Network Breached? Ask Yourself these 3 Questions within the First 48 Hours

by on | Leave a comment
Filed under Security 101 and tagged , , , .

network breach

In an article for, Peter Cheney, the director of cybersecurity at independent global risk and strategic consulting firm Control Risks, has identified three essential questions that he believes enterprises must ask within the first 48 hours after a network breach:

Continue reading

Cybersecurity’s Weakest Link? Employees

by on | Leave a comment
Filed under Industry News, Security 101 and tagged .

cybersecurity weak link

About 15 years ago, a game show took public humiliation to new heights (or depths, depending on one’s perspective) by branding unsuccessful contestants as the weakest link in the group. They were then ushered offstage to the tune of the most soul-crushing “goodbye” in television history by the host.

Well, that game show is now off the air, but according to a recent Forbes article by Social Media and Compliance Specialist Joanna Belby, the weakest link in cybersecurity is, unfortunately, still very much alive: employees. Continue reading

Cyber Attacks Beating 54% of Organizations Says Survey

by on | Leave a comment
Filed under Industry News and tagged , , .

cyber attack

A survey of 500 IT decision-makers in UK enterprises (250+ employees) has revealed that 54% lack the knowledge and capacity required to thwart sophisticated cyber attacks.

The survey, which was conducted by Symantec and Deloitte, also found that:

  • 66% of respondents don’t think it’s necessary to regularly train employees on cyber security policies and practices
  • 60% of respondents lack full confidence in their enterprise’s cyber security policies
  • 55% of respondents depend on legislation, regulations, and other external factors to drive their infosec policy
  • 49% of respondents fail to fully protect confidential data, including corporate intellectual property, and private information related to customers, employees, and finances

Continue reading

Malware Slips by Prevention-Based Security Software

by on | Leave a comment
Filed under Industry News, Security 101 and tagged , , , .

malware fail

An automated and independent malware testing service has taken a quick break from analyzing malware such as worms, information stealers, and rootkits so that it can crunch some numbers — and the news isn’t good for enterprises that rely exclusively on prevention-based security software packages.

As reported by David Braue of CSO Online, the aggregated the results of the regular monthly test of 33 different malware threats, and found that in the second half of 2014 none of the eight security packages included in its analysis — each of which are produced by major vendors — detected 100% of threats. The best-performing package detected 86% of malware, while the worst detected just 12%. The average detection rate for all eight packages was 55%.

Continue reading

Seculert API: Improved Integration [Product Update]

by on | Leave a comment
Filed under Product Updates and tagged , , , .


Seculert provides alerts on confirmed incidents of malware actively communicating or exfiltrating information from users’ devices. Seculert can even detect incidents relating to partners and/or customers. These alerts provide actionable and accurate information that identifies the infected device.

A just released, updated version of the Seculert API makes it easier to integrate all the insights from Seculert with your existing security infrastructure. You can automatically feed alerts about malware incidents into your SIEM, Splunk, secure web gateway, firewall, or IPS.  Continue reading

Cyber Threats: Crowdsourced Intelligence is Essential

by on | Leave a comment
Filed under Industry News and tagged , , , , , , .

crowdsourcing cyber threats

In a commentary, writer Jennifer Guthrie is urging lawmakers and business leaders to join forces and improve how they share information regarding cyber threats on both a micro and macro level — for the benefit of everyone. Continue reading

Are Cybersecurity Breaches the New Normal?

by on | Leave a comment
Filed under Industry News and tagged , , , .

cybersecurity breaches

In a recent Forbes article, supply chain industry expert Steve Banker is warning enterprises that they need to view cybersecurity breaches as the new normal — not the rare exception.

Banker bases his argument on three key factors that combine to make it impossible for enterprises to prevent 100% of cybersecurity breaches, regardless of how sophisticated their network defense system might be: Continue reading

Perimeter Security as the Proverbial Goldfish

by on | Leave a comment
Filed under Industry News and tagged , , .

perimeter security gold fish

In a new article for Infosecurity Magazine, Vectra Networks CTO Oliver Tavakoli uses an analogy of a goldfish circling a fishbowl to illustrate a defining characteristic of perimeter security: it has no memory.

“While perimeter security has its place in a defense-in-depth security strategy, the reality is that perimeter security has the same perfect amnesia as a goldfish swimming in circles in its bowl,” writes Tavakoli. “Each time a goldfish circles the perimeter of the bowl, it has no memory of its prior journey. Similarly, each time perimeter security sees a threat or suspicious behavior, it is as if it is seeing it for the first time.” Continue reading

IT Security Spending for the Year Ahead

by on | Leave a comment
Filed under Industry News and tagged , , , , , .

It security spending

Citi Research, a division of Citigroup Global Markets Inc., has released its “2015 CISO Survey.” According to the 54 CISOs who participated in the survey, here’s how the spending intentions of this representative group will likely shape the enterprise IT security landscape in the year ahead: Continue reading

Cybersecurity Reporter: “How Can You Expect to Stop Hackers if You Don’t Know You’ve Been Hacked?”

by on | Leave a comment
Filed under Industry News and tagged , , , , , .


In a recent article, The Hill’s cybersecurity reporter Elise Viebeck has posed a provocative question that should be top-of-mind among CSOs in both private and public organizations: how can you expect to stop hackers if you don’t know you’ve been hacked?

The inquiry stems from the growing number of examples — Target, Home Depot, Sony, and Kmart spring to mind — in which hackers breached their victims’ cybersecurity defenses months before the attacks came to light. Continue reading