There's been much discussion in the security industry that preventing malware-based infiltrations into the enterprise is nigh on impossible, and the new security mantra should be "rapid detection is the new prevention." On that, IBM begs to differ.
Symantec has announced its Advanced Threat Protection (ATP) effort for new products and managed security services to support enterprise customers in fending off targeted zero-day attacks in particular.
It cost U.S. companies hit by data breaches last year an average of $5.4 million to cope with the after-effects – up 9% from the year before, according to the ninth annual Ponemon Institute study published Monday.
VMware today put forward its "vision" for unifying the mobile security and management technology it acquired in its $1.5 billion acquisition of AirWatch earlier this year with its traditional line of virtualization software.
Target has named veteran IT executive Bob DeRodes as its CIO and is tasking him with taking the $73 billion retailer in a new technology direction following the mammoth data breach that it disclosed late last year. The breach resulted in information being stolen from 70 million payment card users and prompted the resignation of CIO Beth Jacob.
Cisco today announced Managed Threat Defense, a set of security services for the enterprise that Cisco is providing through two new operations centers to remotely support intrusion-detection, incident response and forensics, among other services.
Verizon today issued its annual data-breach investigations report, a study of what happened in 1,367 known cases across dozens of industries in 95 countries last year, and the most common form of attack was breaking in through Web applications.
The Stuxnet malware known to have stealthily targeted Iranian nuclear facilities a few years ago was a wake-up call about how vulnerable critical industrial systems can be to cyberattack. Now, an Israeli start-up, with help from General Electric, is testing security technology that would detect Stuxnet-like attacks on critical infrastructure systems used for power production.
Socially-engineered malware tries to trick users into downloading and executing malicious code through tactics that include everything from fake antivirus to fake utilities to fake upgrades to the operating system and trojanized applications.
The Heartbleed Bug disclosed by the OpenSSL group on April 7 has sent many vendors scurrying to patch their products and that includes security firms Symantec, Intel Security's McAfee division, and Kaspersky Lab.
The Heartbleed Bug, a flaw in OpenSSL that would let attackers eavesdrop on Web, e-mail and some VPN communications, is a vulnerability that can be found not just in servers using it but also in network gear from Cisco and Juniper Networks. Both vendors say there's still a lot they are investigating about how Heartbleed impacts their products, and to expect updated advisories on a rolling basis.
The Heartbleed Bug, basically a flaw in OpenSSL that would let savvy attackers eavesdrop on Web, e-mail and some VPN communications that use OpenSSL, has sent companies scurrying to patch servers and change digital encryption certificates and users to change their passwords. But who's to blame for this flaw in the open-source protocol that some say also could impact routers and even mobile devices as well?
The Identity Theft Resource Center, which tracks data breaches, has counted 204 of them from January 1 to March 27.
IBM has come up with a technology for reducing the risk of data being exposed in mobile push notifications to mobile devices by coming up with a way to encrypt that information so service providers and others can't actually see any data related to the user's mobile device.
Banks and financial institutions regulated by the federal government must now monitor for distributed denial-of-service (DDoS) attacks against their networks and have a plan in place to try and mitigate against such attacks, a federal regulatory body said this week.
