Info Risk Today Podcast

The old, standard dashboards are no longer sufficient. To be truly effective, network pros now need new data to help find and resolve network security issues, says Mike Heumann of Emulex.

For too long, code writers have been measured on the features built into their applications - not the potential security vulnerabilities. It's time to change that perspective, says Maty Siman of Checkmarx.

When it comes to DDoS attacks, the hacktivists get all the headlines, but there is a robust service industry behind the scenes, supporting these sophisticated strikes, says Darren Anstee of Arbor Networks.

When marketing a secure Web gateway worldwide, iboss has to take into consideration the culture of each region and offer customization to meet local needs, says Roy Harris, senior vice president.

Ethical hackers can play an important role in testing the security of websites, says High-Tech Bridge's Ilia Kolochenko, who describes a new on-demand security assessment service.

DDoS attacks have grown in sophistication. But so have organizations' dependencies on the services disrupted by DDoS, says Corero's Ashley Stephenson. How should security leaders respond to protect their critical services?

Organizations across all industry sectors understand the importance of information security. But turning security awareness into meaningful action - that's the challenge that many midsized entities face, says Sophos' Nick Bray.

Cloud-based advanced threat protection helps organizations detect sophisticated malware that is able to bypass existing security measures. The key is to start with the premise that the network is already infected, says Seculert's Dudi Matot.

Organizations and security threats have changed dramatically, but many information security strategies have not - and that is a huge problem, says SafeNet's Jason Hart.

Understanding the behavior patterns of individuals with access to an organization's most important credentials is one of the keys to privileged management, says CyberArk's Matt Middleton-Leal.

On the technical side, authentication is much the same as it was years ago. But the way consumers are using two-factor authentication products has dramatically changed, says Vasco's Jan Valcke.

When considering security products, companies need to run test scenarios to make certain the product can handle their type of traffic, says Ixia's Richard Favier.

A new study from Neustar shows DDoS attacks in the United Kingdom are often used as a smoke screen for malware attacks or theft, says security specialist Susan Warner.

The key to creating secure applications is choosing the right open source components and carefully monitoring them to ensure they remain free of defects, says Sonatype's Wai Man Yau.

New technology enables organizations to protect applications against reverse engineering and tampering by cybercriminals, says Arxan Technologies' Mark Noctor, who explains how the approach works.

"If you're not doing the right things on managing vulnerabilities, it doesn't really matter what other kinds of sophisticated things you do - that's the baseline for security," says BeyondTrust's Marc Maiffret.

Cloud-based "testing-as-a-service" and "security-as-a-service" platforms can make security more accessible to smaller organizations, says Spirent's Brian Buege.

As cyber-attacks become more common, organizations must devise new ways to shorten response times and lessen the impact, says Paul Nguyen of CSG Invotas.

The best way to detect whether hackers have penetrated an IT system is to examine outbound traffic, says Eric Cole, the latest inductee to the Infosecurity Europe Hall of Fame.

A George Mason University research fellow says the cybersecurity framework, issued earlier this year by the National Institute of Standards and Technology, is likely to cause more problems than it solves.

Verizon's latest annual breach report shows that Web application attacks increased more than malware-fueled point-of-sale intrusions in 2013, says analyst Dave Ostertag, who provides an overview of the report's findings.

Privacy and security are vital components of all major projects that the Office of the National Coordinator for Health IT has under way, says Karen DeSalvo, M.D., the new head of the office.

Ellen Richey of Visa, keynoter at the April 29 <a href="http://www.ismgcorp.com/fraud-summit/san-francisco"><b>Fraud Summit San Francisco</b></a>, outlines key card fraud-fighting trends for the year ahead, including the U.S.'s migration toward EMV, greater use of tokenization and heightened fraud detection.

Malcolm Harkins has a unique role. He oversees both security and privacy for global technology vendor Intel. What tips does he offer individuals who seek to build careers in either discipline - or both?

A notion emerging from the Heartbleed bug is that organizations can't determine if the vulnerability caused data to be exfiltrated. But CERT's Will Dormann says that may not always be the case.

The chief executive of the Finnish company that uncovered the Internet website vulnerability known as Heartbleed says security practitioners should rethink how they approach IT security by placing a greater emphasis on vetting software for vulnerabilities.

Symantec's 2014 Internet Security Threat Report calls 2013 the year of the mega breach. Why? Because it's getting far too easy for the bad guys to pull off these breaches, says Symantec's Kevin Haley.

Starting now, healthcare organizations using Microsoft Windows XP-based medical devices better have short- and long-term strategies to address cybersecurity, says medical device security researcher Kevin Fu.

The FFIEC just issued new guidelines on DDoS risks to U.S. banking institutions. What is the substance of these guidelines, and how must banks and credit unions respond? Rodney Joffe of Neustar offers advice.

To boost <b><a href='https://www.govinfosecurity.com/cybersecurity-c-223'>cybersecurity</a></b>, senior leaders - whether a CEO, a board member or a government agency director - need to think of information as a critical asset worthy of protection, risk management experts Val Rahmani and Malcolm Harkins say.

Increasingly, organizations are seeing attacks migrate from the network to the application level. How can security leaders ensure they are prepared to handle this shift? Kunal Anand of Prevoty offers insight.

Even so-called minor breaches can cost organizations nearly $200,000, according to one finding from NTT Group's annual Intelligence Report. Rob Kraus of Solutionary shares the study's insights and advice.

Advanced threats are like the weather. Everyone talks about them, but few have a solid defense plan - or even a solid understanding of the threat landscape. Mike Nichols of General Dynamics Fidelis Cybersecurity Solutions offers insight.

Information security and privacy work in healthcare environments often requires a depth of specialized knowledge and competency that can be validated through the help of professional credentialing, says CISO Sean Murphy.

(ISC)² is celebrating its silver anniversary as a global organization educating and certifying information security professionals. What are the key threats and trends driving the profession's future growth?

Retail point-of-sale breaches at <a href="https://www.bankinfosecurity.com/did-target-ignore-security-warning-a-6630"><b>Target Corp.</b></a> and <a href="https://www.bankinfosecurity.com/neiman-marcus-downsizes-breach-estimate-a-6532"><b>Neiman Marcus</b></a> have put a spotlight on payment card security and encryption. But achieving true end-to-end encryption isn't easy, says data protection specialist Richard Moulds.

New guidance from FinCEN addresses know-your-customer concerns surrounding financial transactions linked to legal marijuana businesses. Anti-money-laundering expert Kevin Sullivan sorts through the advice.

Banking Trojans such as Zeus have gotten much tougher to detect because of new attack techniques, which means intrusions are going undiscovered for longer periods, says Trusteer researcher Etay Maor.

There have never been more career options for privacy professionals. But what are the essential skills and experience for advancement? Michelle Dennedy of Intel Security discusses her career path.

Mobility has driven the rise of containerization as a security strategy for employee-owned devices. But what about for contractors? Kimber Spradlin of Moka5 discusses how to mitigate third-party risks.

Attackers likely purchased malware in underground "cybercrime-as-a-service" markets to use in recent credit card breaches, including the <b><a href='/target-to-hire-new-cio-revamp-security-a-6601'>Target Corp. attack</b></a>, a new report from McAfee Labs asserts. Adam Wosotowsky explains the report's findings.

One key factor in efforts to reduce reliance on passwords for authentication will be international acceptance of the FIDO Alliance's soon-to-be released protocol for advanced authentication, says Michael Barrett, the alliance's president.

A problem federal agencies face in deploying effective <b><a href='https://www.govinfosecurity.com/continuous-monitoring-c-326'>continuous monitoring</a></b> is that there's just too much guidance, former federal chief information security officer Patrick Howard says.

Distributed-denial-of-service attacks are a concern for all organizations. But financial institutions face unique challenges, and so they require a unique level of protection, says Mark Byers of Fortinet.

Phyllis Schneck, the Department of Homeland Security's deputy undersecretary for cybersecurity, equates the department's continuous diagnostics and mitigation initiative with a medical probe detecting an infection in the human body.

By automating data analysis, organizations can enhance their threat intelligence and lessen their workloads, says Flint Brenton, president and CEO of AccelOps.

In the wake of high-profile breaches and data leaks, the government will pay a lot more attention to information security. Are security pros ready for this scrutiny? Professor Eugene Spafford has his doubts.

Everyone is talking about threat intelligence, but what are the characteristics that make it useful? David Duncan of Webroot offers insights on new solutions and partnerships.

Traditional fraud has evolved in complexity, changing the threat landscape dramatically. Greg Maudsley and Preston Hogue of F5 discuss new strategies to mitigate evolving threats.

With enhanced analytics, organizations and law enforcement are improving their ability to trace malware attacks and other advanced persistent threats, says Eward Driehuis of Fox-IT.