endpoint security Archives

endpoint security

Security and Patching Challenge the Industrial Internet| CIO

January 27, 2015 Paul Roberts

The magazine CIO has picked up on a report by the firm National Instruments on some of the key challenges facing the industrial Internet of Things. No surprise: security and management are two of them. National Instruments has an interesting perspective on the topic: it makes equipment that is used by heavy industry (energy, oil and gas, automotive, etc.) to monitor industrial processes. As a result, NI is knee deep in the transformation to “smart” industry powered by autonomous, sensing equipment. The company anticipates big challenges as more and more industrial systems come online. From the article: “As massive networks of systems come online, these systems need to communicate with each other and with the enterprise, often over vast distances…Both the systems and the communications need to be secure, or millions of dollars’ worth of assets are put at risk.” Beyond that, NI notes that companies developing products for the industrial Internet of Things […]

Android in the Coal Mine: Open Source, Patching and Internet of Things

January 14, 2015 Paul Roberts

In brief: Google’s decision not to patch a security hole in versions of Android used by hundreds of millions of consumers is a bad omen for the Internet of Things and will likely push some Android users to alternative versions of the operating system.

With Multi-Vector Attacks, Quality Threat Intelligence Matters

December 23, 2014 Scott Harrell

In the last year, the world’s attention has been riveted by a series of high-profile hacks of major corporations in retail, finance and the entertainment industry, among others. Each of these incidents is unique, involving different threat actors and motives. However, each of these attacks is also a sterling example of what we, at Cisco, term “multi-vector attack” that employs a range of technologies, deployed in numerous stages, to penetrate the defenses of the target organization. Here at Cisco, we have studied these attacks in-depth and have identified some commonalities among these multi-vector attack, and useful approaches to combat them. This blog post will discuss some of our findings. About Multi-Vector Attacks Any cyber attack, large or small is born from a weak link in the security chain. These weak links take many forms: poorly configured Web servers, gullible employees or vulnerable-but-common applications like Microsoft Office, Adobe Reader and Java are common examples. Multi-vector attacks […]

Big Data, Security Drive Dell In Post-PC Future

December 9, 2014 Paul Roberts

If you consider how the Internet of Things is transforming the technology industry, one of the most interesting and thought-provoking areas to pay attention to is what we might consider technology “majors” – firms like HP and IBM and Cisco that made their mark (and their hundreds of billions) serving the needs of an earlier generation of technology consumers. How these established technology firms are pivoting to address the myriad challenges posed by the “Internet of Things” tells us a lot about how the IoT market is likely to shake out for consumers and – more pressingly- the enterprise.

Regin Espionage Tool Active since 2008 | Symantec Connect

November 24, 2014 Paul Roberts

Symantec on Sunday published research describing a new family of malware that it claims has been circulating, quietly, for close to six years. (Gulp!) According to a post on Symantec’s Security Response blog, Regin infections have been observed as far back as 2008, but the malware went quiet after about 2011, only to resurface in 2013 in attacks on a wide range of targets including private and public entities and research institutes. Symantec also observed the malware used in attacks on telecommunications firms and say it appears the malware was being used “to gain access to calls being routed through their infrastructure.” In a separate research paper, Symantec describes the malware, dubbed “Backdoor.Regin” as a multi-staged threat that uses encrypted components – installed in a series of stages – to escape detection. The key the malware’s stealth is compartmentalization, Symantec found: “each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible […]