March 13, 2015 | Kate Brew

BSides Austin 2015 - Security is Our Anthem!

There was a large and enthusiastic audience for BSides Austin 2015! Keynote, Wendy Nather, presenting “10 Crazy Ideas for Fixing Security.” Wendy discussed “new technologies that really aren’t”, and suggested we remember the past and move on. She discussed the “literary model of software development”, noting programmers are currently somewhat like artisans, suggesting a…

March 10, 2015 | Kate Brew

Crosskey Gains Visibility & Combats Banking Malware with Threat Intelligence

Crosskey is a Finnish company that develops, delivers and maintains systems and solutions for Nordic banks and capital markets. Customers range from small and regional banks to the third largest bank in Finland. Altogether, Crosskey deals with the management of over 3 million banking customers (half of Finland's population) in the Nordic region. Malware targeting financial institutions, like Crosskey, is…

Get the latest security news in your inbox.

Subscribe via Email

March 6, 2015 | Patrick Bedwell

The Ongoing Debate about the Gap between Compliance and Security

Companies required to comply with the Payment Card Industry Data Security Standard (PCI DSS) must meet a wide range of technical and operation requirements. The challenge organizations face regarding PCI compliance has shifted from achieving the minimum level required to satisfy PCI audit requirements to incorporating security best practices into everyday activities. Otherwise, the potential exists to achieve compliance yet…

March 5, 2015 | Garrett Gross

Emerging Threat - Superfish

It’s a given that nobody likes adware loaded on their new systems by the manufacturer but usually, it is no more than a nuisance and can be easily removed in most cases. However, when that software includes a major security flaw, making man-in-the-middle attacks infinitely easier to carry out, you have a major issue on your hands. Just…

March 3, 2015 | Joe Schreiber

MSSP Success Series: Name Your Assets

MSSPs, like any other business, are a factor of it’s People, Process, and Product. This series will offer insight into each of those factors and offer practical ways to achieve success. What’s in a name? A device by any other name, will work just as well… if not better Now that you are past the…

February 25, 2015 | Michelle Drolet

The 4 Es of Enterprise Security

Building a solid security program takes time. Every organization is different. It's very important to assess your technology, and consider both internal and external threats. An assessment will reveal vulnerabilities. The remediation process will help you take full advantage of your existing security assets and point you at any gaps that need filling. Even once your defenses are in…

February 24, 2015 | Kate Brew

Red Team and Blue Team Collaboration: A Talk at CUISPA 2015

Mike Saurbaugh, Manager of Information Security at Corning Credit Union and Kevin Johnson, CEO of Secure Ideas presented "Security by Collaboration: Rethinking Red Teams versus Blue Teams” at CUISPA 2015. Mike represented the Blue Team side, as the internal guy who works with Kevin, as a hired-gun third party Red Team. Red Team focuses on adversarial probing of security at…

February 21, 2015 | Garrett Gross

Sofacy AKA Sednit/APT28/Fancy Bear Malicious Payloads

You’ve probably educated your users to not click on risky email attachments but what about Word files, spreadsheets or even PDFs? We send those all the time to our coworkers so how do we know what is legit and what isn’t? (Remember – one of the most visible breaches of our time (RSA 2011) started with a…

February 18, 2015 | Sharla Elizalde

6 Questions to Help you Plan for Integrating Cyber Threat Intelligence

Over the last several years, we have seen that attackers are innovating much faster than defenders are. This trend is steering many companies to look towards cyber threat intelligence (CTI) to help them navigate today’s threatening landscape. SANS conducted a survey this year to explore who is using cyber threat intelligence and how they are using it. The…

February 12, 2015 | Stephen Molina

Defending the Enterprise from Cyber Attacks: Save Mart Case Study

We’ve seen several cyber attacks occur over the course of 2014 – from Home Depot to Target and most recently Sony. The one thing I think most of us in the industry can agree on is that we don’t want to be the next company in headlines marked by a breach. As the information security administrator of…

February 10, 2015 | Garrett Gross

Emerging Threat - Reflection Using SQL Servers

A new, particularly nasty, technique was discovered out in the wild this past December (2014) where the City of Columbia, Missouri came under a DoS (Denial of Service) attack. While many of the attacks were carried out using known techniques (SSDP/NTP amplification, HTTP POST, SYN flood, etc.), one technique seemed to be of a new breed. It turns out, hackers…

February 6, 2015 | Patrick Bedwell

Healthcare and PII: They’ve Seen You Naked

With the recent Anthem data breach that has grabbed our attention, the topic of how Healthcare organizations protect your Personally Identifiable Information (PII) has moved to the forefront. In many ways, bad actors acquiring your PII are far worse than them simply stealing your credit cards. Stolen credit cards, you can cancel – easily and usually without cost. Stolen PII …

Watch a Demo ›
Get Price Free Trial