Complexity, manpower requirements among IT gripes
While "Big Data Security" is now the industry buzzword and defines a way to get enterprise customers into a new method of threat detection based on mining massive amounts of security-event and business data to pinpoint threats, the response from a few IT shops seems to be"thanks, but no thanks."
A big theme at the RSA Conference this year is a concept known as Big Data Security -- the idea that massive amounts of data related to both network security and of business context should be stockpiled to be analyzed to pinpoint malware, rogue insiders and stealthy attacks aimed at stealing sensitive data.
Any enterprise looking to use cloud computing services will also be digging into what laws and regulations might hold in terms of security and privacy of data stored in the cloud. At the Cloud Security Alliance Congress in Orlando this week, discussion centered on two important regulatory frameworks now being put in place in Europe and the U.S.
If there's gold in log files, Splunk, Inc's Splunk will help you to find it. Splunk bridges the gap between simple log management and security information and event management (SIEM) products from vendors such as ArcSight, RSA, Q1 Labs, and Symantec.
Securing a hybrid cloud is not the same thing as deploying hybrid security products.
Whitepapers about SIEM
Given today’s threat environment, security teams now realize that they must assume their IT environments are subject to periodic compromise. Gone are the days when preventive measures to secure the perimeter or trying to detect malware problems using signature match technologies were enough. New practices based on an understanding of the phases of an attack, continuous threat monitoring, and rapid attack detection and remediation are required. Find out more.
Sign up now »
Clearswift SECURE Email Gateway is an effective and resilient email gateway for 50 to 50,000 users.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.