Skip to main content

Home/ NBISE Institute/ Group items tagged threat

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Steve King

Prepare for the "Advanced Persistent Threat" - 0 views

www.technologyreview.com/...37767

security threat apt

shared by Steve King on 16 Jun 11 - No Cached
  • Steve King on 16 Jun 11
     
    Good round up of APT issues
dhtobey Tobey

Outgunned: How Security Tech Is Failing Us -- InformationWeek - 0 views

www.informationweek.com/...showArticle.jhtml

NBISE security scanning firewall software

shared by dhtobey Tobey on 29 Jan 11 - No Cached
  • "Years ago when we started writing checks, we might have been tackling five to 10 a day," says Paul Wood, a senior analyst with Symantec Hosted Services. "It's now well over 10,000 a day and growing." According to McAfee's 2010 Q2 Threat Report, the company identified 10 million pieces of malware in the first half of this year and is tracking close to 45 million in its malware database.
  • Vulnerability assessment products are also behind the curve, as Greg Ose and Patrick Toomey, both Neohapsis application security consultants, found when they recently set out to measure the relative effectiveness of various vulnerability scanners. "It's a question frequently raised by our customers," Toomey says. "They know the tools aren't going to catch all of the problems, but can they count on them to catch, say, 80% of the bad ones?" What Ose and Toomey discovered was far worse than even they had anticipated. Out of the 1,404 vulnerabilities accounted for by the Common Vulnerabilities and Exposures project during the sample period, there were only 371 signatures. In the best cases, the tools were in the 20% to 30% effectiveness range.
  • Toomey's observations are in line with those of security researcher Larry Suto, who earlier this year reported that Web application vulnerability scanners missed almost half (49%) of the vulnerabilities present during his tests.
  • ...5 more annotations...
  • But there's also a new twist to consider: With an increased number of attackers targeting and hijacking the credentials of IT personnel, the outsider can become the insider, at least from the perspective of our technology controls. Forward-thinking companies will move now to address this scenario. Think about how you'll detect large, anomalous query spikes against key tables in sensitive databases. Ensure you can spot large-scale document downloads from file shares and internal document management systems. If a hijacked credential is used to log into a large number of machines during a short time frame, you should have the ability to spot that activity.
    • dhtobey Tobey
      dhtobey Tobey on 29 Jan 11
       
      Investing in workforce development and professionalizatino of the infosec workforce may do more.. combat ingenuity with ingenuity, not automation.
  • investing even a small percentage of your security budget in only a few specialized systems to help here will go further than throwing good money at yesterday's outdated controls.
  • Stop rewarding ineffectiveness and start rewarding innovation. Maybe right now you're struggling with a scary realization: "The millions I'm spending on firewalls and antivirus technology is relatively worthless if my adversary is skilled."
  • Greg Shipley is an InformationWeek contributor and a former CTO
dhtobey Tobey

Whatcom Community College's computer program honored for its cyber security - Top Stori... - 0 views

www.bellinghamherald.com/...m-community-college-named.html

CAE cybersecurity ADAPTS community.college NBISE information.assurance education

shared by dhtobey Tobey on 05 Jun 11 - No Cached
  • BELLINGHAM - Whatcom Community College's computer program is now considered one of the best in the country, especially in the areas of cyber security.The college was recently named as a National Center of Academic Excellence in Information Assurance by the National Security Agency and the Department of Homeland Security.
  • "It is a major threat to our security," said Corrinne Sande, Computer Information Systems program coordinator at WCC,
  • WCC is one of only 13 two-year schools in the country with the designation, which was opened to community and technical colleges last year. The University of Washington is also a Center of Academic Excellence in this area, but for a university instead of a two-year school.
  • dhtobey Tobey on 05 Jun 11
     
    Candidate for Northwest ADAPTS program
1 - 3 of 3
Showing 20 items per page