Encrypted Channel Monitoring Articles

Showing Articles: 19 of 9

Dec 8 2014

Cooler Heads Will Prevail

When thinking of IT security trends, I don’t think I would be on the wrong track if I would dub the year 2014 as “The Year of Open Source Vulnerability”. In the same vein, past couple of years could be called “The Year of Snowden” and “The Year of Multiple Web Site Breaches which Resulted in Millions of Stolen Credit Card Numbers”, in no particular…

Keep Reading

Nov 27 2014

Do You Fulfill Hong Kong Monetary Authority’s General Principles for Technology Risk Management?

The commencement of Shanghai-Hong Kong Stock Connect represents not only increasing cross-border trading, but also continuously growing data exchange between financial institutions such as stock exchange authorities, banks, and brokerage firms.

The machine-to-machine (M2M) transactions that power the automation of critical business operations and data transfers are typically protected with some form of data-in-transit…

Keep Reading

Nov 11 2014

A Video Is Worth a Million Words

It is a well-known fact that system administrators with root-level privileges have wider access to company’s critical information assets than the C-level executives. With great power comes great responsibility, and most people will also act responsibly. But as an information security officer, would you trust this power and responsibility to someone you cannot identify or whose actions you cannot verify…

Keep Reading

Aug 1 2014

With “Backoff” POS Malware, Attackers Use Your Security Tools Against You

Yesterday the US Department of Homeland Security issued a warning to US businesses against a new POS malware attack called “Backoff”. The attackers are targeting common remote access systems like Microsoft Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop, Splashtop, Pulseway and join.me. To make matters worse, this little bug is difficult for anti-virus software to…

Keep Reading

Jun 13 2014

All Threats are Insider Threats

Back in the day when the enterprise security model was a hardened perimeter protecting the internal "trusted" network, security vendors seized on the notion that businesses need protection from their employees - the insider threat.

Studies were commissioned to show how much malicious insiders were costing businesses. More recent studies indicate the majority of data breaches are carried out by…

Keep Reading

May 19 2014

Just A Heartbleed Away: The Dirty Little Secret in IT Security is Creating A Major Risk

One of the major lessons learned from the Heartbleed Bug is just how vulnerable critical IT components, like encryption, are. The potential impact of these vulnerabilities can be severe and far-reaching. To make matters worse, a lack of management controls and visibility, especially in ubiquitously deployed software, enables cyber criminals…

Keep Reading

Mar 4 2014

RSA Conference 2014 Wrap Up

This year’s RSA Conference 2014 was filled with energy and great insights as well as controversy. Here are a few of the trends and topics that I saw at this year’s show.

Energy: Encryption and access controls are up there at the top of the list
There was a huge uptick in the overall energy at the show. Our booth was inundated with people asking questions and wanting to learn more about our…

Keep Reading

Feb 11 2014

APT The Mask (aka Careto) Targets Secure Shell Keys

Kaspersky Labs recently revealed the details of a sophisticated APT named “The Mask” or by its Spanish name “Careto”. The Mask is known to have infected at least 380 unique victims in over 31 countries. In operation since 2007, the primary targets of this APT are government institutions, diplomatic offices, energy companies, research institutions, private equity firms and political activist organizations. The sophistication and targets of the APT suggest it is the work of nation-state actors as opposed to criminal…

Keep Reading