Realizing the potential of exploit toolkits

Anti-virus companies have identified a new trend: Criminals are increasingly using open source software instead of developing or purchasing their own malware. Kaspersky Lab recently revealed several cyber espionage campaigns, which operate according to this model. Such free tools that were originally designed for security testing contain many tools that criminal hackers can also use for their own purposes. Even more conveniently for hackers, these tools are also developed and maintained by the open source community for free.

Vulnerability scan for Industry 4.0 with LARS

Not a day goes by without Industry 4.0 being touted as the future of the manufacturing industry. And it’s true, the digitization of production environments is already gaining traction, in some sectors more than others. And with all these developments, everyone is concerned with the security of the brave new interconnected world. Now standard hardware and software are in control of motors, switches and pumps, the security risks must be kept in mind by automation engineers. This requires a methodological approach, which is best adapted and linked to a central ISMS policy.

Big Data and IT Security – SIEM as an Analysis Tool

Over the last few years, gleaning useful information from massive amounts of data has also become more difficult for IT security and approaches to Big Data and information analysis are a critical topic in this sector. The number of users, end devices, applications and log files are constantly on the rise. At the same time, attackers are becoming more sophisticated and professional while constantly adapting their strategies. Companies are now facing a completely new level of risks and challenges to their IT security operations.

Frequently companies have more than enough data on security events, including successful penetrations and potential vulnerabilities. Enormous volumes of data are generated by network components, storage systems or applications. Security threats buried among this data must be taken seriously, however attacks often remain unnoticed or they are not discovered in time due to a lack of structured data. Analyzing and interpreting this data and deploying a rapid response is almost impossible without specialist software.

Cybersecurity Isn’t Generational: Why Millennials May Not Be the Tech Hope of the Future

Of all the assumptions made and beliefs held about millennials, one of the most common is that they’re uniquely tech-savvy. After all, this is the first generation to grow up being exposed first to the advent of computers and the Internet, and now to smartphones, tablets and always-on connectivity. So it’s no surprise that governments have been banking on these digital natives, who practically eat, sleep and breathe technology, to become their cybersecurity saviors. Who better than the first 24/7 tech generation to demonstrate a keen understanding of the current threat landscape and the technical skills necessary to implement the best defense-in-depth measures to counter those threats? Unfortunately, that may be little more than a pipedream, if a new survey is any indication. That report, “Securing our Future: Closing the Cybersecurity Talent Gap,” released by the National Cyber Security Alliance and Raytheon, identified a significant cybersecurity awareness gap among millennials worldwide – specifically, respondents between the ages of 18 and 26, hailing from countries like the U.S., U.K., Germany, France and Japan. Despite the presumption that millennials would be naturally more predisposed to grasping and deploying best practices for cybersecurity, as well as pursuing cyber careers to do so, many of them sound alarmingly out of touch. Here are just a few of that survey’s findings: Close to 80 percent had neither spoken with a cybersecurity professional before or weren’t sure if they had done so 69 percent felt that their high school computer classes hadn’t prepared them for a cyber career 67 percent said they hadn’t heard about any cyberattacks in the news over the past year Two-thirds...

Plan, Install and Operate VPN Gateways in Accordance with the BSI’s Basic IT Security Manual

While the core focus of IT administrators may not be security, they are often tasked with looking after network security, leading them to sometimes feel overwhelmed. They might ask themselves: “How do I know where best to focus? How do I know if my approach is correct?” Fortunately, such questions can easily be answered. Have a look at the manual for basic IT security from the Federal Office for Information Security in Germany (BSI). It contains many answers to security questions that IT professionals may have, but unfortunately, not many are familiar with the almost 4,500 pages of information, covering almost all aspects of IT security. The beauty of the BSI manual is that it’s written fully independent of manufacturers and can be used in almost all system environments. Divided into building blocks, risks and approaches, the manual for basic IT security provides a well-organized introduction and a comprehensive explanation of how to handle IT security matters. German government agencies have to be certified through the BSI, and all other institutions and companies can also be certified. BSI standards are the basis for the certification, which is compatible with ISO 27001. The implementation is described in the BSI manual. If an expensive certification is not required, working with the manual for basic IT security makes sense because the manual is free of charge – the current version can be downloaded from the BSI website and an HTML version is also available. Also, the clear structure is a big plus. If companies lack adequate security planning and a holistic view of IT security, the BSI manual presents a standardized approach...

The BYOD Backlash: Enterprises Search for a New Mobile Device Management Standard

If corporate Bring-Your-Own-Device (BYOD) policies are intended to be an acceptable compromise between employees and employers, why do both parties seem to be so consistently displeased with them? Let’s focus on employers, since they have final say as to what devices are permitted to access the corporate network. According to a study by CompTIA, BYOD has reached a breaking point. Fifty-three percent of enterprises now tell CompTIA that they have banned BYOD – up from 34 percent just two years ago. With that many employers banning BYOD outright, other initiatives have started to fill the vacuum. Believe it or not, some employers are finding themselves reverting back to how they handled mobile device management (MDM) years ago, before the infiltration of consumer devices into the workplace – by issuing work devices to employees. But what about the conventional wisdom that employees generally balk at corporate mobile technology, which may facilitate more secure remote access, but offers them little choice? As the CompTIA report found, some employees are actually open to using devices provided by the employer, on one condition – “if it is the same thing they would choose on their own.” What this shows is that even though a majority of businesses have banned BYOD, there’s still an opening for IT departments to provide employees with some degree of choice and flexibility in the mobile devices they use. And this degree of control is not through the physical device, but through the operating system – or rather, systems – that run on the device. One Device, Two Systems A container or partition solution is a newer form of...