Richard Davies wrote: The UK has a good crop of technology pioneers in cloud computing - for example ElasticHosts, FlexiScale, Flexiant, OnApp - and also some strong government initiatives such as G-Cloud.
We will have to see whether this kind of technical leadership converts into swift mass-market adoption or not.
Jan. 8, 2012 11:38 AM EST
The term Advanced Persistent Threat (APT) is often regarded somewhat suspiciously by security professionals, seeing as it how it can be a buzzword that obscures actual analysis of the dynamics of cyber attacks or a diplomatic fiction because it’s not polite to openly accuse the Chinese...
In almost all professions, report writing is a requirement. Typically, reports document the success and failures of a particular action. While it may not be your favorite part of the job, report writing does validate your work to the customer. In our profession, Cyber Security, we hav...
Passwords suck.
They are long, hard to remember (even if you have easier-to-remember phrases), more so when new, and are largely a difficulty for users to user properly. Combined with the fact that many users choose easy-to-guess or easy-to-ascertain passwords based off of commonly-k...
Q: Enterprise e-signatures, like any enterprise-class software, is a strategic technology with far-reaching implications. After all, this is an underpinning technology that reaches beyond the firewall to directly touch customers and automates revenue-generating business processes. Cons...
Lack of adequate professional services can greatly impact the success of an organization’s electronic signature implementation. What professional services are typically involved in Silanis’ customer implementations? How can you achieve the right balance between leveraging best practice...
[Editor's note: this analysis predates any official announcements by NASA]
Recently, some news of a NASA hack-and-dump passed my twitter deck. I decided after watching a few of my friends re-tweet the news that it might be worth checking out. At least I’d see if I could perform some...
How many of us take for granted Microsoft’s family of tools that contribute to the security of your organization? The most commonly used and appreciated tools are: Forefront Family Microsoft Security Essentials Windows Intune / Windows Update / Microsoft System Center Family Windows Fi...
Q: What are solution accelerators, and why are they important?
The electronic signature market is mature enough that organizations expect to get up and running quickly. As a result of spending years helping companies and government agencies of all sizes automate their e-signature pro...
People often believe that if a developer is capable of creating clean, functional code that they will by default be writing secure code. Unfortunately, this is not always the case.
Security vulnerabilities can result from poor code, functional bugs can be security bugs too, but the tr...
"Cyber Threat Analysis" is the practice of effectively fusing knowledge of an organizations network vulnerabilities, both internal and external (including essential IT systems), and matching these against actual cyberattacks and threats seen out in the wild. The output of this fused a...
Q: What does enterprise capability mean to you? How have your customers benefited from and leveraged Silanis’ enterprise capability?
A: Enterprise software can be distinguished from more general productivity tools, in that it touches an organization’s core, customer-facing business p...
One thing I've noticed over the last couple years is that there are Five Stages of a Data Breach:
Denial: We do not believe these attacks breached our critical servers.
Anger: We want to make it clear that we take security seriously!
Bargaining: We'd like to offer our affected custo...
Protecting web applications is an around-the-clock job. Almost anything that is connected to the Internet is a target these days, and organizations are scrambling to keep their web properties available and secure. The ramifications of a breach or downtime can be severe: brand reputatio...
Over the past few years we’ve seen firewalls fail repeatedly. We’ve seen business disrupted, security thwarted, and reputations damaged by the failure of the very devices meant to prevent such catastrophes from happening. These failures have been caused by a change in tactics from inva...
The past year brought us many stories focusing on successful attacks on organizations for a wide variety of reasons. Why an organization was targeted was not nearly as important as the result: failure to prevent an outage. While the volume of traffic often seen by these organizations w...
In recent discussions with IT leaders from both federal and Department of Defense sides of US government, representatives stated that they are having a heck of a time accommodating expansive growth in mobile computing. This is critical given that today, in most cases, agencies and depa...
We were very excited to announce recognition of our hard work on our SSL VPN solutions: F5 Positioned in Leaders Quadrant of SSL VPN Magic Quadrant. Second, we were even more excited to announce adding industry-leading support for Android’s 4.x OS, enhancing its SSL VPN capabilities.
...
1 if by land, 2 of by sea, 0 if by IP
I know I’ve said this before but it sure seems like almost daily there is a security breach somewhere. Over the years, the thought process has changed from prevent all attacks to, it is inevitable that we will be breached. The massive number of ...
In today’s episode Sr. IT Pro Evangelists Blain Barton and Dan Stolts (the ITProGuru) talk candidly about Security concerns and issues many IT Pros and organizations face today when thinking about Cloud Computing. Tune in as they discuss the Security Lifecycle, from assessing physical ...
This article focuses on discussing the current legislation on cyber security, as well as some of the recent security bills submitted in the 112th U.S. Congress.
This nation's critical infrastructure (power grid, water supply, oil & gas refineries, etc.) are run and managed by IT syste...
Want to provide Cloud services to the federal government? Then you’ll have to adhere to almost 170 security controls under the recently announced Federal Risk and Authorization Management Program. The program, set to go live in June, is designed to analyze/audit cloud computing provi...
Penetration testing and red-team exercises have been running for years using the same methodology and techniques. Nevertheless, modern attacks do not conform to what the industry has been preparing for, and do not utilize the same tools and techniques employed by such tests. This paper...
Over the last couple weeks, we’ve been rolling out a series of short Security Vignette videos about various IT security challenges. We’ve posted them to the F5News blog account but also wanted to share in case you missed them. If we were going to sum up the role of security in corpor...
The Federal Bureau of Investigation has been in the Big Data business since 1999 when it launched the Integrated Automated Fingerprint Identification System (IAFIS), the world’s largest biometric database on individuals. IAFIS contains over 55 million sets of fingerprints and is used ...
Around this time of year, almost everyone and their brother put out their annual predictions for the coming year. So instead of coming up with my own, I figured I’d simply regurgitate what many others are expecting to happen.
Security Predictions 2012 & 2013 – The Emerging Security...
Recently, in our post on Database security in the cloud, we reviewed the threats against database installations in the cloud and best practices for protecting your data. A number of customers have asked us follow-on questions:
Which database brands are open and tested with these techn...
Imagine if every single American citizen had his or her personally identifiable information, such as full names and addresses, leaked onto the Internet. This cybersecurity and privacy nightmare might seem implausible, but that’s exactly what happened in Israel, where 9 million records,...
I was part of a panel titled “Developing Security Strategies to Successfully Combat Sophisticated Threats to your Network, while Protecting Customer Privacy” at the TM Forum conference two weeks ago. Given the topic, and the interesting conversation, I wanted to highlight some of the ...
We try to offer many learning opportunities thru webinars so if there are other topics you’re interested in, there are some links below but also check out the F5 WebCasts page along with DevCentral’s Media site. We also post video content to our YouTube Channel, if that’s your game. ...
It’s always exciting to be part of a visionary undertaking—especially one that is succeeding so well, and on such a large scale.
A full seven years after commencing the largest e-signature initiative ever undertaken in government, the US Army continued its commitment to paperless proc...
When creating any security-enabled network device, development teams must fully investigate security of the device itself to ensure it cannot be compromised. A gate provides no security to a house if the gap between the bars is large enough to drive a truck through. Many highly effec...
It’s a growing trend. In order to be more efficient and improve customer service, more and more companies are using electronic signatures to execute contracts, applications and agreements.
In our experience, the question of legality and enforceability is top of mind for companies cons...
The two mainstream protocols available for Secure FTP transfers are named SFTP (FTP over SSH) and FTPS (FTP over SSL). Both SFTP and FTPS offer a high level of protection since they implement strong algorithms such as AES and Triple DES to encrypt any data transferred. Both options als...
I debated about writing and/or blogging about this for a few days since it is very personal and didn’t want a pity-party coming my way. But covering security, often from the human behavior standpoint, is what I do and what better way to share a security incident than when it happens...
“My company still relies heavily on FTP. I know we should be using something more secure, but I don’t know where to begin.”
Sound familiar?
The easy answer is that you should migrate away from antiquated FTP software because it could be putting your company’s data at risk – Unsecure...
It is a fact of IT that different businesses have different technical requirements in terms of security, processing, performance, and even storage. In many organizations, particularly those that transport sensitive personal or financial information, end-to-end encryption is a must. At ...
In a recent conversation with a public cloud provider, the message was loud and clear. Software vendors that use their cloud have an intense need for security, and they need it packaged with cloud friendly APIs (Application Program Interfaces).
This is actually a deep point. There hav...
John Dodge (@thedodgeretort) and Bob Gourley (@bobgourley) review the Enterprise CIO Forum’s (@ECIOForum) top 10 Cloud Security Tweets of the week in the following podcast. Tweets selected by John included: zdnet: Will cloud security ever be sufficient? http://t.co/vLJjhFAY cloud...
Bob Gourley and HP’s Andrzej Kawalec, CTO of Enterprise Security continued to discuss emerging security issues at the HP Protect 2011 conference on Monday, September 12, 2011, exploring problems with traditional approaches to enterprise security.
Andrzej began by defining the custom...
NJVC®, one of the largest information technology solutions providers supporting the Department of Defense, announces its lineup for the Gartner Symposium/ITxpo®, Oct. 16 - 20 at the Walt Disney World Dolphin Hotel in Orlando, Fla.
Visit the NJVC booth (#206) on the tradeshow floor to ...
