Cisco shows the global picture of information security

Posted on by admini

In fact, more Generation Y workers globally said they feel more comfortable sharing personal information with retail sites than with their own employers’ IT departments – departments that are paid to protect employee identities and devices. As Generation Y graduates from college and enters the workforce in greater numbers, they test corporate cultures and policies with expectations of social media freedom, device choice, and mobile lifestyles that the generations before them never demanded. As the first chapter of the Connected World Technology Report indicated in December, Gen Y is constantly checking social media, email and text updates, whether it’s in bed (3 of 4 surveyed globally), at the dinner table (almost half), in the bathroom (1 of 3), or driving (1 of 5).

Nine of 10 (90 percent) IT professionals surveyed said they have a policy governing the use of certain devices at work, yet only two of five Gen Y respondents said they were aware of such a policy. IT professionals know that many employees don’t follow the rules, but they don’t understand how prevalent it is: More than half (52 percent) of IT professionals globally believe their employees obey IT policies, but nearly 3 out of 4 (71 percent) of the Gen Y workforce say that they don’t obey policies. In other words, Gen Y is less averse to complete strangers at retail sites monitoring their activity than their own employers’ IT teams – teams that are there to protect them and their companies’ information.

Link: http://www.net-security.org/secworld.php?id=14334

Read more

DDoS attack sizes plateau, complex multi-vector attacks on the rise

Posted on by admini

DDoS: Attack sizes plateau; complex multi-vector attacks on the rise – The largest attack reported was 60 Gbps, same as 2011; and 46 percent reported multi-vector attacks.

This year’s results confirm that application-layer and multi-vector attacks are continuing to evolve while volumetric attacks are starting to plateau in terms of size. … Attackers have now turned to sophisticated, long-lived, multi-vector attacks – combinations of attack vectors designed to cut through the defenses an organization has in place – to achieve their goals. … This year’s report includes a case study on the ongoing attacks against U.S. financial services organizations, a great example of a multi-vector attack.

Data centers and cloud services are increasingly victimized – 94 percent of data center operators reported attacks, and 90 percent of those reported operational expenses as a business impact.

As more companies move their services to the cloud, they now have to be wary of the shared risks and the potential for collateral damage. DNS infrastructure remains vulnerable – 27 percent experienced customer-impacting DDoS attacks on their DNS infrastructure—a significant increase over the 12 percent of respondents from last year’s survey. 71 percent of respondents reported good visibility at Layers 3 and 4 but only 27 percent reported Layer 7 visibility.

Link: http://www.net-security.org/secworld.php?id=14323

Read more

Indian cyber laws lack teeth to bite data hackers

Posted on by admini

The death of web-freedom activist Aaron Swartz, has once again turned the limelight on the Cyber security issues and laws governing the virtual world. While, Swartz, could have encountered over 30 years in prison if convicted following his trial under US laws, in India he could have gotten away with just three years imprisonment and Rs 5 lakh fine for the same charges.

In case, any university or institute network is hacked by someone, the maximum punishment is 3 years and Rs 5 lakhs fine under Section 66, read with 43 (I). Moreover, it is a bailable offence in India, while in the US it is a non-baliable offence,” Cyber Security expert Pavan Duggal said.

According to Salman Warris, a New Delhi-based cyber law expert, the current legislations are not suffice to deal with data hacking incidents in India. “In the US and Europe there is a complete legislation dedicated to data protection, while under Indian Act there are only two provisions related to data protection.

Aaron Swartz could also have had to shell out a penalty worth millions of dollar for allegedly downloading material from JSTOR. According to a senior professor associated with a leading university,”There has been instances in the past, where the university website has been hacked into. Whatever happen to MIT could happen to any institute, said Kamalesh Bajaj, CEO of Data Security Council of India (DSCI), a Nasscom initiative.

Link: http://www.business-standard.com/india/news/indian-cyber-laws-lack-teeth-to-bite-data-hackers/204728/on

Read more

F5 Networks introduces application delivery firewall

Posted on by admini

With support for SAML 2.0, F5 now offers improved single sign-on (SSO) capabilities for web-based, VDI, and client/server applications—whether hosted in corporate data centers or the cloud. In addition, BIG-IP APM offers identity federation across multiple product instances within an organization, reducing the number of passwords needed by users to access corporate applications.

BIG-IP ASM now features support for applications written with the Google Web Toolkit, meaning security teams can enforce application security policies that use this widely adopted framework. Additionally, BIG-IP ASM can better detect and mitigate clickjacking, a growing web threat that attackers use to trick others into revealing personal information.

Link: http://www.net-security.org/secworld.php?id=14332

Read more

RSA combines SIEM with incident visibility to create Security Analytics

Posted on by admini

With this you get full security visibility of data for log and packet and it gives the user more intelligence and if something is known, if it has been seen before.”

Jon Oltsik, senior principal analyst at Enterprise Strategy Group, said: “The sophistication of advanced attacks and the associated malware is growing every day testing the limitations of existing security analytics tools.”

Marrying intelligence-driven security with Big Data analytics has the potential to help enterprises address the complex problem of advanced threats and thus meet a significant need in the marketplace.”

Link: http://www.scmagazineuk.com/rsa-combines-siem-with-incident-visibility-to-create-security-analytics/article/278162/

Read more

Five eyes push to declassify security vulnerability data – Networks – SC Magazine Australia – Secure

Posted on by admini

Schmidt flagged the need to declassify data during his years at the White House and said progress had been made prior to his resignation from the job in May last year. For Schmidt, the suppression of information denies organisations the ability to defend themselves from attack, noting that it can take months for information to be declassified.

From the time the FBI was notified, DHS (Department of Homeland Security) and the Department of Defense all responded [but] it took 102 days from the time it was reported to the time they went out to industry members. If the declassification effort fails — and it is thought to have stalled amid the recent US Congress reshuffle — then Schmidt said the private sector should take charge and share vulnerability and threat data.

In recent years, security researchers have discovered and extensively detailed malware thought to have been developed by nation-states to launch attacks and conduct espionage against foreign interests.

Schmidt said it is also reckless because such attacks can cause collateral damage against critical private infrastructure, and the malware can be reverse-engineered and re-appropriated for further attacks.

Link: http://www.scmagazine.com.au/News/330685,five-eyes-push-to-declassify-security-vulnerability-data.aspx?utm_source=feed&utm_medium=rss&utm_campaign=SC+Magazine+News+feed

Read more