• U.S. Open primer: In the cloud or on the golf course, hazards can be devastating

    This week the U.S. Open heads to the Pacific Northwest for the very first time. Chambers Bay Golf Course in Washington State will play host. In the spirit of U.S. Open golf tournament and the 18 tricky holes at Chambers Bay, Perspecsys will caddy for a full round with tips and tricks to avoid the hazards – the privacy, compliance and security hazards of cloud computing – and guide you confidently through the course to realize the full benefits enterprise cloud adoption can offer.

  • Relying on your insurer for security? Think again!

    The answer for all organizations is not to “get better cyber insurance” but, instead, to focus on the right protection, detection and response capabilities. Yes, organizations need to ensure all policies are risk based, but having a good understanding of the scope required and the business as a whole to distinguish the most important assets to protect will serve organizations better. Companies should focus on ensuring their governance is sound and use a security checklist to ensure basic cyber hygiene is in place, such as patched systems, good passwords and service controls.

  • Why break in, if you can simply login?

    I was asked the other day why so many security breaches are hitting the headlines and are seemingly getting larger and more frequent. The game of cyber security has changed significantly over the years and defenders are slow to modify their playbooks and tactics. The fundamental problem is that defenders are waiting and ready for attackers to hack through the firewall but in truth the attackers are simply logging in using legitimate credentials that they attained by some other illicit method.

  • Emulating the security analyst with software

    This is the second installation of a two-part article discussing why static security detection methods can no longer protect enterprises from advanced hacking efforts. In this installation, the author will discuss why the security industry must begin to look at a more dynamic approach to security alerts.

    Earlier, we discussed the beginnings of SIEM deployments and the failed success of static-based detection. Now, we need to start thinking like security analysts. Why? Because if a human best handles logical correlations, and there is a scarcity of skilled cyber security professionals, the use of dynamic, advanced software is how we best emulate the human decision making process.

  • A call to researchers: Mix some creation with your destruction

    Since I can first remember being interested in information security, my personal hacker heroes (and I’m using hacker positively here) were the researchers who discovered zero day software vulnerabilities and could create proof-of-concept exploits to demonstrate them.

  • Does the UK need to do more to address the threat of nuclear terrorism?

    The emotive nature of linking nuclear and terrorism in the same sentence leads to understandably visceral responses as we all seek to protect ourselves and our loved ones from disaster. However, before going any further we should consider some simple truths.

  • How data-centric security works

    The traditional methods of how to address information security have all been for ages about protecting the perimeter and the network, protecting where the files are located. While it's good IT practice to have those safeguards in place, organizations are realizing that it's not enough.

    In this podcast recorded at Infosecurity Europe 2015, Rui Melo Biscaia, Product Management Director at Watchful Software, talks about the importance of having another layer in place on top of your IDS, IPS, firewalls, etc. This is where data-centric security comes into the picture.

  • Instilling a culture of cyber security

    Every company that sells cyber security technology markets how their tools will “defend”, “stop threats” and “protect”. There is no doubt that the technologies that exist today are quite incredible in helping fight malicious adversaries. However, the reality is that technology can sometimes cause a false sense of security.

    Put simply, no technology exists today that is a “fire and forget” solution and every device has vulnerabilities that it cannot defend against. Despite great technology, new vulnerabilities and exploits are being found all of the time. And of course there is the human element: the reality is that the majority of breaches occur, not because of a technology failure, but because a person failed to be vigilant or did something they should not have done.

  • How to develop effective honeypots

    Honeypots - decoy systems used for learning cyber attackers' capabilities and potential objectives - can be very useful to organizations, businesses, and individuals.

    In this podcast recorded at the Hack in the Box conference recently held in Amsterdam, Pedram Hayati, the founder of Smart Honeypot, talks about the most effective use cases for honeypots.

  • Microsoft releases critical patches, improves IE security

    This June Patch Tuesday we have a slightly smaller patch load from Microsoft, taking us back to more historic average releases of eight bulletins. We have just two critical patches to deal with and six important. While this is good news for those that have their sights set on some summer vacation, this release also makes us wonder how many more of these Patch Tuesday cycles will we have?

Videos      Podcasts


Reactions to the Hacking Team breach

Hacking Team, the (in)famous Italian company that provides offensive intrusion and surveillance software to governments, intelligence and law enforcement agencies around the world, has been hacked.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Jul 6th