Tag: trends

Cyber Security and IoT: Fundamentals Matter

I really struggled to come up with a clever analogy to start this post. In doing so I realized that this exercise was itself, the exact problem I was trying to describe. So much conversation about cyber security, especially cyber security for the Internet of Things (IoT), focuses on the sexy, the complicated, the one-in-a-million. In doing so, we ignore the most common threats and basic attacks. I would like to argue that if we are to effectively defend ourselves in this new IoT world, we cannot ignore the fundamentals of security. But let’s be honest: the basics are boring. I know that. Many of the practices that are most important are also the ones we’ve heard about before. As we look at them: there isn’t anything new there. That’s true – but I take that as proof that they are sound practices, worthy of keeping top-of-mind, rather than old knowledge that can be discarded. Here’s […]

Continue Reading

Has the IoT Standards Train Already Left the Station?

The Harvard Business Review has an interesting blog post from last week that looks at the effort to develop standards and promote RFID (Radio Frequency ID), a kind of Ur-technology for our current Internet of Things. Writing on the HBR blog, Thomas Davenport and Sanjay Sarma note that the effort to develop RFID standards, led by MIT’s Auto-ID Labs, provides a possible model for the development of cross-vendor standards for the Internet of Things. However, the authors caution that it may already be too late to achieve consensus on standards to govern Internet of Things communications, given the heavy investment of large and wealthy technology companies in the standards process. One of the most successful elements of the RFID standards effort, which developed and promoted the EPCGlobal standard, was close collaboration between academics, technology vendors and end users.End users of the RFID technology – notably retailer WalMart, Procter & Gamble and […]

Continue Reading

Wellness Apps & Wearables Put You up for Sale | SANS Institute

  The SANS Institute’s Securing the Human blog has a nice, contributed article by Kelli Tarala of Enclave Security on the security and privacy implications of wearable technology. Among Tarala’s conclusions: health and so-called “quantified self” products do much more than gather health data like pulse and blood pressure. Rather: they are omnivores, gobbling up all manner of metadata from users that can be used to buttress health data. That includes who you exercise with, favorite walking- and jogging routes and the times you prefer to work out. Of course, social media activity is also subject to monitoring by these health apps, which often integrate with platforms like Facebook, Twitter and Pinterest to share workout information. [Read more Security Ledger coverage of wearable technology here.] All of this could spell trouble for consumers. To quote Tarala: “there are companies interested in your Quantified Self, but their goals may not be to health related.” […]

Continue Reading

Internet of Things Demands Visibility-Driven Security

In an earlier blog, I discussed essentials for visibility-driven security and the importance of having both visibility and correlation to quickly assess events in real-time. In this post, we will examine the different dimensions of visibility across the attack continuum and how crucial it is to have these dimensions in place in order to defend against known and emerging threats. Visibility-driven capabilities are critical if cybersecurity professionals are to do their job effectively. In order to accurately see what’s really happening across dynamic, changing, environments and provide a full understanding of malicious incidents, visibility must provide an accurate picture of users, devices, data, threats, and the relationships between them. And it must do so in near real-time and across  a wide range of infrastructures to support new business models related to mobility, cloud, and the Internet of Things (IoT). For many security breaches, the gap between the time of compromise and the […]

Continue Reading

Surprise: Branding a Bug is just as Hard as Branding Anything Else!

ZDNet’s @violetblue has a nice piece on the new fad for naming vulnerabilities – seen most recently with the OpenSSL Heartbleed vulnerability and the “Shellshock” vulnerability in Linux’s common BASH  utility. As Blue notes, the desire to “brand” bugs “changes the way we talk about security” – in part by giving complex, technical flaws down a common referent. But does giving a bug a logo make it frivolous? As she notes: the penchant for naming vulnerabilities may stem not from a desire to trivialize them – but a very practical response to the need to keep track of so many security holes in software. Regardless, Heartbleed – and the marketing by the firm Codenomicon that surrounde it – was the bug that launched a thousand ships, including Shellshock, Sandworm, and more. Read more coverage of Heartbleed here. But, as with . As security research and incident response are becoming more lucrative, expect the masonry […]

Continue Reading
1 81 82 83 84 85 111