Access "Interview: PayPal CISO Michael Barrett"
This article is part of the May 2007 issue of Nine tips to guarding your intellectual property
How does PayPal defend against phishing? One of the back-end defenses we have is a lot of fraud modeling. It's very advanced, and it's resulted in extremely low fraud rates compared to the rest of the financial services industry. We've gotten very good at detecting fraud on the back end, so what's [the phishers'] response? They generate more mail on the front end. Can you quantify losses due to phishing for PayPal? Forty-one basis points is the total fraud number [on PayPal's fraud model], and we don't break out where phishing is in that overall mix. I will say, it isn't very high on that list. That's one of the issues here--there is a perception there is a huge problem, whereas the financials don't indicate that. How much can you share about your fraud models? They're internally developed. We don't talk about what they do, because this is an area where the more you disclose about what the models are looking for, the more you're telling the bad guy how to evade them. I can say, they're broad-based, real-time front- and back-end inspection models. They look ... Access >>>
Premium Content for Free.
Managed security services: Cybertrust's Managed Security Services
Cybertrust introduces a new service to help companies evaluate and prioritize security threats.
New Types of Computer Crime: Combating malware, botnets, phishing
The days of thrill-seeking script kiddies are over. Organized criminals are launching new types of computer crime, including browser malware, targeted email attacks and voice-based phishing, and using botnets to launch DDoS attacks.
FaceTime Communications' Internet Security Edition product review
In this product review, learn how FaceTime Internet Security Edition protects the enterprise from unauthorized use of applications such as instant messaging and VoIP. A hardened Linux rack-mounted appliance combined with a Windows-based server , the product catches malware, spyware and adware.
- Viewpoint: What if you can't afford pen-testing?
Product review: Yoggie's Yoggie Gatekeeper Pro
Product review of PC security tool called Yoggie Gatekeeper Pro. A Linux-based USB device, the product serves as a firewall, VPN gateway and integrated antivirus/Web filter gateway.
Product review: Watchfire's AppScan 7.0
Product review of Watchfire's AppScan 7.0, an application security testing tool for developers, quality assurance teams and penetration testers. The security product runs on Windows XP, Vista or 2003 Server.
- Events: Information security conferences for May 2007
Are you putting information at risk by using contractors?
Contractors can become the source of a security breach. This feature looks at the risk management steps, including access control and policies, that organizations should take when hiring contractors. A sidebar examines how a health care company uses NAC to control contractor access.
- Managed security services: Cybertrust's Managed Security Services
Recent Releases: Security product briefs, May 2007
Read about security products released in May 2007.
Secure Reads: How to Cheat at Managing Information Security
Read a review of the book How to Cheat at Managing Information Security.
Role-based access controls
Identity management is a critical security challenge, but without viable standards for access control, your best efforts may be just a drop in the bucket.
Code Green Networks' Content Inspection Appliance 1500 product review
Product review of Code Green's Content Inspection Appliance, a data protection tool to help detect sensitive information leaving the enterprise.
Intellectual property protection do's and don'ts
Theft of intellectual property is a growing problem but many companies are not prepared to deal with this security threat. Learn about the risk involved with trade secrets, why companies are failing to protect intellectual property and tips for data protection, including risk assessment, encryption, and corporate governance.
Bit9 Parity product review for endpoint security
Product review of Bit9's Parity 3.5, a PC security tool designed to give enterprises control over what users can do on company computers and prevent executables in malware from running on desktops. Automatically installs SQL Server 2005 and Apache Web Server, which is used for remote administration.
Project Evros keeps laptops and data secure
Project Evros is a 3G-enabled PCMCIA card from Alcatel-Lucent Ventures for laptop security. End user connectivity is controlled via 3G, WiFi or LAN VPN, depending on the circumstances.
- Recent Releases: Security product briefs, May 2007
Hacker demonstrates targeted attack
Hacker Robert Hansen, also known as RSnake, demonstrates the pains cybercriminals take to target specific organizations and individuals through an exercise posted on his blog, which targeted the head of Google's spam team. Hansen's exercise underscores the threat companies face from today's organized and patient cybercriminals.
Fight cybercrime by understanding a hacker's mind and attack motive
Computer crime laws and security policies aren't enough to combat increasingly sophisticated cybercrime. Understanding the criminal mind and a hacker's motive can help an organization determine what assets are most valuable and better distribute security resources.
Interview: PayPal CISO Michael Barrett
PayPal's 133 million online customers are the biggest ocean for phishers to plunder. CISO Michael Barrett wants to make it safe to be in the water, and he's not going at it alone. Backed by PayPal's sophisticated fraud models and help from ISPs, Barrett is succeeding in protecting the most-spoofed brand on the Internet.
Bruce Schneier and Marcus Ranum debate whether a 'Big Brother' watches today's information society
Is today's information society anything like the Big Brother world envisioned by George Orwell in his book 1984? Bruce Schneier and Marcus Ranum debate the topic.
- Hacker demonstrates targeted attack
More Premium Content Accessible For Free
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...
Mobile device security is one of the biggest nightmares InfoSec pros face in the era of bring your own everything (BYOE). Simply banning employees ...