In an environment of constant attacks, network packet capture and advanced security analytics are needed to discover the attack in
progress and provide the intelligence to minimize the damage done. Advance knowledge of the reconnaissance phase, early probes of vulnerable systems, suspicious lateral movement, and...
IR teams, typically operating under a formalized IR plan, are designed to detect, investigate and, when necessary, remediate organizational assets in the event of a critical incident. SANS conducted a survey with the goal being to get a clearer picture of what IR teams are up against today. Such as, the types of...
The retail industry is booming. What's more, retailers are investing in e-commerce strategies and user-friendly websites to further
entice consumers and to stay competitive. They're also upgrading point-of-sale (POS) systems to improve control and introducing
contactless payment to speed up the purchasing process. ...
In 2011, the Federal Financial Institutions Examination Council (FFIEC) issued a supplement to the Authentication in an Internet Banking Environment guidance, issued in October 2015. The purpose of the supplement is to reinforce the risk-management framework described in the original guidance and update the FFIEC...
As breaches continue to cause significant damage to organizations, security consciousness is shifting from traditional perimeter defense to a holistic understanding
of what is causing the damage and where organizations are exposed. Although many attacks are from an external source, attacks from within often cause the...
A recent survey asked information security decision-makers from various industries globally what keeps them up at night and insider threats were high on the list for the 345 pros polled. Protection from imposters requires rapid and reliable detection that offers immediate insight into what's happening, how it's...
This White Paper will present some common sense suggestions for improving the "beginning of the lifecycle" risk mitigation process. In other words, ways to add a bit more intelligence beginning with the screening and hiring process. Then, we'll look at how to tie the efforts made at the beginning of the lifecycle to...
Insider data exfiltration causes tremendous damage every year. Worse, the vast majority of insider data exfiltration goes undetected simply because the organization is not looking for it. Relying on technologies designed primarily to secure the perimeter leaves much to be desired. Relying on trust is only an option...
Today's cybercriminals are aware of the fraud prevention technologies deployed by most financial institutions, and they design attacks to circumvent these controls. Transaction anomaly detection and device ID approaches can be highly inaccurate, generating a large number of false positive alerts that can overwhelm IT...
Failure to comply with TCPA can result in expensive litigation and regulatory actions. Learn what steps you need to take to mitigate your compliance risk.
Download New TCPA Rules: Key Insights You Should Be Thinking About to get answers to common questions, such as:
What does the order say about reassigned...
The whole idea behind vendor risk
management is that you want to be
able to verify the effectiveness of your
vendors' security practices. But with current solutions that rely on
self-reporting questionnaires, how
do you actually go about doing that?
Download this whitepaper to explore the flaws of...
One of the first steps to creating a
vendor risk management program
includes identifying what kind of
access your vendors have to your
network and where your greatest
risks lie. Unfortunately some organizations dwell on identifying those risks rather than remedying them.
Download this whitepaper to explore...
Upper management doesn't always buy
in to or fully understand the importance
of a vendor risk management program.
Download this whitepaper for expertise on how to properly communicate the
risk (and management of that risk) in
a way that executives can understand
The Q2 2015 State of the
Internet-Security Report builds on the significant changes
made in last quarter's report. In this edition, attack data
previously published in the classic State of the Internet
Report is combined with the data previously published in the quarterly
Prolexic DDoS Attack Report. The two...
Relationships with vendors are
important (or even vital) for many
organizations, but unfortunately,
there's a trade-off - the more data you
share, the more risk you acquire.
It is extremely difficult to measure
the security posture of each of your
vendors, let alone create objective
metrics around those...