Tuesday, 13 November 2012

APTs and Acquisition


You’d have to be living under a rock to not have heard about the recent rise in targeted attacks. From oil operators in the Middle East to financial institutions in the U.S., advanced persistent threats, APTs, have grown exponentially. Yes, they are a problem for big, global brands but should smaller organizations concern themselves with the proliferation of these sophisticated attacks? In a word, yes.
Once targeted attacks are developed and executed, the details often become easily accessible to cyber criminals at-large online. Translation? They grab the code and use it to attack you. We recently completed our annual State of the Endpoint report and it would seem IT departments everywhere are paying attention. The report hasn’t been released however one interesting data point to call out is IT administrators now consider APTs their “biggest headache.” (Watch for the release of our new State of the Endpoint report, conducted by the Ponemon Institute, the first week of December.)
The rise in APTs and of course malware in general is a serious concern. We won’t sit idly by and I urge you not to either. Recently, Gartner projected 50 percent of companies will deploy “deny all” technologies by 2015. This is a very strong supporting point for our recent announcement – the November 5 acquisition of CoreTrace Corporation, an innovative, Austin, TX-based application control software provider. We understand the threat landscape has evolved greatly and it will continue to. While we can’t predict the future of cyber crime, we can help our customers and the industry be as prepared as possible. Layered defenses that include application control is a very strong starting point.
The asset acquisition of CoreTrace will enhance our capabilities, portfolio of patents and other IP. We are now working to integrate key aspects of CoreTrace technology into Lumension® Application Control which is available via the Lumension Endpoint Management and Security Suite. For you, our customers and the industry, this means improved, advanced persistent protection in the fight against even the most sophisticated cyber attacks.
by Pat Clawson
Posted by CMI at 09:10 0 comments

Security Metrics - Truth In Data


I am thrilled to share theThreatPost articleI wrote about the top ten tips security teams should consider as they evolve their metrics-driven practices. If video is your preferred format, I also shared details about these tips in this short piece.
These are not huge revelations or commandments - instead a set of principles proactive security teams should consider as they get serious about making the most of their event data.
I am passionate about this topic - as are many others in the security field. Without taking a more methodical and sustainable approach to analyzing our security posture, we will be in a constant knife-fight with cyber-criminals and we won’t win that one.
In fact, I will soon be sharing some details about some research we did that highlights the challenges faced by most security organizations. Some of the results were surprising, but my biggest take-away is that security teams are not armed with the right tools or processes to confidently stay ahead of threats.
Keep your eyes peeled for that report and let’s continue the dialog about improving our security posture with greater intelligence.
by Joe Gottlieb
Posted by CMI at 09:09 0 comments
Subscribe to: Comments (Atom)