BLOG AUTHORS

waynelewandowskiWayne Lewandowski
Area Vice President, Federal
mikeMike Yoder
Senior Security Architect
socialtis2Tina Stewart
Vice President Marketing
radfordC.J Radford
Vice President of Cloud

DEFENDERS OF DATA

15 Apr
2014
Categories : Data Encryption, Data Security            Leave a comment            Tags: , , , ,

Just released is our latest Vormetric Insider Threat Report.  This latest report focuses on Europe, and an earlier version in September of last year detailed responses from the US.  Today, I’m taking a deeper look at the combined government data from both US and European government at a level you won’t see elsewhere. One point before I get to the results – Insider Threats aren’t just traditional insiders, people with access to sensitive data in the course of accounting, financial, […]

11 Apr
2014

If you’re reading this blog, chances are good that you’ve heard of a horrid bug in OpenSSL named Heartbleed.  Rarely has a software bug caused such a ruckus in the security community.  The bug is sufficiently bad – an attacker can read random parts of the server’s memory – that an upgrade to the fixed version is an urgent matter.  To add to this, the versions of OpenSSL with the bug are very widely used – up to 2/3rds of […]

10 Apr
2014

Last month, I called out the Top 5 Data Breach Trends for 2014. Trend 1—Revenue Loss Means Board Room Focus Trend 2—Retail Breaches: An Easy Target Trend 3—Cloud and Big Data= Big Target for Cybercriminals Trend 4—Government and Healthcare: High Risk Trend 5—Compliance Will Grow Bigger Teeth Since then, supermarket chain Morrisons suffered an insider attack through stolen staff payroll systems that were published online which links back to trend 2; retail data breaches an easy target. Also surfacing this week—18 […]

08 Apr
2014

Here at Vormetric, we just issued the European Edition of our Insider Threat Report.  Although the report focused on Insider Threats, we also included a strong focus on SaaS and Cloud Provider use for enterprises – both on the additional Insider Threat concerns around SaaS and Cloud Services and about what those enterprises would like to see that would increase their use.  Today I’m going into details that we didn’t highlight in the report, but which are directly relevant to […]

03 Apr
2014
Categories : Data Security, Key Management            Leave a comment            Tags: , , , , , ,

While we’ve since learned it was a relatively unsophisticated attack, the Target data breach remains anchored in the headlines and, thanks to the more recent security breach reported at giant grocery chain Morrisons in the UK, we can’t get away from the risk posed to business by the ‘Insider Threat’. Events of the last few months have thrust the dangers of privileged user abuse into the spotlight. However, while these security incidents do vary in terms of scale and impact, […]

01 Apr
2014
Categories : Data Breach            Leave a comment            Tags: , , , ,

It may not be obvious, but there’s a common thread through the endless procession of data breach disclosures, and it’s the Insider Threat. Insider threats are no longer just traditional insiders with access to special information within a company (a classic is the accountant that walks off with all the cash), it now includes privileged users of all types and the compromise of accounts to gain access to sensitive data. Take a look at a couple of cases recently – […]

27 Mar
2014
Categories : Data Breach, Data Security            Leave a comment            Tags: , , , , ,

It’s been a while—December 2013 in fact—since my last Data Breach Round-up post and a lot has happened since. Snowden-related discussions are still dominating the news cycle, often pointing to insider threats as the most prominent issue organizations are facing today. The sheer amount of data breaches (ie. Target, Adobe, Korea Credit Bureau, Neiman Marcus) sends a signal that cybercrime will continue to rise. New security threats and regulations make the case for more transparency going forward; all signs point […]

20 Mar
2014

It isn’t any surprise that Cloud Security is still at the top of every Enterprise’s concerns about using cloud resources and services.  Since the inception of cloud services, security has been a top concern, and one of the reasons that the largest investments by enterprises to date have been private cloud related.  That hasn’t stopped lines of business from using cloud services without authorization, or stopped enterprises from putting their “toe in the water” with non-critical projects, limited SaaS applications […]

The U.S. Cybersecurity Framework

Posted By: Robert Bigman, Former CIA CISO
18 Mar
2014
Categories : Data Security            Leave a comment            Tags: , , , ,

Only Suggestions and Encouragement – When we are at Cyber War All you need to know about why the presidentially directed cybersecurity framework effort by the National Institute of Standards and Technology (NIST) represents (at best) minimal progress in our war against cybercriminals and nation-state actors is summed up in the second paragraph of the summary. The framework states that: “[i]t is the Policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and […]

13 Mar
2014

We made a really important announcement today – We’ve now added integration to the third of the top SIEM solutions, IBM QRadar, to our existing integration with HP ArcSight and Splunk. As the cadence of data breaches increases worldwide with continued losses of credit card and customer data from retailers, health care data losses, revelations from Mr. Snowden, and more, it’s increasingly clear that traditional approaches to security are not able to safeguard sensitive data. What’s needed are strong security […]