Put on a happy face

By Katherine Teitler

August 23, 2016

Cloud computing has been changing the way organizations operate for over a decade now. Without a doubt, the technology has evolved, offering varying levels of benefits along the way; agility, resiliency, and cost savings are chief among cloud’s attributes, as far as business owners and CFOs are concerned. It’s not until recently, though, that security practitioners have also begun viewing cloud as a boon rather than a bust.

Read more ...

Malicious Code

Malicious code is computer code—a set of instructions for a computer, written in any one of a number of programming languages—that is corrupt or intentionally altered to cause damage to a computer or system. The corrupt code is often embedded within a longer string of code and is crafted to look like a legitimate instruction, making it difficult to spot by manual or automated means, including traditional antivirus tools. Malicious code can occasionally result from a programming error.

Keep reading...

Every breath you take

By Katherine Teitler

August 19, 2016

Information security teams face a serious problem when they are unable to detect the presence of a threat actor inside organizational systems. Knowing who has access to key applications is an imperative for trying to protect the company, yet according to a new report published by Okta, 85% of IT and security decision makers in the UK, France, the Nordics, and the Netherlands cite a lack of visibility over who has access to applications.

Keep reading...

Honestly, I wanna see you be brave

By Katherine Teitler

August 17, 2016

Calls for presentations: Depending on whom you ask, CFPs are either a great opportunity for subject matter experts to display knowledge and vie for a coveted spot on a conference program, or an absolute nightmare, as the intended speaker carefully calculates the best topic to submit and exactly how to position a proposed talk so it rises above the rest of the submissions.

Keep reading...

TERM OF THE WEEK

Virtualization

Virtualization is the creation of a virtual—or separated—computing environment. The concept came into play in the 1960s as a means for dividing system resources of mainframe computers. Today’s virtualization technology relies on a hypervisor to create an abstraction layer which separates, or partitions, the operating system from the hardware so that multiple operating system (OS) instances can run concurrently on a single machine without tying up resources. 

Keep reading...

This cold war with you

By Katherine Teitler

August 12, 2016

Many in the security industry, myself included, are guilty of falling into the trap of saying that security is a discipline in which the big “wins” come when “nothing happens.” It’s an easy statement to make, especially when working with business leaders who see only the end result (i.e., no breach, no media headline) and make this claim. Where did this idea come from? It’s a bit of a “chicken and egg” conundrum, and no one I’ve spoken to knows exactly when this saying started to become commonplace, but most admit to using it or hearing it regularly. Despite how frequently the phrase is thrown around, nothing could be farther from the truth.

Keep reading...

I’ll keep you my dirty little secret

By Katherine Teitler

August 9, 2016

Symantec and Kaspersky Lab simultaneously released information yesterday on “Strider” and “ProjectSauron” respectively. Strider, the attacker group, has reportedly been using a stealthy piece of malware called “Remsec” (Backdoor.Remsec) as part of ProjectSauron to spy on a small number of highly valuable targets in China, Russia, Belgium, and Sweden. 

Keep reading...

Network Perimeter

A network perimeter is the interface between internally managed, owned, and controlled networks and external networks to which they connect. Some in the security industry have called the perimeter the “gateway to the internet.” The network perimeter is considered a first layer of defense for protecting internal systems and data, and helps block unwanted or potentially malicious traffic through devices—or connectors—like firewalls, IDS/IPS, load balancers, routers, VPNs, and honeypots, which all serve part of a DMZ (demilitarized zone).

Keep reading...

Or, why censorship often backfires

By Marcus J. Ranum

August 4, 2016

Totalitarians need to control everything they can—it’s a deep-seated need that stems from the (occasionally true) fear that someone, somewhere, is plotting their overthrow. It seems that the totalitarian impulse to control extends to communications first, whether it’s mail, telegraph, telephone, or Twitter.  

Keep reading...

By Marcos Colón 

August 3, 2016

There’s progress being made in the healthcare industry as it relates to information security.

Yes, recent studies indicate that 90 percent of all healthcare organizations have been the victim of a data breach in the last two years. And it is true that the average cost-per-record in a healthcare breach is roughly 80 percent higher than the U.S. average, a significant hit to organizations that already struggle with limited resources. However, the industry is waking up and beginning to realize the importance of information security – perhaps at the cost of experiencing a breach.

Read more ...

By Katherine Teitler 

August 1, 2016

Penetration testing is a mandatory component of any thorough information security program, as security pros know. Company networks are vast and complex, and security teams have the (often thankless) job of protecting everything that falls under the general category of “IT” or “IS.” While security teams must keep track of all the hundreds or even thousands of places on or touching the network that could be exploited, a threat actor needs only find one vulnerability in the system to inflict harm. Enter: the penetration tester. 

Keep reading...

SQL Injection

SQL injection (SQLi) is an attack technique in which a malicious SQL query is added to the user input, permitting an attacker to change the programming code and expose the back end of a database. An attacker exploits a software vulnerability, which allows him/her to send commands via a web server linked to a SQL database, to extract or manipulate data, embed malicious code, or access sensitive data.

Keep reading...

Jive Talkin’

By Katherine Teitler 

July 29, 2016

Listening to the political conventions these past two weeks, I couldn’t help but think about security: the conversations security practitioners have with senior management and other business units, the conversations practitioners have amongst themselves, and yes, even talks given at conferences. 

Keep reading...

Don’t stop thinking about tomorrow

By Katherine Teitler 

July 27, 2016

On Tuesday, the White House issued its Presidential Policy Directive-41 (PPD-41), or “United States Cyber Incident Coordination” plan. The PPD follows on the heels of the Cybersecurity National Action Plan, the Obama administration’s attempt to button up cybersecurity efforts in the face of growing threats against U.S. entities and some government breaches of impressive proportions. Both plans demonstrate awareness by the Federal Government that “cyber incidents are a fact of contemporary life,” and an acknowledgement that more needs to be done to protect national interests.

Keep reading...

Bad moon rising

By Katherine Teitler 

July 26, 2016

Security teams spend a fair amount of time thinking about incident response. The probability of an information security incident occurring forces teams to consider how to manage intrusions, leaks, and other security vulnerabilities or exploits. When data is stolen or when admin credentials have been pilfered, for instance, security and incident response teams generally have a plan of action, even if the plan isn’t well documented or practiced at optimal intervals. 

Keep reading...

DLP

“DLP” is an acronym for “data loss prevention” or “data leak prevention,” a strategy and suite of technologies to help protect sensitive enterprise data from loss or theft. Though the terms are used somewhat interchangeably, a data leak can occur without loss of data, and a leak can cause serious financial, reputational, or regulatory damage to an organization.

Keep reading...

I’ll be there

By Katherine Teitler 

July 22, 2016

After last winter’s frosty standoff, Apple and Facebook are now making headlines for being in cahoots with the FBI. For a few years, the bureau has been tracking Kickass Torrents, a very popular file sharing site, and trying to link illegal reproduction and distribution of online media, including movies, TV shows, music, and video games. 

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

Register Cloud Security eSummit 300x58

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.