While security threats continue to evolve, organizations often lack the personnel and financial resources required to protect online systems. Read this service profile white paper to learn how IBM Managed Security Services can help you protect your security investment while reducing the cost and complexity of your security operations. Find out how IBM combines industry-leading tools, technology and expertise with flexible, scalable packaging to meet a broad range of security solution requirements. Request Free! |
Managed Security Services: Helping to Strengthen Your Defenses Through Service Delivery Best Practices
Avoid Microsoft Lync Deployment Pitfalls with A10 Thunder ADC
Distributed Denial-of-Service (DDoS) attacks are a particular danger for Lync installments. Thunder ADC acts as a reverse proxy between clients and Lync front-end servers, ensuring that all connections to servers are initiated from Thunder ADC. In this process, Thunder ADC eliminates potentially crippling DDoS attacks and other network-level threats. Request Free! |
Space Weather Outlook April 27, 2014 at 10:41PM
Third Party Security Vulnerabilities - How Late is Too Late?
NASA Open Source - Cyber Security Applications in Space and on the Ground
NASA has recently released its 2014 Software Catalog, featuring a comprehensive list of software titles available for US Government Only, as well as Public use.
Here is an overview of some of the more interesting titles available. Note that some titles may need to be acquired by contacting NASA directly.
There are multiple publicly available applications in the list which could be tremendously helpful to public and private organizations helping to secure their networks. It is clear to me that NASA is leading the way in the public sector helping to provide resources which can help secure not only other agencies, but private industry as well.
I'd like to give a HUGE shout-out to NASA for releasing all of these great applications!
SAP HANA: Real-Time Analytics for Retailers
This video discusses how HP and SAP HANA can help your retail organization make better use of real time data. Sponsored by: HP and Intel® Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. Request Free! |
Space Weather Outlook April 21, 2014 at 01:33AM
Late Night Coffee with Caffeine Security - 4/18/2014
In case you missed it, here's what was discussed.
Topics include:
- Heartbleed
- Critical Infrastructure Cyber Security Framework
- News of the World Phone Hacking Scandal
- Windows XP End of Life
- Michaels Data Breach
- Additional late-breaking security news
Heartbleed -- What Can You Do To Stay Safe?
The Heartbleed SSL vulnerability is making headlines around the world – and misreporting in the press and online is causing confusion. How can you stay safe and ensue your personal details aren’t leaked? With this free guide you will also receive daily updates on new cool websites and programs in your email for free courtesy of MakeUseOf. Request Free! |
Late Night Coffee with Caffeine Security - Week in Brief 04/18 by CaffSec | Technology Podcasts
Topics include:
- Heartbleed
- Critical Infrastructure Cyber Security Framework
- News of the World Phone Hacking Scandal
- Additional late-breaking security news
Don't miss it, this Friday, 4/18, at 11 PM EDT!
Late Night Coffee with Caffeine Security - Week in Brief 04/18 by CaffSec | Technology Podcasts
DISA Gold Disk FOIA Request Denied
Space Weather Outlook April 13, 2014 at 10:48PM
Heartbleed: How it was introduced, How it was fixed, and What's Vulnerable?
After doing some digging on OpenSSL's GIT repository, I was able to identify the commits which introduced, as well as fixed, this bug.
The bug was originally introduced into OpenSSL's source code on Dec 31, 2011. According to the diff, the heartbeat code was provided by Robin Seggelmann. Robin has already stated that the error was "trivial", but clearly the error had far-reaching consequences.
The bug was fixed with only a few lines of code, as you can see from this commit from April 5, 2014.
On a side note, Robin was also one of the contributors to RFC 6520, which described the TLS heartbeat extension.
If you'd like to see the Heartbleed vulnerability status of popular websites, visit the Github page which is tracking the status of Heartbleed patching.
IRS Needs to Address Control Weaknesses That Place Financial and Taxpayer Data at Risk
The report can be viewed at the GAO website: http://www.gao.gov/products/GAO-14-405
Knowledge is Power
In 2012 Symantec performed more than 1,400 website vulnerability scans each day. More than half the websites scanned were found to have unpatched, potentially exploitable vulnerabilities. Of the vulnerable sites, a quarter were actually infected with malware that could infect visitors and lead to the sites being blacklisted by search engines. These figures show that millions of legitimate websites are at risk from serious attack and exploitation by internet criminals every day. And yet, a third of companies surveyed by Symantec in ‘The Vulnerability Knowledge Gap', said that they assume their websites are very secure even though they didn't actually scan their sites for vulnerabilities or infections. Request Free! |
The Power to Destroy: How Malware Works
However, with the number of web-attacks blocked per day rising from 190,370 to 247,350 between 2011 and 2012, it's vital for businesses to understand the part their website plays in the distribution of malware to clients, customers and the wider online community. Malware takes many different forms. It can log keystrokes, lead to data breaches, lock down hardware and use infected systems to spread malware to other victims. As a website owner it's your responsibility to not only protect your business and customers, but the safety of the Internet too. Consider the impact to your business and brand if you were the source of infection. Request Free! |
Space Weather Outlook April 06, 2014 at 11:04PM
A look at Early Coded Messages - Sing a Song of Sixpence
Two Great Ways to Protect Virtual Machines From Malware
This paper aims to help IT professionals, including security and virtualization specialists, understand and choose between two modern approaches to securing virtual environments: agentless scanning using vShield Endpoint and client-based scanning optimized for virtual platforms. Request Free! |
Advanced Persistent Threats: Detection, Protection and Prevention
Many papers on the topic of Advanced Persistent Threats (APTs) begin with ominous references to the changing threat landscape and stories of how highly sophisticated cyber attacks are becoming more prevalent. That can be misleading. The majority of attacks today still use many techniques that have been around for years—social engineering, phishing emails, backdoor exploits and drive-by downloads, to name the biggest ones. Download this paper to get an overview of the common characteristics of APTs, how they typically work, and how Sophos complete security solution can protect your network, servers and end user clients. Request Free! |
Managing BitLocker with SafeGuard Enterprise
However, to support the flexibility of your workers today, full-disk encryption is not enough to prevent data loss. Your users are no longer confined to the office by their technology and their PCs, and work has become a thing people do rather than a place they go to. This white paper explains how Sophos SafeGuard Enterprise secures your data wherever it's stored; and how it allows you to support diverse platforms and encryption products including BitLocker. Request Free! |
Protecting Your Roaming Workforce With Cloud-Based Security
IT organizations need to keep up with these high-performers to update their security software and scan their systems for viruses without reducing their productivity. So how can you empower remote and roaming employees with the tools they need, while still protecting your computing resources and proprietary data—without busting the budget or hiring an army of security specialists? This paper looks at the security challenges posed by employees working beyond the company's secure perimeter, and proposes a transition to a cloud-based security service. Request Free! |
Mobile Device Management Buyers Guide
By using an MDM solution to control and protect the data and configuration settings on users' mobile devices, you can reduce support costs and security risks. Download this guide and learn how complete mobile security and device management can be achieved from a simple web-based console. Request Free! |
A Manager's Guide to Unified Threat Management and Next-Gen Firewalls
The concept of Unified Threat Management is very appealing: multiple critical security technologies, integrated on a single platform, provided by a single vendor. But the process of evaluating UTM options is not simple. This guide covers the key factors you should consider when evaluating UTM and Next-Gen Firewall solutions. Request Free! |
Five Stages of a Web Malware Attack
This paper will explain the advanced techniques hackers use to infect web users and steal data or money, and how most web security products are failing. Most importantly, you will get insight into the layers of protection needed, and a checklist for evaluating your policies and the security capabilities of your web protection solution. Request Free! |
Who's Snooping on Your Email?
This white paper helps you navigate today's threats to email security. We'll explain the obstacles to compliance, and show you why you need a secure email gateway that offers more than just encryption. Request Free! |