Updates on Cyber Security

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance solutions, helping the world’s leading organizations succeed by solving their most complex and sensitive security challenges. Every year RSA host a conference for the security industry, presenting the latest research, findings, treats and challenges of the internet. Here’s a collection of this years headlines, as they were published during the conference in San Fransisco last week.

“Attackers are using malware samples that researchers have never seen before — and will never see again — to successfully steal data from unsuspecting organizations, governments and individuals.”

RSA, The Security Division of EMC



RSA fraud prevention solutions reduce the risk of fraud and identity theft by assuring user identities, monitoring for high-risk activities and mitigating the damage caused by external threats such as phishing, pharming, Trojans and other cyber threats. The key words of 2011 is “cloud computing;” “phishing,” “smart grids” and “espionage.”

The Top Story:

Cloud computing contracts: tread carefully

RSA panel offers advice on legal considerations for organizations entering cloud service provider contracts.

FULL STORY

Collaboration crucial for fighting phishing techniques
Phishing’s not going away any time soon, but clear communication and cooperation between organizations sending emails to their customers and the web mail providers that filter those emails can help cut down on the number of phishing attempts that hit in boxes, said a panel at RSA Conference 2011.

McAfee-Wind River partnership to foster mobile, embedded system security
The deal will put McAfee’s ePolicy Orchestrator agent inside Wind River’s embedded operating systems, enabling enterprises to boost embedded system security to non-traditional endpoints.

RSA attendees skeptical about cloud service provider security
Attendees at the RSA Conference 2011 said cloud computing is good for certain business applications, but they’re leery of putting sensitive applications, such as those used in health care or education, in the cloud.

Smart grid security issues hinge on infosec, operator teamwork
Bridging the chasm between information security and utility infrastructure teams is the only way to solve smart grid security issues. Fortunately, NERC CIP compliance is forcing change.

Cloud computing compliance: Visibility key
Transparency is essential for security and compliance when working with cloud services providers, RSA panelists say.

APT detection, prevention are hard, but possible
A panel at RSA 2011 explains the organization and methodology behind targeted persistent attacks and what organizations can do to detect and respond to APT.

Unique attacks highlight Internet espionage trends
Attackers are using malware samples that researchers have never seen before — and will never see again — to successfully steal data from unsuspecting organizations, governments and individuals.

Survey reveals skills needed in IT security pros
A survey by certification firm (ISC)2 found a need for IT security professionals to improve application development processes and expertise to weigh cloud computing risks.

RSA panel debates cyberwar definition, realities
At RSA Conference 2011, a panel of experts, including Bruce Schneier and former DHS secretary Michael Chertoff, discussed cyberwar, espionage and how the ground rules for handling such conflicts will be decided.

Move to IPv6 could help spambots churn out more spam, malware says botnet expert
Antispam measures that rely on IP blacklisting could be less effective if Internet Service Providers take the wrong approach to IPv6, said prominent malware expert Joe Stewart.

RSA 2011: Schmidt-led Town Hall confronts public-private cooperation – again
At RSA Conference 2011, a Town Hall-style meeting of government cybersecurity officials, pressed for continued public-private sector cooperation.

Kaminsky, DNSSEC deployments experts say protocol will boost security
Network security expert Dan Kaminsky touts the security improvements DNSSEC provides, but admits that it will take time for businesses and consumers to reap the benefits.

Signature-based antivirus dying, but bigger problems loom
While security pros should be concerned with the decreasing efficacy of signature-based antivirus, employee threats should warrant increasing attention.

Cloud computing contracts: Tread carefully
RSA panel offers advice on legal considerations for organizations entering cloud service provider contracts.

Microsoft security chief stumps for Internet health check system
Microsoft Vice President of Trustworthy Computing Scott Charney at the RSA Conference 2011 discussed Collective Defense, Microsoft’s proposed Internet health check system for consumer computers, and how it should be implemented not by governments and ISPs, but by enterprises.

Focus on people, not technology, cryptographer says
A prominent encryption expert at the annual cryptographer’s panel at RSA Conference 2011 said poorly implemented encryption deployments are being stymied by employee errors.

Software fraud, phony electronic parts pose serious security risks, expert says
A supply chain management expert studying ways companies can crack down on cheaply made imitation parts and software is urging software makers and manufacturers of electronic devices to develop better technologies to weed out fraudulent items.

White House CIO talks up cloud computing strategy
White House chief information officer (CIO) Vivek Kundra on Monday outlined the U.S. government’s strategy for cloud computing, a shift he said is critical in order to cut costs and improve efficiency.

Better methods needed to discover network configuration flaws
Examining firewall logs is not enough and most common network penetration tests often miss network misconfiguration issues, leaving sensitive information vulnerable to outside attackers, said a prominent network security expert.

Symantec turns to reputation security to bolster malware signatures
Symantec Corp. is adding new reputation scoring technology to its enterprise endpoint protection suite in a move security experts and analysts say will force its competitors to react by bolstering similar technologies.

Emerging theme at RSA Conference 2011 may be ‘mostly cloudy’
For the last several years, security experts and vendors at the RSA Conference have explained the risks associated with the use of cloud-based services. Far fewer have identified specific ways to protect data in the cloud. That may change at RSA Conference 2011..

Cloud computing security summit draws growing crowd
Cloud Security Alliance event expands to accommodate growing interest.

IT security career experts to dish out practical advice at RSA Conference 2011
Information security growth is fueling fierce competition among job applicants, according to Lee Kushner and Mike Murray, IT security career experts who follow the industry closely. Both career experts will be participating in an information security career development session at the RSA Conference 2011.

Security B-Sides brings its buzz back to San Francisco and RSA Conference
Security B-Sides isn’t just for big conference rejects any more. This little-conference-that-could has grown up and become a force on the information security speaking scene. Its latest incarnation springs up Monday, a day ahead of the official start of RSA Conference 2011, around the corner from the giant Moscone Center, home to the security industry’s biggest annual event.

Source: SearchSecurity.com


Related by the Econotwist’s:

Advertisements

2 Comments

Filed under 1

2 responses to “Updates on Cyber Security

  1. Pingback: Stuxnet Mutants All Over The Web | EconoTwist's

  2. Pingback: World Spinner