Varonis Privacy and Trust Report

April 26, 2013

Even in an age of social media and voracious over-sharing, there are still times we need privacy online. When we engage in old-fashioned point-to-point communication, we expect the person or business at the other end to ensure that our interactions remain private. But it’s complicated.

In a new study conducted by Varonis, 91% of respondents say they trust businesses to keep their data safe despite a rise in breaches that now affects nine out of ten companies. In addition to expecting absolute security from service providers, the survey shows that 53% of consumers would be willing to pay a premium for organizations that reliably protect their data.

At the same time, consumer online habits have room for improvement. Though almost three out of four password protect their mobile phones, an alarmingly high 67% say they send unencrypted personal information in their emails.

Download the full report to learn how consumers deal with security and privacy challenges in their digital lives.

Download the Report

Enjoy, share, embed our infographic:

Varonis Privacy and Trust Report

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , | Permalink
Posted by david ricketts

Modern Malware Review: FTP Surprises

April 5, 2013

Palo Alto Networks reports that FTP (that’s right, FTP) has been identified as a common source of unknown malwareLast week, we announced our first Modern Malware Review, where Wade Williamson and other Palo Alto Networks experts had the opportunity to analyze 3 months of data from WildFire, including data from more than 1,000 real networks and more than 26,000 seemingly unique samples of malware collected in real enterprise networks (out of 60k+ that evaded AV solutions on customer networks). You can find the full report here.

We’ve gathered some interesting quotes from media coverage of the review below. Also, Wade speaks with Threatpost’s Dennis Fisher about the MMR and some of the particularly compelling (dare I say alarming) findings in this podcast – give it a listen here.

“If you talk to most enterprise IT guys, they’re not spending much time worrying about FTP because it’s seen as a dusty old protocol. Some of these older protocols that are flexible and still work are being used by attackers because nobody is going to blink if they see it.” – Wade Williamson (CRN, March 25, 2013)

“Most network managers don’t give a second thought to FTP, but it’s pretty obvious that attackers are thinking about it…a lot,” – Wade Williamson (Security Bistro, March 27, 2013)

Can you sense the theme? FTP was observed to be exceptionally high-risk. FTP had the ignominious distinction of being both a common source of unknown malware as well as one of the sources that rarely received coverage. FTP was the most evasive application in terms of port evasion, and had one of the lowest detection rates in terms of malware.

MMR

via Modern Malware Review: FTP Surprises ‹ Palo Alto Networks BlogPalo Alto Networks Blog.

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Cost of data and computer security: rising and fast

March 15, 2013

Costofsecurity_rev

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , | Permalink
Posted by david ricketts

Cybersecurity Now Top of Mind Around the World and Network Security is Taking Center Stage

February 26, 2013

It’s no surprise that in the wake of the rapid increase in cyber attacks, governments around the world are moving towards strengthening their cyber security, and even taking steps to mandate better collaboration on security issues between the private and public sectors. Here is a sample of the most recent initiatives:

  • US – Feb-2013: Obama Orders Cybersecurity Standards for Infrastructure
  • European Union – Feb-2013: EU Unveils New Cybersecurity Policy
  • Italy – Jan-2013: Italian Government Approves Cybersecurity Measures to beef up strengthen online security and protect critical infrastructure from increasing cyber assaults
  • India – Jan-2013: India Developing National Cybersecurity Architecture. India is in the midst of developing a national cybersecurity architecture aimed at preventing sabotage and espionage of its core IT systems and networks
  • Australia – Jan-2013: Australia toughens stance on cybersecurity
  • Russia – Jan-2013: The Russian Federal Security Service gets empowered to create a state system for the detection, prevention and liquidation of the effects of computer attacks on the information resources of the Russian Federation

There are important common factors in all the above:

First, a global appeal for stronger collaboration between the public and private sectors to share intelligence on cyber attacks. Under existing EU rules, telecommunication companies are already required to report significant security incidents. Wade Williamson, one of our in-house experts on cyber threats recently wrote in this blog about “Combating Emerging Threats Through Security Collaboration”

Secondly, a shared understanding that the global economy is highly dependent on critical infrastructure that might not be as secure as initially thought. For example, the U.S. executive order specifically mentions power grids, pipelines and water systems.

Finally, full awareness that much of the critical infrastructure supporting a thriving, modern economy relies on a set of interconnected networks and systems that must be closely monitored and protected. The proposed European directive calls out the need for resilient, safe, and stable networks and systems.

One takeaway for our customers is that network security is being more systematically called out in cybersecurity discussions worldwide and is even taking center stage. Some analysts have commented that network security will remain the largest cybersecurity submarket for the next 10 years.

Why? Even as SaaS applications, social networking, mobile devices, or cloud-based computing become mainstream and push the limit of the traditional enterprise perimeter, the network and the firewalls remain the one place where organizations in both the public and private sectors can see all traffic and actually enforce security policy.

via cybersecurity, cyber security, network securityPalo Alto Networks Blog.

Thanks to http://www.thethreatvector.wordpress.com

1 Comment | Managed Service Hosting, Marketing | Tagged: , , , , , , , , , , , , | Permalink
Posted by david ricketts

Richard Stiennon on Packet Capture

July 30, 2012

by David Gibson

About a decade ago I was fortunate enough to take a course at SANS on using Snort and tcpdump, taught by Stephen Northcutt, Judy Novak, and Marty Roesch. It was hands-down one of the best courses of any kind that I have ever taken and I’d recommend it for anyone remotely interested in network security. (Note to Stephen: It really works. I did actually jump up and down in my hotel room while reciting the tcp flags, and just like you said, I have never forgotten them).

I was reminded of my experience at SANS when I read the Forbes article by Richard Stiennon about the criticality of packet capture (Is Packet Capture Critical? Heck Yes.) Richard discusses how in the aftermath of the RSA breach, with an audit trail of network activity (and the attackers’ encryption keys), “They were able to de-crypt the network traffic they had recorded, leading to sure knowledge of the severity of the breach.”

Unfortunately, not all organizations have adopted fundamental auditing controls for critical infrastructure—network, file systems, email, etc. As an example, in our recent survey on the state of data protection, less than 20% of organizations claimed to monitor all access to critical collaboration infrastructure (File shares and SharePoint). Auditing activity (network and otherwise) represents an enormous opportunity for organizations to not only improve their response to a breach, but to better prevent them (or stop them in action) through automated analysis.

Being without an audit trail is like flying blind. Once I had learned to read and interpret network traffic, I never wanted to be without good auditing again. Not only is auditing an imperative for security, it is a pre-requisite for better management. For example, packet capture is critical for debugging or figuring out what the heck is eating up your bandwidth. On the data side, an audit trial helps figure out what data is active or stale, who (if anyone) is using it, and who it may belong to.

In IT and security, we will always have days where we ask, “What happened?” An audit trail and people that know how to read them are our only hope in being able to know what happened, and our only hope in learning how to prevent it from happening again.

For more information about Varonis please visit http://www.c24.co.uk

Related articles

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , | Permalink
Posted by david ricketts

Follow

Get every new post delivered to your Inbox.

Join 746 other followers