Category Archives: Expert Analysis

Three reasons employee monitoring software is making a comeback

Companies are increasingly implementing employee and user activity monitoring software to: Ensure data privacy Protect intellectual property and sensitive data from falling into the wrong hands Stop malicious or unintentional data exfiltration attempts Find ways to optimize processes and improve employee productivity. Modern user activity monitoring software is incredibly flexible, providing companies with the insights they need while offering the protection they demand. By examining three prominent use cases, it’s evident that employee monitoring software … More

The post Three reasons employee monitoring software is making a comeback appeared first on Help Net Security.

Machine learning fundamentals: What cybersecurity professionals need to know

In this Help Net Security podcast, Chris Morales, Head of Security Analytics at Vectra, talks about machine learning fundamentals, and illustrates what cybersecurity professionals should know. Here’s a transcript of the podcast for your convenience. Hi, this is Chris Morales and I’m Head of Security Analytics at Vectra, and in this Help Net Security podcast I want to talk about machine learning fundamentals that I think we all need to know as cybersecurity professionals. AI … More

The post Machine learning fundamentals: What cybersecurity professionals need to know appeared first on Help Net Security.

Security wellness takes more than a fad diet

Every year, millions of people make the same New Year’s resolution: to lose weight and improve health. But by February, a mere thirty days or so into the year, stats show 75 percent of us have fallen off the wagon. The pitfalls are many, whether the resolution is vague and broad, or we neglect to set measurable goals and regular check-ins, or perhaps we’re just not really ready for change. Achieving a true state of … More

The post Security wellness takes more than a fad diet appeared first on Help Net Security.

Is 2019 the year national privacy law is established in the US?

Data breaches and privacy violations are now commonplace. Unfortunately, the consequences for US companies involved can be complicated. A company’s obligation to a person affected by a data breach depends in part on the laws of the state where the person resides. A person may be entitled to free credit monitoring for a specified period of time or may have the right to be notified of the breach sooner than somebody living in another state. … More

The post Is 2019 the year national privacy law is established in the US? appeared first on Help Net Security.

How can we improve adoption and ROI on security investments?

Traditionally, whenever employees are required to interact with security solutions, they push back because they don’t want their lives to be made more complicated with extra procedures and, essentially, clicks. Human behavior dictates that if there’s a tech roadblock, users will find a way around it to get their jobs done. In light of these work arounds, organizations often struggle to quantify how to reduce risk and improve compliance, which makes it harder to prove … More

The post How can we improve adoption and ROI on security investments? appeared first on Help Net Security.

Zero trust browsing: Protect your organization from its own users

To the casual observer, the cyberattack landscape is constantly shifting. In recent years, the threats and scams have evolved from Nigerian princes to stranded travelers, pop-ups warning of outdated software to ransomware, cryptojacking, phishing and spear phishing. Predictions for 2019 are full of dire warnings about the very-real explosion of phishing, backed by geometric increases in phishing sites as the number of malware sites drops. Just as 2018 predictions focused on cryptojacking and ransomware were … More

The post Zero trust browsing: Protect your organization from its own users appeared first on Help Net Security.

Mild to medium volume expected for February 2019 Patch Tuesday

If you look at the recent Patch Tuesday lineups, we have seen the usual updates for the Microsoft Windows OS, browsers, and Office. In the last two months we have seen updates for .Net Framework and in the last four months we have seen updates for Exchange Server. For non-Microsoft updates we have a pre-notification from Adobe, but Oracle released their CPU in January and both Chrome and Firefox just released at the end of … More

The post Mild to medium volume expected for February 2019 Patch Tuesday appeared first on Help Net Security.

DevOps and DevSecOps developments to watch in 2019

Some predictions are more accurate than others. Last year, I was sure that serverless would finally overtake containers—but then 2018 turned out to be the year of Kubernetes. In the San Francisco Bay Area, you couldn’t throw a rock without hitting an engineer talking about Kubernetes (or cryptocurrency, but let’s not go there.) That’s not stopping me from offering a fresh batch of hot-off-the-press predictions about DevOps and DevSecOps for 2019. It’s finally the year … More

The post DevOps and DevSecOps developments to watch in 2019 appeared first on Help Net Security.

Lookalike domains: Artificial intelligence may come to the rescue

In the world of network security, hackers often use lookalike domains to trick users to unintended and unwanted web sites, to deliver malicious software into or to send data out of victim’s network, taking advantage of the fact that it’s hard to tell the difference between those domains and the targets they look alike. For example, in a recent card skimming malware attack, domain google-analyitics.org was used to receive collected payment card data (there is … More

The post Lookalike domains: Artificial intelligence may come to the rescue appeared first on Help Net Security.

5 reasons why asset management is a hot topic in 2019

Sometimes buzzwords are good predictors of what organizations see as priorities in a given year. If you surveyed both the revenue-generating and security functions of enterprises in 2019, you would hear two terms often repeated: digital transformation and zero trust. While the two terms may seem at linguistic odds, the idea that organizations must embrace the digital age to drive growth and operate more efficiently while simultaneously maintaining adequate information security makes sense. It won’t … More

The post 5 reasons why asset management is a hot topic in 2019 appeared first on Help Net Security.

Why vaporworms might be the scourge of 2019

Not too long ago, the WatchGuard Threat Lab predicted the emergence of vaporworms as a major new cyber threat that will affect organizations of all sizes in 2019. We coined the term to describe a new breed of fileless malware with self-propagating, wormlike properties. At the time of the initial prediction, our team was fairly sure this idea was more than conjecture, but now the advent of the vaporworm in 2019 seems to be an … More

The post Why vaporworms might be the scourge of 2019 appeared first on Help Net Security.

AI won’t solve all of our cybersecurity problems

AI is already supporting businesses with tasks ranging from determining marketing strategies, to driverless cars, to providing personalized film and music recommendations. And its use is expected to grow even further in the coming years. In fact, IDC found that spending on cognitive and AI systems will reach $77.6 billion in 2022, more than three times the $24.0 billion forecast for 2018. But the question remains – can businesses expect AI adoption to effectively protect … More

The post AI won’t solve all of our cybersecurity problems appeared first on Help Net Security.

Four differences between the GDPR and the CCPA

By passing the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020, the Golden State is taking a major step in the protection of consumer data. The new law gives consumers insight into and control of their personal information collected online. This follows a growing number of privacy concerns around corporate access to and sales of personal information with leading tech companies like Facebook and Google. The bill was signed by … More

The post Four differences between the GDPR and the CCPA appeared first on Help Net Security.

RSA Conference 2019 USA: What you can expect at this year’s event

It’s that time of year: RSA Conference 2019 USA is a little over a month away. To prepare, we asked Britta Glade, Director of Content and Curation for RSA Conference, to tell us more about this year’s event. Read our Q&A for more on what’s in store at the world’s largest gathering of information security professionals. What have been the major security developments in the past year, and how have these informed the conference agenda … More

The post RSA Conference 2019 USA: What you can expect at this year’s event appeared first on Help Net Security.

Safeguarding your data from human error and phishing attacks with the cloud

This is the third article of a series, the first article is available here, and the second one is here. In a world of ransomware attacks, companies should prepare for the worst-case scenario by having smart backup strategies in place to mitigate any potential damage. The public cloud ensures that your information is always backed up and encrypted. Encrypting backup files in the cloud adds an extra layer of protection against unwelcome external parties. Unlike … More

The post Safeguarding your data from human error and phishing attacks with the cloud appeared first on Help Net Security.

Is your organization ready for the data explosion?

“Data is the new oil” and its quantity is growing at an exponential rate, with IDC forecasting a 50-fold increase from 2010 to 2020. In fact, by 2020, it’s estimated that new information generated each second for every human being will approximate to 1.7 megabytes. This creates bigger operational issues for organizations, with both NetOps and SecOps teams grappling to achieve superior performance, security, speed and network visibility. This delicate balancing act will become even … More

The post Is your organization ready for the data explosion? appeared first on Help Net Security.

Taking ethical action in identity: 5 steps for better biometrics

Glance at your phone. Tap a screen. Secure access granted! This is the power of biometric identity at work. The convenience of unlocking your phone with a fingertip or your face is undeniable. But ethical issues abound in the biometrics field. The film Minority Report demonstrated one possible future, in terms of precise advertising targeting based on a face. But the Spielberg film also demonstrated some of the downsides of biometrics – the stunning lack … More

The post Taking ethical action in identity: 5 steps for better biometrics appeared first on Help Net Security.

How to know when you’re ready for a fractional CISO

Many companies eventually find themselves in the following situation: they’re growing, their technology, infrastructure and teams are expanding, perhaps a M&A is on the horizon, and the board is asking pointed questions about security. It’s usually at this point that a business starts to notice fissures in the walls of what once felt like a tightly locked structure. New challenges in operations, culture, and security begin to arise. Inevitably, when a company hits this phase … More

The post How to know when you’re ready for a fractional CISO appeared first on Help Net Security.

How accepting that your network will get hacked will help you develop a plan to recover faster

As anyone in the network security world will tell you, it is an extremely intense and stressful job to protect the corporate network from ever-evolving security threats. For a security team, a 99 percent success rate is still a complete failure. That one time a hacker, piece of malware, or DDoS attack brings down your organization’s network (or network availability) is all that matters. It’s even more frustrating when you consider that the proverbial ‘bad … More

The post How accepting that your network will get hacked will help you develop a plan to recover faster appeared first on Help Net Security.

Branching out more efficiently and securely with SD-WAN

As enterprises expand, through organic growth or acquisition, they need to support the IT needs of more distributed locations. These often include teams in shared office spaces versus enterprise-owned or leased facilities. To serve remote locations and users, enterprises are rapidly moving toward cloud-based applications including Unified Communications as a Service (UCaaS). As always, IT teams are under pressure to contain costs and are turning to Software Defined Wide Area Networks (SD-WAN) to play a … More

The post Branching out more efficiently and securely with SD-WAN appeared first on Help Net Security.

Business resilience should be a core company strategy, so why are businesses struggling to take action?

A recent survey showed that only 51% of U.S. business decision makers say their organization is definitely as resilient as it needs to be against disruptions such as cyber threats. In addition, the survey showed that 96% of U.S. business decision makers claim business resilience should be a core company strategy. If 96% of business decision makers realize this, why are organizations still struggling to protect themselves against cybercrime and technology-based disruption? IT teams face … More

The post Business resilience should be a core company strategy, so why are businesses struggling to take action? appeared first on Help Net Security.

Agents of disruption: Four testing topics argue the case for agentless security

Let me introduce myself. I’m a set of flaws in your otherwise perfect, agent-based security world. Like all disruptive agents, I derail your best-laid plans with expensive havoc; but in my case I create sticky situations inside your multi-cloud arrangement. You may be thinking that the premise of this article is bogus, because most cloud-based security systems automate the deployment and management of agents; and any one of those and their kid can microsegment and … More

The post Agents of disruption: Four testing topics argue the case for agentless security appeared first on Help Net Security.

Beware the man in the cloud: How to protect against a new breed of cyberattack

One malicious tactic that has become quite prevalent in recent years is known as a ‘man in the cloud’ (MitC) attack. This attack aims to access victims’ accounts without the need to obtain compromised user credentials beforehand. Below, this article explains the anatomy of MitC attacks and offers practical advice about what can be done to defend against them. What is MitC attack? To gain access to cloud accounts, MitC attacks take advantage of the … More

The post Beware the man in the cloud: How to protect against a new breed of cyberattack appeared first on Help Net Security.

Machine learning trumps AI for security analysts

While machine learning is one of the biggest buzzwords in cybersecurity and the tech industry in general, the phrase itself is often overused and mis-applied, leaving many to have their own, incorrect definition of what machine learning actually is. So, how do you cut through all the noise to separate fact from fiction? And how can this tool be best applied to security operations? What is machine learning? Machine learning (ML) is an algorithm that … More

The post Machine learning trumps AI for security analysts appeared first on Help Net Security.