Headlines about “advanced persistent threats” and targeted attacks have organizations of all sizes concerned. Barely a week goes by without news of a new, stealthy campaign targeting executives, government leaders or platforms used by prominent organizations. But while APT-style and targeted attacks may have the attention of the boardroom, organizations still face a Herculean task determining when an attack they’ve detected is targeted, and when it is merely indiscriminate. To help answer that question, I “hung out” with two experts in detecting and analyzing malicious threats to enterprises. Anup Ghosh is the CEO and co-founder of Invincea, which makes malware detection tools that isolate threats on endpoints. Matt Hartley is the Senior Director, Intelligence Lab Services at iSIGHT Partners, a cyber threat intelligence firm. Both told me that, while targeted attacks are on the rise, awareness about them is also at an all time high. That can, sometimes, result in organizations […]
Products
BitSight: A Equifax For Security Risk?
I’ve opined in these pages and elsewhere that one of the big problems in the IT security space is the absence of actionable data. After all, problems like denial of service attacks, network compromises and inadvertent data leaks are all just risks that organizations and individuals must grapple with in our increasingly wired world. True – they’re new kinds of risks, but otherwise they’re not fundamentally different from problems like auto accidents, property crime or illness – things that we do a good job accounting for. The difference, as I see it, is an absence of accepted and independent means of assessing the relative security posture of any organization. IT security is still so much dark magic: we rely on organizations to tell us about how secure they are. Organizations, in turn, rely on a complex and patchy network of security monitoring and detection tools, then try to read the […]
Insecure At Any Speed: Are Automakers Failing The Software Crash Test?
Editor’s Note: You can view the rest of my conversation about application and supply chain security, featuring Joshua Corman of Akamai and Chris Wysopal of Veracode by visiting Veracode’s web site. – PFR You’re in the market for a new car, and you’ve made a list of the features you want: a cool, tablet style interface for the audio and navigation system, side impact airbags for the front and rear compartment, a pop-up third row of seating. Heck, maybe you even want to hold out for the automatic seat temperature control that some Lexus cars now come with. While you’re at it, how about some secure software, too? That last item probably isn’t on most buyers’ check list today, but it may be soon, according to two, prominent security experts: Chris Wysopal, of Veracode, and Joshua Corman of Akamai. Speaking on Talking Code, an exclusive video hosted by The Security Ledger […]
Podcast: Made In China, Secured In The U.S.
We’ve written a lot about the threat posed by nation-state sponsored hackers to U.S. corporations and the economy. So-called “advanced persistent threat” (or APT) style attacks against corporate and government networks have been linked to the theft of sensitive data and intellectual property. Difficult as it is to stop APT attacks against networks, it’s even more challenging to identify threats one-step removed from direct attacks. Lately, attention has shifted to vulnerabilities in the supply chain of companies selling networking gear, servers and other critical IT components. Concerns about corrupted products from foreign suppliers were enough to prompt the U.S. Congress to hold hearings focused on the threat posed to government agencies by Chinese networking equipment makers like Huawei and ZTE. In this week’s podcast, The Security Ledger talks with Jerry Caponera, of Cyberpoint International. Cyberpoint is a Baltimore, Maryland firm that sells Prescient, a service that verifies where true vulnerabilities exist […]
The Stylish Sensor: Canary Poised To Take Flight
We’re still in the early days of the fast-emerging Internet of Things, but we can already identify some areas where inexpensive, remote sensors and other IP-enabled stuff will be transformative. Entertainment is one – and we’re already seeing the emergence of “smart TVs” that upset traditional boundaries between personal computing devices and viewing devices. Another market that’s being shaken is the one for home security systems. Anyone who has visited an electronics store or discount warehouse has seen packages of inexpensive, wi-fi enabled cameras that can be used to monitor the goings-on in and about your home “Scarface style.” Those DIY systems pose a threat to firms like ADT, GE and Tyco, which have been selling home security systems and monitoring services for decades. But you’re really setting the “paranoia” bar pretty high if you want to ask someone to install all those cameras, wire them up and then monitor […]
