recentpopularlog in

cote : security   211

« earlier  
The Cost of Banking Is About to Go Up: What the Capital One Breach at Amazon Could Mean for the Industry
"The adoption of cloud platforms is a movement that will not be stopped," says Jerry Silva, research director, IDC's Financial Insights Group. "But there will be a slowdown as regulators step in to ensure that the security and resiliency structures that have always applied to banks directly are applied to the cloud providers with which they do business."
Idc  banking  cloud  security  links  via:Workflow 
9 weeks ago by cote
Broadcom acquires Symantec’s enterprise security business for $10.7B
“Symantec will be left with its consumer product portfolio, which includes the Norton antivirus software and LifeLock identity protection brand.” And lots more details, including recent Broadcom acquisitions and pressures.
M&A  Broadcom  security  divestitures  Symantec  links  via:Workflow 
10 weeks ago by cote
Secret CSO: Amy Herzog, Pivotal
Practitioners need to be positive and intelligent enough to see how a whole system could work. But they also need to have this mindset of searching out all the ways that it could go wrong and what that looks like.
Security  links  via:Workflow 
11 weeks ago by cote
Why Wells Fargo Wants to ‘Repave’ Its Platform Every Day
Wells Fargo, explains how the company is combating advanced persistent threats, as well as an onslaught of CVEs, by repaving its entire platform multiple times per week — with a goal of doing so every day by the end of 2019.
Proofpoints  repaving  security  cases  pivotalcloudfoundry  links  via:Workflow 
march 2019 by cote
The My Health Record story no politician should miss
“Early signs of Alzheimer's disease or other forms of dementia would mean the end of a political career, perhaps rightly so. But with all the taboos still surrounding mental health, signs of less dramatic conditions could be used as political leverage. A prescription for an anti-psychotic medication, say, or even just a series of appointments with a psychiatrist known to specialise in these disorders. The timing of medical treatment can also reveal politically problematic patterns of activity. Prescriptions for erectile dysfunction pills would be perfectly reasonable for a male in his 60s or beyond, although they'd doubtless trigger embarrassing comments about flaccid policies. But what if the politician was married, the prescriptions were always in the weeks before overseas missions, and after the last such trip there was a series of weekly visits to a sexual health clinic? Infidelity can kill a career.”
ehealth  hacks  blackmail  health  paperless  security  Australia  politics  ethics 
july 2018 by cote
Oracle plans to end Java serialization, but that’s not the end of the story
'Oracle's chief architect, Mark Reinhold, shared his thoughts about Java’s serialization mechanism which he called a “horrible mistake” and a virtually endless source of security vulnerabilities. This is evident in nearly half of the vulnerabilities that have been patched in the JDK in the last 2 years are related to serialization. Serialization security issues have also plagued almost every software vendor including Apache, Oracle, Pivotal, Cisco, McAfee, HP, Adobe, VMWare, Samsung, and others.'
java  security  legacy 
july 2018 by cote
DockerCon coverage from 451: security focus
“Steve Singh took over as CEO a year ago and has presided over a growing number of customers – more than 500 enterprise customers to date – and associated revenue. On that note, the company announced it expects to grow bookings beyond $100m in 2018.”
docker  revenue  security  451  moemntum 
july 2018 by cote
AT&T to Acquire AlienVault | AlienVault
“The acquisition will combine AlienVault’s expertise in threat intelligence with AT&T’s cybersecurity solutions portfolio that includes threat detection and prevention as well as response technologies and services. After the acquisition closes, AT&T business customers will be able to access our unified security management platform that helps make organizations more effective at threat detection and response, by giving them access to a broad set of enterprise-grade security capabilities.”
m&a  security  at&t  alienvault 
july 2018 by cote
Security basics
“If you’re in the field of cybersecurity, a lot of what we’re preaching will sound extraordinarily basic to you. It is extraordinarily basic. We as a nation are not at a point where we have done the extraordinarily basic things.”
thecyber  security 
may 2018 by cote
Serverless Architectures: A Paradigm Shift in ...
“One of the biggest security upsides to developing on serverless architectures is that organizations don't have to deal with the daunting task of having to constantly apply security patches for the underlying operating system. These tasks are now in the domain of the serverless architecture provider.”

The rest - the application code - still needs to be secure. Of course.
serverless  security 
april 2018 by cote
Merrill Corporation alongside Leading Technology Companies, Launch New Category for M&A Professionals
“Merrill uses MongoDB technology to build horizontal applications on top of four key pillars: a secure repository, document collaboration, data and machine learning as well as analytics. Pivotal Cloud Foundry is used across all engineering stages - development, testing and production - with a focus on maximizing the microservices infrastructure that arranges the application into a suite of independently deployable, modular services. For security, identity and storage components Merrill DatasiteOne uses Microsoft Azure Key Vault, Azure Active Directory and Azure Storage.”
cases  pr  PivotalCloudFoundry  security  mongo  proofpoints 
april 2018 by cote
"Do They Have AI?" or That Rant on AI in Security
‘It turns out that our AI analysts often use the phrase “AI” to mean “top techniques from the field of Artificial Intelligence” which today means “deep neural networks” (DNNs, shorthanded to “deep learning” by some), natural language processing, image recognition, etc (the latter probably use DNNs anyway).’
ai  ml  gartner  security 
march 2018 by cote
Worldwide Spending on Security Solutions Forecast to Reach $91 Billion in 2018, According to a New IDC Spending Guide
“Worldwide spending on security-related hardware, software, and services is forecast to reach $91.4 billion in 2018, an increase of 10.2% over the amount spent in 2017.” Also, a breakdown of spending per industry and type of security product.
idc  security  forecasts  Marketsizing 
march 2018 by cote
Using VMware’s Harbor with PKS (and Why Kubernetes Needs a Container Registry)
“A container registry is the repository for all your container images. Since your core business applications are packaged into containers (built out of container images), you must protect these images just as you would any other important enterprise IT system. That’s where the image registry comes into play.”
pivotal  pks  security  kubernetes 
march 2018 by cote
Aqua Extends Container Security Platform to Kubernetes, Cloud Services
“With Aqua 3.0, users can create fine-grained user access control roles and policies. Access to kubectl commands can be specified to particular users, and governed by Aqua’s scalable labeling format. The Kubernetes controls also provides the ability to block unapproved images from running across entire cluster, as well as the ability to control network traffic based on Kubernetes namespaces, clusters or deployments.”

Plus, some policy drift report making. Done with a sidecar.
audit  kubernetes  security  accesscontrol 
march 2018 by cote
To Build a More Capable Cyber Policy Field, Teach Policy to Technologists
If you want to change government with IT, first make sure you understand how government works before you go and try to debug and refactor it.
digitaltransformation  security  thecyber  books  policy  government 
march 2018 by cote
Meltdown and Spectre underscore the ongoing need for infrastructure automation
"In the Cloud Foundry scenario, these are embodied by BOSH to automate the infrastructure resource, namely VMs, container clusters, virtual storage and networks, configuration and deployment and Concourse for the development pipeline. Together, these enable organizations to rapidly and consistently patch all applications using the PaaS environment. Together, these enable organizations to rapidly and consistently patch all applications using the PaaS environment."
security  patching  cloudfoundry  BOSH  itmanagement  cloudnative 
january 2018 by cote
Who's using 2FA? Sweet FA. Less than 1 in 10 Gmail users enable two-factor authentication
“less than 10 per cent of active Google accounts use two-step authentication to lock down their services. He also pointed out that a Pew study in 2016 showed only around 12 per cent of web users have a password manager to protect their accounts.”
2fa  security  gmail  surveys  passwords 
january 2018 by cote
Architecting for GDPR
Data protection leads back to security, and then there you are back in that mess.
security  privacy  logmanagement  compliance 
january 2018 by cote
Lax Security to Blame For Record Pace of HIPAA Breaches, Feds Say
“The 221 major breaches reported under HIPAA regulations so far this year mark a 66-percent increase over the 133 breaches reported for all of 2016, according to our analysis of records from the U.S. Department of Health and Human Services Office of Civil Rights (OCR).”
security  compliance  healthcare 
november 2017 by cote
Dell Files Confidentially for IPO of Cybersecurity Unit SecureWorks
"Dell bought SecureWorks for $612 million, looking to beef up its services business and expand beyond its core computer hardware offerings."
ipos  security  Dell  secureworks  rumors 
october 2015 by cote
The Black Swans of the security industry
RT : Black Swans of the industry < Provoking & entertaining thoughts on in 2015 [paywall]
security  infosec 
december 2014 by cote
The third option is to just ignore it and assume somebody will figure it out. Option three is quite common.
docker  cloud  security  devops  via:ifttt  from:tumblr  quote  tumblr:quote 
august 2014 by cote
Funny name, serious security: Cloudera buys encryption vendor Gazzang
The 451 analysis of Cloudera’s acquisition of Gazzang is up, which I co-authored. Here’s the summary: As more Hadoop projects are moving from proof of concepts into production, companies are looking to better secure the data in those ‘big data’ projects. Cloudera hopes to grease the wheels by acquiring Austin, Texas-based Gazzang, a security vendor that specializes in encryption and key management for databases and big-data workloads. The target’s technology will be folded into Cloudera’s Navigator product, and its Austin office will become the Cloudera Center for Security Excellence, further building out the company’s security capabilities. Cloudera certainly has the means to make acquisitions: the company recently raised a mega-round of $900m, $530m of which went to Cloudera (with $370m going to existing investors), bringing its total funding to $670m. It’ll be fun to have an Austin Cloudera office, and, you know, its nice to get a local sandwich shop reference into a title.
via:ifttt  from:tumblr  451  451Reports  Cloudera  M&A  Gazzang  security  link  tumblr:link 
june 2014 by cote
I guess I’ll never be able to use my favorite password again: QZQZ!ZZQZ#1.
pics  passwords  screenshots  security  via:ifttt  from:tumblr  tumblr:photo  photo 
may 2014 by cote
A radical idea for Mobile Device Management: Don’t bother - TechRepublic
Arguably, there are still data on these devices, such as local copies of corporate email that might contain sensitive information. However, does the risk of unauthorized access to the average user’s email account and the loss of a $300 piece of hardware necessitate specialized technologies and a cadre of staff to implement and monitor them? Most security people would argue that there’s a far greater risk of an employee giving away passwords to an authoritative voice on the other end of a phone than a carefully orchestrated theft of a mobile device. The VDI crew is hoping that containerized data access gets noticed as the cheaper way balm to the data paranoid.
via:ifttt  from:tumblr  mobile  security  MDM  VDI  link  tumblr:link 
december 2013 by cote
Amazon CIA cloud row: US judge slaps down IBM as 'manipulative', inferior • The Register
The contentious section asked the parties to price up a fault-tolerant cluster of 1,000s of commodity servers running a MapReduce scatter-gather job on about 100TB of data with a 100 per cent duty cycle. In other words, the CIA wanted Amazon and IBM to cost out a cloud cluster that would run MapReduce continuously for a year so spies could prod large chunks of data.
via:ifttt  from:tumblr  privacy  numbers  cloud  security  IBM  AWS  Amazon  cases  bigdata  CIA  spying  link  tumblr:link 
november 2013 by cote
Reality or Hype: Cloud Lessens IT Security? | Cloud Storm Chasers
Most of the time, surveys tend to show, once people use cloud, security seems a-OK. Before they use cloud, it’s a big concern of course. This is why I’m always concerned about what “cloud security” is. I think it’s, you know, just normal security, table stakes. Computers! Here’s a recent survey along these lines: The study found that 98% of enterprises surveyed believed the cloud met or exceeded their expectations for security, and the finding was true across several flavors of cloud – IaaS, PaaS and SaaS. Nearly one-third also indicated that “security has been less of an issue than originally thought.” And “enhanced security” was cited by many as a primary objective when implementing IaaS (38%), PaaS (38%) or SaaS (41%). In this one, people are even looking for cloud to make security better. Crazy! (I see that CA is involved in the survey: I haven’t lead-gen’ed myself to check out the original work yet.
via:ifttt  from:tumblr  cloud  ca  surveys  security  cloudsecurity  link  tumblr:link 
november 2013 by cote
Accidentally Revealed Document Shows TSA Doesn't Think Terrorists Are Plotting To Attack Airplanes
RT @sogrady: what does the TSA really think the risk of a terrorist attack is?:
travel  tsa  security 
october 2013 by cote
Conflicted feelings about cloud security
Good stuff from 451’s Wendy Nather on sentiment around cloud security, by security people: Security is the biggest impediment to cloud adoption. Or it isn’t, depending on which charts you consult. The commentators in our network (for TheInfoPro, a service of 451 Research) say one thing, but we heard another when we sat around a table with senior IT and security executives. … At the end of the day (which apparently is when a lot of things happen), organizations are moving some things to the cloud; CISOs aren’t happy about it, and the means to placate them lies in the hands of people, not in technology. Vendors can hope to wear down those who are objecting to the migration, or simply wait and hope that time will erode the resistance (or make it futile). But we may see cloud vendors agreeing to new provisions in contracts over time to encourage the last holdouts. Cloud security is still very much a work in progress, no matter how you look at it.
via:ifttt  from:tumblr  cloud  security  sentiment  link  tumblr:link 
october 2013 by cote
Marc Andreessen, Pat Gelsinger in verbal VMworld brawl • The Register
[VMware CEO Pat] Gelsinger disagreed, firing back by saying “People who say put everything into the cloud have never met a highly regulated customer.” Such companies will, he said, build their own data centres for decades, largely because they can’t hope to meet their compliance obligations with the cloud alone. … “Internal environments are riddled with holes, malware and Chinese hackers,” [Marc Andreessen] said, going on to assert that anyone who feels their in-house IT is not compromised is deluded. “Cloud will come to be regarded as more secure,” he predicted, and will soon be recognised as one way to relieve oneself of the unctuous business of securing a business.
via:ifttt  from:tumblr  cloud  quotes  privatecloud  vmware  security  behindthefirewall  link  tumblr:link 
august 2013 by cote
Report: AWS gets $600m contract to build CIA spook cloud
Report: AWS gets $600m contract to build CIA spook cloud
cloud  rumors  cases  Amazon  security 
march 2013 by cote
When a Unicorn Start-Up Stumbles, Its Employees Get Hurt -
"...they rejected an $825 million acquisition offer from CA Technologies in March." They also declined a $650m offer from Thoma Bravo. I bet every large company has tried to buy Good over the years.
CA  security  thomabravo  mobile  scandal  options  stocks  byod  good  valuations 
january 2012 by cote
Submit Form
A secure Web gateway (SWG) is a product that filters unwanted software or malware from endpoint Web/Internet traffic and enforces corporate and regulatory policy compliance. SWGs generally protect employees while they surf the Internet; they do not protect Web applications, which is the role of Secure Sockets Layer (SSL) virtual private networks (VPNs) or application firewalls. To achieve this goal, SWGs must, at a minimum, include URL filtering, as well as malicious-code detection and filtering. Leading solutions will also be able to provide Web application-level controls for at least some of the more popular applications, including instant messaging (IM). SWGs should integrate with directories to provide authentication and authorization, along with group- and user-level policy enforcement. An SWG must bring together all these functions, without compromising performance for end users, which has been a challenge for traditional antivirus Web filtering.
gartner  security  SWG  secure  web  gateway  ifttt  tumblr  quote  tumblr:quote 
december 2011 by cote
GoGrid Offers Hosted Private Cloud
"A valid question could be, 'Why aren't all clouds like this,'" he wondered, suggesting that most users would like a more secure and reliable cloud service. "At the end of the day, I'd rather see these things called something like 'more secure cloud.'"
GoGrid  privatecloud  cloud  security  redmonkpressquotes 
january 2011 by cote
Disney's Earnings Leak Sprung From Goofy Mistake
"The error is using security by obscurity, as they say, which means hiding the data instead of really securing it," said Michael Coté, a software industry analyst with technology research firm RedMonk. "It's like putting your valuables under the bed instead of in a safe."
redmonkpressquotes  AP  security 
november 2010 by cote
Facebook's New Privacy Changes: The Good, The Bad, and The Ugly
The EFF's take on Facebook's new privacy policies. "Our conclusion? These new "privacy" changes are clearly intended to push Facebook users to publicly share even more information than before. Even worse, the changes will actually reduce the amount of control that users have over some of their personal data." That said, the EFF does like the fine-grained nature: "Perhaps most importantly, Facebook has added a feature that we and many others have long advocated for: the ability to define the privacy of your Facebook content on a per-post basis. So, for example, if you only want your close friends to see a particular photo, or only your business colleagues to see a particular status update, you can do that — using a simple drop-down menu that lets you define who will see that piece of content." This is getting damn close to enterprise identity management, eh?
eff  facebook  privacy  socialnetworking  IdM  security  consumertech 
december 2009 by cote
Novell, CA Push to Secure Identity, Security in Cloud
Rut-ro! Looks like Conformity has some (validating their market, at least) competition: "Last week at The Burton Group's Catalyst Conference, Novell demonstrated a pre-release version of its Cloud Security Service, designed to synchronize login and authentication data between external clouds and internal systems without exposing internal security data. At the same conference, CA demonstrated a product called Federation Manager, designed to provide single sign-on across several internal and external cloud or SaaS applications."
cloud  itmanagement  itmanagementguys  conformity  CA  novell  SSO  idm  identity  security 
august 2009 by cote
Logblog: LogLogic and Exaprotect Make a Winning Team
"...with the combination of Exaprotect Security EventManager, ChangeManager and LogLogic’s entire suite of offerings, LogLogic will provide a powerful security suite that enables a mid-sized company or enterprise to easily capture, analyze and report on all information derived from all the logs of a company’s networks, systems, databases, and applications. We have all the log data, which comprises 33% of a company’s information. And, we turn the data into understandable information – for the analyst to the C-level executive."
loglogic  logs  logmanagement  m&a  security 
april 2009 by cote
HP Offers Free Web Security Tool to Help Businesses Guard Against Malicious Hackers
"With HP SWFScan, Flash developers can: * Check for known security vulnerabilities that are targeted by malicious hackers. This includes unprotected confidential data, cross-site scripting, cross-domain privilege escalation, and user input that does not get validated. * Fix problems quickly by highlighting vulnerabilities in the source code and receiving solid guidance on how to fix the security issues. * Verify conformance with best security practices and guidelines."
hp  riaweekly  security  adobe  flash 
march 2009 by cote
Cloud security fears are overblown, some say - Network World
As a developer, you learn that when someone raises security concerns, most of the time they mean, "I don't want to do that and here's a BS reason."
numbers  cloud  security  itmanagementguys  itmanagement 
february 2009 by cote
ManageEngine Partners With RSA to Provide Two-Factor Authentication Technology to Password Manager Pro Customers - MSNBC Wire Services -
signaling that ManageEngine Password Manager Pro, the company's Privileged Password Management solution, is now technically interoperable with the RSA SecurID® two-factor authentication system.
ManageEngine  pr  itmanagement  security  via:email 
february 2009 by cote
McAfee builds SaaS arm
"The new unit will include all McAfee products delivered over the Internet, including security scanning, Web and e-mail security, and remote managed host-based software and hardware."
McAfee  SaaS  security  itmanagementguys 
february 2009 by cote
« earlier      
per page:    204080120160

Copy this bookmark:

to read