Recent Posts

Are You Creating A Culture of Security?

Here at The Security Ledger, we’ve written often about the barriers to improving the security practices of software development organizations. It is simple enough to say things like “we have to teach people to write code that is secure. But to actually accomplish that across the myriad of companies that do software development is akin to boiling the ocean. Still, it is a far more manageable problem at the level of a single organization. In fact: it is quite do-able. How? That’s the subject of a Google Hangout Security Ledger is doing this afternoon in conjunction with Veracode. The topic: creating a culture of security within your organization.  In the hangout, I will be speaking with Veracode’s Chris Eng and Greg Nicastro about how Veracode, itself, built its secure development culture from the ground up. This is going to be a great discussion. Greg is the Executive Vice President of […]

Continue Reading

Wearable Cameras Birth A New Biometric

  Wearable technology is a burgeoning category, and products like Google Glass and smart watches are just the beginning. As with mobile phones, on-board cameras are sure to be de rigueur. But, as this article over at The Verge notes, those cameras will present new challenges (for privacy) and new opportunities (for security). Specifically: cameras coupled with your body seem to create new kinds of opportunities to uniquely identify you. One example: gait biometrics. The Verge notes recent research published by Professor Shmuel Peleg and Yedid Hoshen of the Hebrew University of Jerusalem. Those researchers created a way to identify first-person filmmakers based on the signature wobble of their cameras. The identity of the user can be determined “quite reliably from a few seconds of video,” the researchers write in their paper. [Interested in biometrics and wearables? Check out our article “Are Wearables the Future of Authentication?“] “The idea of distinguishing one person from […]

Continue Reading

Intel’s New IoT Platform Emphasizes Security

Intel unveiled a new Internet of Things platform this week dubbed (surprisingly enough) the “Intel IoT Platform.” The goal is to provide a unified platform for connecting diverse and distributed connected things. Given Intel’s big investment in security with the purchase of McAfee, its no surprise that security is a big part of the “value add” for the IoT platform. Intel says that its IoT platform promotes interoperability of network, operational technology and information technologies. The IoT Platform envisions  Intel Quark™ to Intel Xeon, and Intel-based devices, gateways, and datacenter solutions with hardware-based root of trust. With hardware enabled identity and secure boot features, Intel believes that you can eliminate a wide range of malicious attacks and compromises. Intel’s IoT Gateway devices are based on its 2009 acquisition of WindRiver. They also wrap security intelligence from Intel’s acquisition of McAfee.  Specifically, Intel has embedded anomaly and intrusion detection and prevention capabilities in […]

Continue Reading

The Moral of Sony: Ignoring Cyber Risk Can Be Fatal

  Mark Anderson over at IEEE Spectrum has a nice article today on “How Not To Be Sony Pictures.” His argument: corporations can no longer afford to be cavalier about cyber security. Accordingly: they need to do much more than simply spot threats. “Any organization that thinks cybersecurity is as simple as installing and regularly updating their anti-virus software risks similar nightmare scenarios as what Sony Pictures now stares down.”  – Mark Anderson, IEEE Spectrum. Anderson notes this blog post, by Fengmin Gong, the chief strategy officer and co-founder of Cyphort Security. Gong argues that the sheer scale and complexity of connected devices requires a new attitude towards protecting critical data and assets. “The new approach today that people have shifts away from prevention — which everyone knows is not achievable — to a focus on attack sequence and consequence,” Gong writes. What does that mean? Gong and Anderson are […]

Continue Reading

Five Steps to Secure Internet of Things | Network World

Colin Neagle over at Networkworld has a nice piece that takes provides some common-sense advice for enterprises that are worried about their exposure to the Internet of Things. As Neagle notes: surveys of IT leaders (albeit industry-sponsored surveys) suggest that businesses are anxious to embrace Internet of Things technologies that improve the productivity of workers. But they may be underestimating (or entirely overlooking) the security and privacy risks that go along with that adoption. Neagle notes the recent TripWire survey that suggested 63% of C-level executives said they were likely to adopt the IoT to increase productivity and efficiency, while just 27% reported being “very concerned” about the security risks. His advice: don’t underestimate the risk posed by Internet of Things products. Also: make sure that IT operations is pulled into the discussion of any new IoT technology deployment. Read more via 5 ways to prepare for Internet of Things security […]

Continue Reading
1 286 287 288 289 290 396