Latest

Biometrics

Sizing Up the Roles of Behavioral Analytics, 'Zero Trust'

Ishita Chigilli Palli  •  February 26, 2020

Improvements in behavioral biometrics and analytics are changing the way many financial services firms approach authentication. And more companies also are taking a "zero trust" approach to improve identity and access management, according to two security experts interviewed at RSA 2020.

►

Analytics

The Ongoing Search for Indicators of Behavior

Tom Field  •  February 26, 2020

Indicators of compromise are important. But what if you could also detect patterns of behavior that tip you off before a crime? This is where Cybereason's Sam Curry is trying to shift the focus.

►

Security Operations

Mitigating Threats to Operational Technology

Tom Field  •  February 26, 2020

Digital convergence is driving a shift in the security landscape for operational technology. Fortinet's Jonathan Nguyen-Duy discusses the manifestations of this shift and how to address them.

►

Governance

Security and Privacy: Often Aligned, But Sometimes Not

Mathew J. Schwartz  •  February 26, 2020

Not so long ago, many were confused about how security and privacy differ, but that has been rapidly changing, thanks to regulations such as the European Union's General Data Protection Regulation and California's Consumer Privacy Act, says attorney James Shreve, a partner at Thompson Coburn LLP.

►

Training & Security Leadership

Reducing Security Complexity a Top Challenge for CISOs

Mathew J. Schwartz  •  February 26, 2020

Reducing security complexity remains one of the toughest challenges facing CISOs, driven by the non-stop increase in threats, says Jeff Reed of Cisco. Creating a sustainable solution will require advances in vendor interoperability, as well as automation and visibility, he says.

►

Business Continuity Management / Disaster Recovery

The Role of 'Zero Trust' in Pandemic Threat Management

Nick Holland  •  February 26, 2020

The threat of the coronavirus outbreak emphasizes how remote access to workplaces is critical in business continuity. Stan Lowe of Zscaler discusses "zero trust" in the context of pandemics.

►

Cybercrime as-a-service

Ransomware Attacks Growing More Targeted and Professional

Mathew J. Schwartz  •  February 26, 2020

Ransomware-wielding attackers - aided by a service economy that gives them access to more advanced attack tools - are increasingly targeting organizations rather than individuals to shake them down for bigger ransom payoffs, says McAfee's John Fokker.

►

Cloud Security

Cloud Protection: How to Secure Server Environments

Mathew J. Schwartz  •  February 26, 2020

Development teams are increasingly building and deploying for the cloud, but DevOps practices too often fail to account for what happens after applications go from development into production and maintenance - and the ongoing security challenges they will face, says Jake King, CEO, of Cmd.

Governance

Modified Draft CCPA Regulations: How They Impact Businesses

Suparna Goswami  •  February 26, 2020

In an in-depth interview, privacy expert Caitlin Fennessy sorts through modified draft regulations to carry out the California Consumer Privacy Act that are designed to help businesses take a more pragmatic approach to privacy.

►

Cloud Security

Closing the Tech Talent Gap

Tom Field  •  February 25, 2020

Global enterprises have spent a decade fighting the cybersecurity skills shortage, and Exabeam CEO Nir Polak has ideas about how automated tools can help fill the gap.

Fraud Management & Cybercrime

'Raccoon' Infostealer Now Targeting 60 Apps: Report

Akshaya Asokan  •  February 25, 2020

The operators behind the "Raccoon" infostealer Trojan have added new capabilities to this malware-as-service offering, which now has the ability to steal data from over 60 applications, according to researchers at the security firm CyberArk.

Governance

Service Provider to Government Left Database Exposed

Jeremy Kirk  •  February 25, 2020

Granicus, one of the largest IT service providers for U.S. federal and local government agencies, acknowledges that it left a massive Elasticsearch database exposed to the internet for at least five months, but it says the risks involved were low.