Government Agencies: Prime Targets for Security Breaches

Published on 11/20/14 03:00PM

Enterprise Security, Vertical Series

Up to now in our series about security in various sectors, we have been covering different types of businesses and the information security and compliance challenges and issues they face. In this post, we examine the security challenges and needs of the public sector.

Because of the array of services that federal, state and local government agencies offer to the public, and the vast amounts of information they gather and share about citizens and businesses—including financial data—these organizations are a likely target for cyber attacks.

The United States federal government is the largest employer in the country and maintains a “massive volume” of data on both its employees and constituents, according to Verizon’s 2014 Data Breach Investigations Report, which looked at security threats in 20 different industries.

Read More

No Big Surprise: Security Lessons Fail to Hit Home

Published on 11/18/14 02:30PM

Enterprise Security

Despite years of data security failures, enterprises fail to heed the many lessons learned.

I wasn’t surprised when the Home Depot breach notification hit my inbox this past weekend. But I knew that rarely only one shoe drops following a breach disclosure of the 56-million-user magnitude Home Depot disclosed earlier.

Here is the second shoe:

 

Today, we are providing an update on the investigation into the breach of our payment data systems. Our investigation to date has determined the hackers stole separate files containing email addresses, in addition to the payment card data we announced in September that may have been compromised.”

Read More

Re-thinking “trust”: Security in software-defined networking

Published on 11/13/14 03:42PM

Virtualization

One of the hottest topics in IT today is software-defined networking, or SDN. SDN separates the control layer for the network from the underlying hardware typically associated with networking functionality. Applications that interact with the network are also separate, and can potentially communicate with the control plane via APIs. The control plane and hardware also communicate with emerging protocols and APIs like OpenFlow. A related concept is Network Functions Virtualization (NFV), where network capabilities like NATing, firewalling and access controls, and intrusion detection are all decoupled from the hardware, as well, usually in a virtual machine or software-based implementation.

If this all sounds confusing, it can be, so here’s the short version - hardware is a commodity, and all network controls and functions are now software somewhere else. That “somewhere else” is where things get interesting, and make for some compelling pros and cons related to security.

Read More

Many SMBs are not in the business of IT, but need cloud more than ever

Published on 11/12/14 01:52PM

SMB Security, Cloud Security

The National Small Business association published a report, the “2013 Small Business Technology Survey”. While it contains interesting information, one particular quote stood-out for me.

 

Not surprising, there was a huge jump in small firms utilizing cloud computing. In 2010, it was just five percent—today, 43 percent are on the cloud.”

Read More

It's 1 a.m. – Do You Know Where Your Data Is?

Published on 11/11/14 03:30PM

Cloud Security

Cloud computing provides us with many benefits. It allows us to scale services quickly in accordance with demand. Cloud computing enables us to deploy new systems, services, and applications rapidly in response to business needs. It also allows us to outsource certain functions to Cloud Service Providers that specialise in those areas allowing our internal IT departments to focus more on key business requirements.

Finally, another benefit cloud computing provides is to transfer the task of securing our data to providers that may have more skills, specialists, and budget to do so.

Read More

4 Things You Should Know Before Running A Botnet

Published on 11/06/14 02:48PM

Enterprise Security

 1) They understand what they are doing

 

Herding a botnet isn’t easy these days. The people doing it understand that it is decidedly illegal to run malicious software on computers that are owned by others. They are professionals; where there’s money, there is dedicated will. Over the years, we have observed that the business of malware has gone from creating nuisance software (almost accidental attacks) to stealthy, sophisticated networks of compromised systems.

Read More

Revisiting the “Goldilocks Zone”: Moving toward the virtual data center

Published on 11/05/14 03:06PM

Service Provider, Virtualization

There is no question that the footprint of today’s data center is rapidly moving toward the virtual. This changes so many things about the way IT operations functions that we must start asking hard questions about security, continuity, and control of our data. Perhaps one of the biggest questions is this - what happens when everything is a file?

All of our virtual server and desktop instances are simply files run by hypervisors.

 

The trend toward Software-Defined Data Centers (sometimes abbreviated SDDC) is moving fast. Increasingly, organizations are implementing Software-Defined-Networks (SDN), systems, and application instances, with less focus on hardware-based tools and standalone software installation.

Read More

A ‘Teachable Moment’ for VARs and MSPs: Security in the Education Sector

Published on 11/04/14 03:36PM

Enterprise Security, BYOD, Vertical Series

The next entry in our ongoing series covering industry-specific security issues is the education sector. Whether it’s higher education or K through 12, education has its own unique set of information security challenges and risks.

As with other industries, managed service providers (MSPs) and value-added resellers (VARs) have a great opportunity to share their expertise on security threats and solutions with clients in education. But they need to have a clear understanding of what technology and security managers in the industry are trying to achieve, and the unique hurdles facing organizations in this environment.

Read More

Don’t let the Internet of Things Catch You by Surprise

Published on 10/30/14 01:13PM

Enterprise Security, BYOD

You can’t turn anywhere without hearing about the Internet of Things. But does all of the hullabaloo we hear about Internet connected automobiles, home thermostats, lighting, refrigerators, and even medical devices mean anything to enterprises, or is the Internet of Things (IoT) a consumer trend?

Does IoT mean anything to enterprises and their ability to produce and innovate in the years ahead? And if they embrace the IoT, what could it mean to privacy and security? It turns out that it probably means more to security than many IT and security professionals are considering.

Read More

Healthcare Industry: In Need of Security Medicine

Published on 10/24/14 01:53PM

Virtualization, Compliance, Vertical Series

As part of an ongoing series, we’re examining the security and compliance needs and challenges in a variety of industries, and the implications for value-added resellers (VARs) and managed services providers (MSPs). In this post, we look at the healthcare sector.

Few industries (financial services being another), have been as scrutinized over data security and privacy issues as healthcare. With the advent of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, hospitals, clinics, private practices, health insurers and others in the industry have had to become super diligent about protecting patient information.

Read More

Subscribe to our newsletter

Bitdefender_Events.png