and as progressive as it gets. New FaaS offerings are only limited to the imagination of the dubious actors who offer them, and as such, are often creative and interesting in the ways by which they can make perpetrating fraud easier and more accessible to a growing number of criminals.
Some of the discussions we are having over here are brain-wrinklers! I was speaking with some colleagues yesterday about the security implications of big data. Typically I would group them into two separate ares: 1) Using big data as an enabler for predictive security analytics (i.e., deriving security information powered by analytics across big data) 2) Securing the output of big data analytics on the business side (and possibly in infosec too).
Sensitive information is sometimes like a loaded weapon someone might randomly stumble upon in a park. For those that have some kind of training with weapons, you can probably think of a dozen things you would and wouldn’t do if you were in this situation. But what if you had never seen this kind of weapon before? Would it become a paperweight on your desk? Maybe a doorstop? Or in an extreme case, earrings? Maybe you see peers treating these weapons the same way and all the sudden it becomes acceptable. Until one goes off.
Proving that physical and virtual infrastructure of the cloud can be trusted can be prohibitively difficult, especially when it comes to cloud services from external service providers. Verifying secure conditions in the foundations of the cloud is important for a simple reason: If organizations can’t trust the safety of their computing infrastructure, the security of all the information, applications and services running on top of that falls into doubt.
