By: - Technology Reporter

@jleclaire

After Target Breach, How Can You Ensure Vendors Aren’t Your Weak Link?

February 20th, 2014

Shocking. That’s one of the best words to describe the feeling among many retail industry watchers when the root of the massive Target breach was determined to be an HVAC contractor. Indeed, news headlines continue to examine all aspects of the story, from the $200 million it cost to replace credit cards, to reports of [...]



By: - Chairman and CEO, Lumension

@pclawson

NIST Releases Preliminary Cybersecurity Framework for Critical Infrastructure

October 23rd, 2013

In February, President Obama signed an Executive Order that called for increased cyber-threat information sharing between government and private companies who oversee our country’s critical infrastructure. The goal was to break down the barriers that cause privately-managed critical infrastructure companies to work independently of the government groups that could create a repository of intel on [...]



By: - Chairman and CEO, Lumension

@pclawson

Social Media: the Bad Guys’ Perfect Playground

October 1st, 2013

October marks the 10th anniversary of National Cyber Security Awareness Month, a public education campaign spearheaded by our colleagues at the National Cyber Security Alliance. It’s somewhat disheartening to consider the lack of progress made in cyber security over the last 10 years; cyber criminals continue to wreak havoc stealing personal identities, corporate IP, and [...]



By: - Chairman and CEO, Lumension

@pclawson

Advice for the Incoming DHS Secretary

September 12th, 2013

A few weeks after retiring Department of Homeland Security Secretary Janet Napolitano gave a farewell speech, we are still unclear on her replacement unfortuntely. In that departure speech, Napolitano advised her successor “You will need a large bottle of Advil.” Given the DHS Secretary is responsible for dealing with everything from natural disasters to terrorists attacks, [...]



By: - IT Security Expert, Author

@stiennon

Three Lessons Learned From the NSA’s Use of Big Data and Security Analytics

August 14th, 2013

Security analytics is the term being applied to the new methods being developed to counter sophisticated targeted attacks. The idea is simple but implementation requires skill sets that have yet to be acquired by most organizations. Gather as much data as possible, apply filters derived from security intelligence, and identify attacks in progress or already [...]



By: - Forensics and Security Expert

@phenrycissp

The Danger of Open Access to University IP

July 22nd, 2013

When I saw last week’s New York Times story about the problems universities are experiencing with cyber attacks, my first thought was one of surprise. Wasn’t this kind of story published years ago? Hackers are opportunistic and universities pride themselves on providing free and open access to materials. Cyber attacks on research universities have been [...]



By: - Technology Reporter

@jleclaire

To Layer or Integrate? That is the Question

June 27th, 2013

Indeed, the debate over whether to mix a myriad of tools and technologies to create a bulletproof shield that hackers can’t invade or to take an integrated approach to in-depth defense to combat persistent threats is ongoing. But more cyber security analysts are speaking out about the benefits of integration. Also known as layered defense, [...]



By: - IT Security Expert, Author

@stiennon

Procedures and Policies Without Controls Are Meaningless: Lessons for the NSA

June 25th, 2013

Note to security clearance holders: The following post contains no links to secret documents. As the carefully orchestrated stream of leaks from Edward Snowden are published in The Guardian, we have learned first of the massive scale of US (and now UK) data and communication surveillance. Top Secret/NoForn documents were also published that spelled out [...]



By: - Senior Architect

@danteal

Hiding Under the Covers

May 15th, 2013

“All warfare is based on deception” – Sun Tzu, The Art of War Attackers like stealth.  Once they have compromised a system, one of their primary goals is to remain undetected. Initially, attackers used malware with pseudo Windows service names such as svchosts.exe, winlogin.exe, lsasss.exe, and others. Although these names appear to be innocuous, power [...]



By: - Technology Reporter

@jleclaire

New School Cyber Crooks Using Old School Malware Tricks

April 29th, 2013

You can teach old crooks new tricks, but many cyber criminals are discovering that the old tricks are working just fine. Indeed, recent security headlines feature old school malware attacks, like the MiniDuke. And old school botnets with creative new names are bum rushing the Internet. At the same time, reflective memory injection (RMI) attacks, which blend [...]


By: - Chairman and CEO, Lumension

@pclawson

CISPA, FISMA Passed the House. Now What?

April 24th, 2013

CISPA, the Cyber Intelligence Sharing and Protection Act, passed the US House of Representatives late last week and will move to the Senate for further debate. If this rings a bell, it should. Last summer, CISPA passed the House before stalling in the face of a Senate filibuster. Of course, it was not the only [...]


By: - Forensics and Security Expert

@phenrycissp

Embedded Chinese Malware – Theoretical Threat or Practical Issue?

April 4th, 2013

Before we begin discussing the issue of the theoretical or practical reality in the potential threat of the Chinese embedding malware in the computer equipment they manufacture, consider this: Just a few years ago who would have thought that any government (never mind our own) would have created malware to attack another government’s computer systems [...]


By: - Chairman and CEO, Lumension

@pclawson

What Businesses Need to Know About Cyber Security

April 3rd, 2013

video

What laws are in place for cyber security and are they enough? Are the Chinese the only foreign nation hackers we need to worry about? Who are the real perpetrators? How big of a problem is stolen IP for the U.S. and other countries and what is being done about it?   These questions and [...]


By: - Chairman and CEO, Lumension

@pclawson

Are Journalists Sitting Ducks?

March 26th, 2013

Remember Mat Honan – a Wired reporter that covers consumer electronics? He had his entire digital life erased last summer. His Google account was deleted, his Twitter taken over, his iPhone, iPad and MacBook erased. How about the New York Times hack? Chinese hackers allegedly broke into the paper’s systems, stole passwords and watched reporters, [...]


By: - Information Security Reporter

@kevtownsend

Advanced Volatile Threat – Is an Old Threat the New New Threat?

March 19th, 2013

“In the meantime,” wrote [1] John Prisco, president and CEO of start-up firm Triumfant, “while our attention has been diverted towards APT1-style attacks, a more sophisticated and dangerous attack vector has emerged and will likely become more and more commonplace among cyber criminals: the Advanced Volatile Threat or AVT.” Chillingly he adds, “you’ve been warned.” [...]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com