Archive for the ‘cyber crime’ Category

h1

@CyberSec_EXPO call for speakers deadline 7th April

March 28, 2014

By Rosalind Carr, @Rosalind_at_O

 

IP-EXPO-EuropeCyber-Security-Expologo

 

In its first year, Cyber Security EXPO, part of IP EXPO Europe 2014, is in search of senior information security and technology experts to present at this targeted information security event. According to the event’s Content Director Mike England, “Cyber Security EXPO will delve into the issues set to disrupt the status quo in cyber security thinking with a view to providing visitors with a real understanding of the challenges that are impacting on their organisations.”

Taking place from 8th – 9th October 2014 at ExCeL London, Cyber Security EXPO will incorporate a dedicated CISO conference plus education theatres and a significant exhibition. It will examine major themes, including:

  • Internet & Network Security
  • Fighting Cyber-Crime
  • Log Data & Advanced Analytics
  • Identity & Privacy Protection
  • Cloud Security & Governance
  • Mobile Device Management

Read the rest of this entry ?

Advertisements
h1

Will AppIDs replace deep packet inspection?

March 2, 2011

A growing number of IT security vendors are moving away from packet inspection of internet traffic in favour of monitoring the credentials of the user and the applications they are using, reports Steve Gold (@stevewgold)

The world of IT security is changing – largely as a result of increasing data traffic and faster internet connections, which make it more challenging to analyse the data flowing across those connections in real-time.

A number of IT security vendors have been grappling with the problem of larger bandwidth internet data flows for some time.

As internet caching specialist Akamai’s latest quarterly report shows, there are more and more users on the global internet generating ever increasing volumes of data traffic. According to the Akamai Q3 2010 “State of the Internet” report, more than 533 million unique IP addresses from 235 countries connected to its global network of caching servers during the third quarter of last year.

That’s an astonishing increase of 20 per cent over the same quarter a year previously. Wow.

IT security vendors have traditionally carried out a process called deep level packet inspection on Internet Protocol (IP) data flows, but with the rising tide of data flowing across the internet, typically in 10 Gbps chunks, deep packet inspection is rapidly (no pun intended) proving to be technically difficult. A growing number of security vendors are therefore moving away from packet inspection of traffic in favour of monitoring the credentials of the user and the applications they are using.

By working out whether a user is authorised to do what he or she is doing from a given IP address, companies and carriers can allow or disallow the session in real time.

Then, by monitoring the application(s) the user is running, which can be analysed using their signatures (known as AppIDs), the user’s IP session can be risk-assessed and allowed or disallowed as required.

AppIDs are central to this new way of security analysis. One vendor I spoke to recently had even allocated a range of AppIDs to botnets, taking the idea to a whole new level.

If the principle sounds familiar, it’s because it was the basis of a Windows security application – now long gone, sadly – called Guardian in the early 1990s.

That was in the days of dial-up modems, of course…

h1

He’s H4cked Off: Q&A with Stuart Sumner, Senior Reporter at Computing

January 25, 2011

By Rose Ross (@Rose_at_O) and Olivia Shannon (@Olivia_at_O)

EDITOR’S NOTE: Stuart Sumner is now Editor of Computing. Find him on LinkedIn. (Updated July 2012)

Q.  Tell us a bit about yourself:

Journalist, writer, comedian, musician, poet, super-sleuth and lover.  Also prone to exaggeration and lies.

Q. Tell us a little bit about the titles you write for and their interest in data security:

I write for Computing, often but not exclusively on security.  It’s an area that gets more interesting the more you delve into it (a bit like Wales).  Since I started focusing on security last year, the magazine is becoming better known as an authority in the sector.  In the past I’ve written for Time Out and various titles published by IPC Media.  Actually, working for the latter publisher, I once found myself writing an article under the title “Rachel Stevens’ top make-up tips”.  God help anyone who actually followed my advice there.

Q. What’s hot in IT security this year?

Security itself is hot this year, carrying on from its increased visibility last year.  Cyber crime isn’t going away, and with hacktivism entering the fray it seems there’s a greater need than ever to lock down corporate data and processes.  Although every day seems to bring stories of yet more organisations failing to do just that.  If Stuxnet makes a return, perhaps in an attack on the utilities sector as some are predicting, then that will probably turn out to be the biggest security story of the year.  If not, then it will be some large corporation suffering a large data breach as a result of incomplete security protocols.  It all comes down to human behaviour; we take the path of least resistance and that usually results in something sloppy somewhere just waiting to be exploited.  And cyber criminals tend not to miss easy pickings.

Read the rest of this entry ?