A few cybersecurity predictions for 2018

Over the past few weeks, dozens of people have reached out to Jon Oltsik, an ESG senior principal analyst and the founder of the firm’s cybersecurity service, with their cybersecurity predictions for 2018. Some prophecies are fairly obvious (ransomware will continue in 2018), while at the other extreme, some people are pushing doomsday forecasts aimed […]

3 advanced prevention technologies expected to grow in 2018

According to CSO’s Jon Oltsik,  2018 will be the year of advanced prevention. Advanced prevention sits at the intersection of two other cybersecurity trends, namely software-defined security functionality (which makes it easier to deploy, configure, and scale security controls) and artificial intelligence (which uses algorithms to comb through mountains of data to increase detection/blocking efficacy, provide granular risk […]

What is phishing? How this cyber attack works and how to prevent it

Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download […]

69 Percent of Financial Services Organizations Do Not Rotate SSH Keys After Employees Leave

According to new research by Venafi, even though SSH keys provide the highest levels of administrative access, they are routinely untracked, unmanaged and poorly secured. For example, 69 percent of respondents from the financial services industry admit they do not actively rotate keys, even when an administrator leaves their organization. The survey said that this […]

Why Enterprise Security Is A Matter Of Policy

Ever since the first firewalls were deployed on business networks in the early 1990s, enterprise security goals haven’t really changed:  keep the bad guys out, and ensure that only authorized users and software are allowed to communicate over approved network paths.  Sounds simple enough, right?  And in those early days, those goals were relatively easy […]

Attacker ‘Dwell Time’ Average Dips Slightly to 86 Days

It now takes an organization just under three months on average to detect hackers embedded in their network, a modest improvement over years past. That’s one of the takeaways from data culled from 100 incident response investigations conducted by CrowdStrike this year. The security firm’s newly published Cyber Intrusion Services Casebook 2017 shows that organizations […]

Study: Simulated Attacks Uncover Real-World Problems in IT Security

Organizations continue to focus on protecting the perimeter while neglecting to monitor bad guys getting inside and ultimately pilfering data, says a security researcher at SafeBreach, which released a new report today. In 3,400 breach methods used for 11.5 million attack simulations, SafeBreach in its new Hacker’s Playbook Findings Report found that virtual attackers had a […]

The next step in network security evolution

In 1987, Bernd Fix developed a method to neutralize the Vienna virus, becoming the first known antivirus software developer. In 2017, as we pass the 30-year anniversary, a lot has changed in endpoint security. Harry Sverdlove, CTO at Edgewise Networks, has been fortunate enough to have a front row seat to this evolution, and he […]

Redefining perimeter network security: The future is a hybrid

The idea of perimeter defense is as old as servers themselves — say the word and it conjures up images of ENIAC-sized machines buzzing in locked rooms, firewalls separating them from the outside world. Unless you work for the CIA, that’s likely not your reality. Instead, the data you secure lives in the cloud, flowing […]

How to secure a wireless network and thwart growing threats

Read Craig Mathias’ checklist for mobile security on Tech Target : Mobile security — as with most aspects of network security — is a process and not a goal. Threats continue to evolve, as do the tools enterprises can harness to meet those threats. As a result, it’s essential that an organization’s mobile security process remains […]