This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

5 Essential Restore Capabilities for Google Apps Backup

The following is external content provided as a free resource for blog readers.





If you lose data in Google Apps, how quickly can you get it back? Many administrators are surprised to find it's harder than they think. In this free white paper, you'll learn:

  • The difference between restore and recovery

  • The benefits of rapid, easy-to-use data restoration in Google Apps

  • What to look for in a backup solution


Data loss happens, even in cloud applications like Google Apps. Learn how to always be prepared for it so you can keep your business on track.



Request Free!

Top 3 Reasons to Give Insiders a Unified Identity

The following is external content provided as a free resource for blog readers.





In this report, you learn the eight most significant cybersecurity threats that could impact your organization (at any time), Forbes cited internal threats as No. 3, noting that internal attacks can be “the most devastating” due to the amount of damage privileged users can inflict and the type of data they can access.



Request Free!

Three Important Reasons for Privileged Access Management (and One Surprising Benefit)

The following is external content provided as a free resource for blog readers.





Download the white paper: Three Important Reasons for Privileged Access Management (and One Surprising Benefit). You'll discover how a privilege access management solution can ensure:

  • Comprehensive compliance such as the Sarbanes-Oxley Act for responsible governance.

  • Ensure business integrity and responsible business processes.

  • Tackle security risks, both inside and outside the organization.

  • Realize bottom-line IT cost benefits.






Request Free!

Privileged User Activity Auditing: The Missing Link for Enterprise Compliance and Security

The following is external content provided as a free resource for blog readers.





This white paper covers how to solve the security, compliance, and third party access challenges organizations face when auditing and monitoring UNIX, Linux and Windows systems; and why traditional approaches like log rollup tools alone will fail to meet requirements of today's demanding IT environment.



Request Free!

Close the Window on Three Window Server Threat Scenarios

The following is external content provided as a free resource for blog readers.





Companies and government agencies are looking for solutions to mitigate the risks these threats present. This white paper details three common Windows Server threat scenarios and explains the way that they can be neutralized. By following the guidelines in this white paper, organizations can guard against inside and outside threats, protect their Windows Server infrastructure and sensitive data, and meet relevant regulatory requirements.



Centrify Server Suite provides organizations with the control they need to thwart these threats. It protects their Windows Server environments by:

  • Granting users just enough privilege to accomplish their business objectives, enabling secure management of Windows services.

  • Making shared accounts in Active Directory accountable by associating the use of a shared account with the actual user.

  • Protecting PCI data from domain admins by enforcing a segregation or separation of duties.


By taking these steps, organizations can manage their identity-related risk posture and significantly improve their ability to cost-effectively address regulatory mandates, making compliance a repeatable and sustainable part of their business.



Request Free!

InfoSphere Guardium Vulnerability Assessment

The following is external content provided as a free resource for blog readers.





IBM® InfoSphere® Guardium® Vulnerability Assessment scans database infrastructures to detect vulnerabilities, and suggests remedial actions. The solution identifies exposures such as missing patches, weak passwords, unauthorized changes, misconfigured privileges and other vulnerabilities.



Request Free!

The Essentials of IT Security - Free Kit

The following is external content provided as a free resource for blog readers.





The Essentials of IT Security, brings together the latest in information, coverage of important developments, and expert commentary to help with your IT Security related decisions.



The following kit contents will help you get the most out of your IT Security research:

  • Protecting Users From Firesheep and Sidejacking Attacks with SSL

  • Symantec's Online Security Predictions for 2015 and Beyond: Asia Pacific and Japan

  • Defending Against Network Based DDoS Attacks

  • Defend Web Properties From Modern Threats With Citrix NetScaler






Request Free!

Email Security As A Service

The following is external content provided as a free resource for blog readers.





Email Security as a Service from Apptix provides a multilayered, modular, Cloud-based security framework that delivers comprehensive data security at a fraction of the cost. Using a lower OPEX-based software delivery and consumption model, Apptix can securely migrate, operate, and protect your applications and data within our private cloud environment.



Request Free!

Space Weather Outlook January 25, 2015 at 08:18PM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #15-4 2015 January 25 at 6:05 p.m. MST (2015 January 26 0105 UTC) **** SPACE WEATHER OUTLOOK **** Summary For January 19-25 An R1 (Minor) radio blackout was observed on 22 January. No S1 (minor) or greater solar radiation storms were observed. No G1 (minor) or greater geomagnetic storms were observed. Outlook For January 26-February 1 There is a chance for R1 (minor) radio blackouts and a slight chance for an S1 (minor) solar radiation storm through 01 February There is a slight chance for G1 (minor) geomagnetic storms after 29 January through 01 February. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

Increasing School Security with Access Control

The following is external content provided as a free resource for blog readers.






When parents send their children to school, they expect that their little ones will receive an education, be taken care of, and, most importantly, be safe. In fact, most parents expect safety at school over everything else. After all, at the end of the day, they don’t ask their children “How safe did you feel at school today?” but rather “How was English class today?"






Request Free!

Increasing School Security and Keeping Students Safe

The following is external content provided as a free resource for blog readers.






When parents send their children to school, they expect that their little ones will receive an education, be taken care of, and, most importantly, be safe. In fact, most parents expect safety at school over everything else. After all, at the end of the day, they don’t ask their children “How safe did you feel at school today?” but rather “How was English class today?"






Request Free!

Why the Threat of Downtime Should Be Keeping You Up at Night

The following is external content provided as a free resource for blog readers.





Security systems only provide protection if they are up and running. If video monitoring systems, access control, or other building security systems go down, it can be costly and dangerous. Learn how to protect your security systems and keep them running 24/7/365.



Get this informative white paper to learn all about:

  • The degrees of availability

  • The exact risks of server downtime

  • The less obvious costs you can incur

  • Differences in availability solutions that can protect your organization






Request Free!

Identity And Access Management as a Service

The following is external content provided as a free resource for blog readers.





Organizations are facing a unique combination of market pressures including a heightened urgency for IT departments to do more with less while helping the business remain agile enough to take advantage of market opportunities. Meanwhile, security concerns abound with growing and increasingly diverse sets of users, applications and access methods. The question facing many is, “How do we keep our business responsive while also minimizing security risk?”



Request Free!

Why Strong Authentication Is a Must for All Users

The following is external content provided as a free resource for blog readers.





The IT department can no longer firmly establish a network perimeter and rely on simple username and password credentials for security. There are more users, more information and more points of entry to safeguard. With critical data and applications online, strong authentication for every user is essential to protect and enable business.



Request Free!

Defending Against Advanced Persistent Threats: Strategies for a New Era of Attacks

The following is external content provided as a free resource for blog readers.





The traditional dangers IT security teams have been facing – and overcoming – for years are being replaced by a far more hazardous, insidious form of attack: the Advanced Persistent Threat (APT).



Request Free!

Determining Eligibility using Business Rules

The following is external content provided as a free resource for blog readers.






Across industries and departments, organizations make thousands of recurring decisions a day, many of which affect eligibility determination. Failure to manage these decisions effectively and accurately can result in fraud, risk or abuse; delayed benefits to citizens, customers and patients; and revenue loss.






Request Free!

Why Did eBay Select Progress Corticon?

The following is external content provided as a free resource for blog readers.






Customers trust eBay.com because it's a safe place to do business. To ensure that buyers get what they paid for, eBay may temporarily withhold payment from certain sellers for certain transactions until the purchased item arrives on time and in the promised condition. Using the Progress® Corticon® rules engine for each transaction, eBay rapidly evaluates thousands of business rules to determine if and how much to withhold, which ensures a smooth customer experience.






Request Free!

Evaluating The Cost of A DDoS Attack

The following is external content provided as a free resource for blog readers.






The average DDoS outage costs upwards of $882,000 in lost revenue and resources and the downtime can last from several minutes to several hours.


Take a few minutes to read this whitepaper, evaluate the potential risk and the potential cost a DDoS attack will have on your business and gain key tips on how to mitigate both.






Request Free!

Understanding And Mitigating DNS DDoS Attacks

The following is external content provided as a free resource for blog readers.






By overwhelming your DNS infrastructure, malicious attackers can impair your website, tarnish your company’s reputation, and impact your bottom line. So what are your company’s risks and how can you mitigate them? Read this whitepaper and learn:



  • How DDoS preparedness can protect your revenue and retain your customers

  • How to identify a DDoS attack

  • What monitoring tools are available to help you mitigate your company’s risks






Request Free!

Spoofing Server-Server Communication: How You Can Prevent It

The following is external content provided as a free resource for blog readers.





Learn how to prevent the new SSL Strip threat that could compromise your secure applications. In this must read white paper, “Spoofing Server-Server Communication: How You Can Prevent it,” written by security analyst Larry Seltzer, you will learn about the new advances in attacks that exploit weaknesses of generic SSL to compromise server-server communication and how you can help prevent it.



Request Free!

Managing SSL Certificates with Ease

The following is external content provided as a free resource for blog readers.





With the standardization to 2048-bit SSL certificates, website owners can be even more confident about the protection of their online data communications. Yet even enterprises using this higher level of security still face serious threats. One key reason for this risk: poor SSL certificate management.



This white paper will present the lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, why poor management is potentially dangerous to the enterprise, and how the right SSL certificate management tool can help enterprises keep track of and manage SSL certificates more effectively.



Request Free!

Learn Why NSS Labs Recommends NetScaler AppFirewall

The following is external content provided as a free resource for blog readers.





Join Mike Spanbauer, VP of Research from NSS Labs, and Marissa Schmidt and Anoop Reddy from Citrix, to learn how NetScaler AppFirewall:

  • Achieved an overall block rate of 99.8% and $1.93 TCO per protected Connection per Second in the NSS Labs WAF Report

  • Provides protection against DDoS and application layer attacks

  • Reduces business risk as security automation, enhanced usability and improved performance increase customer utilization and retention rates


Learn how NetScaler AppFirewall can protect your critical web apps!



Speakers: Mike Spanbauer, VP of Research NSS Labs; Marissa Schmidt, Director, Product Management, Citrix; Anoop Reddy, Citrix



Request Free!

Space Weather Outlook January 18, 2015 at 11:48PM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #15-3 2015 January 18 at 9:36 p.m. MST (2015 January 19 0436 UTC) **** SPACE WEATHER OUTLOOK **** Summary For January 12-18 R1 (Minor) radio blackouts were observed on 13 and 14 January due to flare activity from active Region 2257. An R2 (Moderate) radio blackout was observed on 13 January, also due to flare activity from active Region 2257. Outlook For January 19-25 A chance for R1-R2 (Minor-Moderate) radio blackouts exists from 23-25 January due to potential flare activity from the return of old Region 2253. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

Code Signing Best Practice Guide

The following is external content provided as a free resource for blog readers.





Learn about the many ways in which code-signing certificates are being used to create more secure, more trustworthy, and more accepted software in a variety of different scenarios.



Request Free!

A Quick Guide to SSL for Apps

The following is external content provided as a free resource for blog readers.





The most significant challenge facing the SSL ecosystem is its implementation. Researchers have recently published reports indicating widespread errors & shortcomings in the implementation of SSL/TLS in mobile applications. These issues often result from flawed use of SDKs or APIs used by developers.



Request Free!

Choosing the Right Security Solution: Moving Beyond SSL to Establish Trust

The following is external content provided as a free resource for blog readers.





Learn how online businesses can instill trust and confidence in their web sites, protect valuable brands, and safeguard customers' sensitive information. It is critical to choose e-commerce security solutions that continually evolve and extend to address a range of ever-changing needs. SSL-based security platforms with solid track records of meeting new challenges are the best way to defend, and future proof, e-commerce environments against a growing and dynamic Internet threat environment.



Request Free!

Internet Trust Marks: Building Confidence and Profit Online

The following is external content provided as a free resource for blog readers.





However, having the right website security solution in place is not enough by itself to turn the tide. Online merchants need to advertise their investments in website security and the commitment to their customer's protection. As proven time and again, trust marks are one of the best ways to convey the notion of site security and establish peace of mind with would-be consumers.



This paper examines how recent trends in Internet trust marks can help restore confidence in online shopping, and as concluded by at least one recent study, even induce those who do shop to spend more.



Request Free!

Uncover Threats in SSL Traffic: The Ultimate Guide to SSL Inspection

The following is external content provided as a free resource for blog readers.





To stop cyber attacks, organizations must gain insight into encrypted data, and to do this, they need a dedicated security platform that can decrypt inbound and outbound SSL traffic. This paper describes five features that organizations should consider when evaluating SSL inspection platforms, enabling IT security teams to rapidly define evaluation criteria and avoid common deployment pitfalls.



Request Free!

Web Application Security for Dummies

The following is external content provided as a free resource for blog readers.





Web applications have become the Achilles heel of IT security. Web application vulnerabilities are now the most prevalent at more than 55 per cent of all server vulnerability disclosures. This figure doesn't include vulnerabilities in custom-developed web applications, so it may be just the tip of the iceberg. This eBook is all about understanding how to quickly find and fix vulnerabilities in web applications. The goal is to prevent attackers from gaining control over the application and obtaining easy access to the server, database, and other back-end IT resources.



Request Free!

SANS Survey on Application Security Programs and Practices

The following is external content provided as a free resource for blog readers.





Organizations are continuing to invest more in application security. Last year more than one-third of those surveyed did not have an Appsec program in place. More than 80% have formal programs in place, and most of these organizations are doing something about Appsec now or are planning to implement a program in the coming year. More organizations will spend more on application security next year (more than 58% plan to increase spending in the next 12 months).



So far, however, most of these programs are not proving to be effective.



Organizations continue to rely heavily on looking for security vulnerabilities after the fact (using black box dynamic testing and vulnerability scanning tools and services, as well as pen testing) and blocking these vulnerabilities with application firewalls and intrusion prevention systems. The good news is that organizations are taking advantage of better tools and online services to test their applications for security vulnerabilities much more frequently, even testing continuously, which could dramatically shorten vulnerability windows—if developers can fix the bugs when they are found.



The bad news is that organizations are not attacking the root cause of application security problems. Download this paper to learn more.



Request Free!

State of Cybersecurity in Health Care Organizations

The following is external content provided as a free resource for blog readers.





Health Care is often considered a lucrative business for those involved in waste, fraud and abuse. Today's ever-accelerating technology changes make data related to health care, medical and financial issues even more attractive to cybercriminals who sell medical identities and siphon money from stolen financial records. Risks are exponentially increased because of organizations' reliance on electronic systems for mission-critical functions.



This survey also reveals new risks created by the increasing reliance on mobility for delivery of health care information.



Based on this survey's results, the health care industry is slowly improving, with better awareness of risk and improved commitment of resources and support.



Download this paper to learn more.



Request Free!

Denial of Service Use Case for Predicting Outages Before They Occur

The following is external content provided as a free resource for blog readers.





This demo shows how IBM SmartCloud Analytics - Predictive Insights prevents a Denial of Service Attack on the network.



Request Free!

Three Ways Companies Can Avoid DDoS Attacks

The following is external content provided as a free resource for blog readers.






In this 15-minute webinar, Dyn Principal Architect Andrew Sullivan gives a quick-hit overview of DDoS attacks and three tips on how companies can help plan ahead before getting hit.






Request Free!

Proven Practices for Securing Your Website Against DDoS Attacks

The following is external content provided as a free resource for blog readers.






Join subject matter experts Kevin Beaver, author of Hacking For Dummies and Andrew Sullivan, Director of Architecture at Dyn, for a discussion on vulnerabilities of web environments and why simply jumping on the cloud provider bandwagon won’t prevent DDoS attacks. Watch it now on-demand!






Request Free!

Space Weather Outlook January 12, 2015 at 12:27AM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #15-2 2015 January 11 at 10:15 p.m. MST (2015 January 12 0515 UTC) **** SPACE WEATHER OUTLOOK **** Summary For January 5-11 G1 (Minor) geomagnetic storming was observed on 05 January due to coronal hole high speed stream activity. G2 (Moderate) to G3 (Strong) geomagnetic storming was observed on 07 January due to activity possibly associated with a co-rotating interaction region coupled with a coronal mass ejection. Outlook For January 12-18 A chance exists for R1-R2 (Minor-Moderate) radio blackouts for the forecast period due to potential flare activity from Regions 2255 or 2257 along with the return of old Region 2249. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

New Book in Progress - The Cyber Game: Redefining the World of Information Security

Today I've started a new project. This long-term project will be my own book on Information Security, its origins, basics, and how we can redefine the approach to today's InfoSec problems.

As a teaser, below is the introduction to this great new project!

Introduction


While most attribute the Morris Worm of 1988 as the first “cyber attack”, the history of Information Security goes back much further.

In 1903, a physicist named John Ambrose Fleming was preparing to demonstrate to the Royal Institution in London a “secure” wireless telegraph system developed by Italian radio pioneer Guglielmo Marconi. This system was designed to transmit over 300 miles, and Marconi claimed he could “tune [his] instruments so that no other instrument that is not similarly tuned can tap [his] messages”. The “tuning” of course was based upon the same radio frequency principles which allow modern-day radio waves to transmit music to your car stereo.

Shortly before Marconi transmitted his message from Cornwall approximately 300 miles away, another signal was received by the equipment being set up by Fleming. This transmission was strong that it caused the projection lamp to flicker as a message was sent in Morse Code. At first the message was only one word repeated, “RATS”. The message eventually evolved into numerous insults directed towards Marconi, effectively accusing him of tricking the audience into thinking the system was secure.

Several days later, it was revealed that the Eastern Telegraph Company had hired a magician named Nevil Maskelyne to reveal the security holes in Marconi’s system, not only for the public good, but to protect the wired telegraph industry from the potential impact on their business.

Marconi’s system was indeed far from secure. The wireless telegraph transmitted and received without any authentication or encryption, allowing third parties to intercept and interfere with transmissions. The biggest flaw in Marconi’s approach was that he never accounted for the fact that an attacker could use an untuned broadband receiver or transmitter to interfere with his frequency tuned equipment.

Today’s information systems, much like Marconi’s wireless telegraph, must “expect the unexpected” in order to be secure from attack. With cyber crime costing worldwide approximately $445 billion per year, information security simply cannot be ignored.


References:
Marks, Paul. "Dot-dash-diss: The Gentleman Hacker's 1903 Lulz." NewScientist. 27 Dec. 2011. Web. 10 Jan. 2015. <http://www.newscientist.com/article/mg21228440.700-dotdashdiss-the-gentleman-hackers-1903-lulz.html>.

"The History of Cyber Attacks - a Timeline." NATO Review Magazine. Web. 10 Jan. 2015. <http://www.nato.int/docu/review/2013/cyber/timeline/EN/index.htm>.

Sandle, Paul. "Cyber Crime Costs Global Economy $445 Billion a Year: Report." Reuters. Ed. Pravin Char. Thomson Reuters, 9 June 2014. Web. 10 Jan. 2015. <http://www.reuters.com/article/2014/06/09/us-cybersecurity-mcafee-csis-idUSKBN0EK0SV20140609>.

10 Things Your Next Firewall Must Do

The following is external content provided as a free resource for blog readers.





In this free booklet, you'll find insightful and practical advice on:

  • The why and how of next-generation security

  • 10 critical functions your network security and your firewall must do

  • How to turn security into a business enabler


It's time to shift the power away from cyber criminals and back to your teams. Download this booklet and start the transition towards better, simpler, easier security.



Request Free!

Cybersecurity for Dummies eBook

The following is external content provided as a free resource for blog readers.





Controlling these threats requires multiple security disciplines working together in context. While no single solution will solve the problem of advanced threats on its own, next-generation security provides the unique visibility and control of, and the true integration of, threat-prevention disciplines needed to find and stop these threats — both known and unknown.



Request Free!

Symantec's Online Security Predictions for 2015 and Beyond: Asia Pacific and Japan

The following is external content provided as a free resource for blog readers.





All indications are that 2015 will bring more of the same, with the struggle between those wishing to create new threats and exploit vulnerabilities and those looking to protect against them likely to intensify. Advancements in the Internet of Things also means consumers will have increased connectivity across their devices, gadgets and machines – and with this connectivity comes the potential for a whole new range of security risks.



Will the Internet of Things usher in a new wave of security attacks? As countries move towards their smart nation master plans, what role will Big Data play? What's next in the mobile security space?



Symantec's APJ security predictions for 2015 takes a look at issues that will affect individual consumers, businesses and governments in the region.



Request Free!

Mission Critical

The following is external content provided as a free resource for blog readers.





This includes rising energy cost, increasing heat loads, emergency backup solutions, security, cable management, virtualization and disaster recovery.



Request Free!

Space Weather Outlook January 04, 2015 at 08:33PM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #15-1 2015 January 4 at 6:20 p.m. MST (2015 January 5 0120 UTC) **** SPACE WEATHER OUTLOOK **** Summary For December 29-January 4 G1 (minor) geomagnetic storm levels were reached on 29 December 2014 and again on 03 and 04 January 2015. This was due to prolonged periods of southward interplanetary magnetic field Bz associated with high speed solar winds from a pair of negative polarity coronal holes. R1 (minor) radio blackouts were observed on 03 and 04 January 2015 due to flare activity from active Region 2253. Outlook For January 5-11 G1 (minor) geomagnetic storm levels are expected on 05 January 2015 due to high speed solar winds from a negative polarity coronal hole. R1 (minor) radio blackouts are expected through the outlook period due to continued flare activity from Region 2253 and the return of old active Regions 2241 (S08, L=218) and 2242 (S18, L=240). Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.