Information Security

Defending the digital infrastructure

In This Issue

iSTOCK/GETTY IMAGES

Manage

Beyond the Page: Advanced Persistent Threats, Ransomware and More

The era of mobile, cloud and the Internet of Things is also an era of advanced persistent threats, ransomware and more. Here's how to stay secure.

Johannes Ullrich

By

Johannes Ullrich, SANS Technology Institute

Having better security than your neighbors may not be enough anymore as malicious actors move beyond “spray and pray” tactics to advanced persistent threats aimed at specific organizations and industries. Targeted attacks, as the Sony incident illustrated, are often for financial gain through extortion and threats to expose or delete sensitive data. This Beyond the Page outlines the top threats in 2015, from the invasion of digital things and undetected data loss to advanced DDoS attacks and crypto ransomware. We cover countermeasures to help organizations defend against evolving attack techniques and detect intrusions faster to minimize the damage.

Feature

Defending against the digital invasion

The confluence of the Internet of Things and BYOD may turn into a beachhead that attackers can use to completely compromise your network.

Continue reading

Video

Internet of Things devices and crypto ransomware at work

The next wave of cyberthreats will combine two trends in new ways, says SANS' Johannes B. Ullrich, head of the Internet Storm Center. In this video, he explains the threats and countermeasures for the Internet of Things devices and enterprise crypto ransomware.

Tech tip

Network-based controls: Securing the Internet of things

Securing the Internet of Things is challenging for enterprises. Here's a list of controls that you should already have implemented in your network.

Continue reading

Read the full April edition of Information Security magazine

Article 4 of 7Next Article

This was last published in April 2015

Dig Deeper on Emerging cyberattacks and threats

Start the conversation

Send me notifications when other members comment.

Get More Information Security

Access to all of our back issues View All

E-Zine | Oct 2003

Chain of command: Inside Prudential's security management program

E-Zine | Feb 2006

Best-of-breed: Security Products of the Year: 2006

E-Zine | Aug 2008

Everything you need to know about today's information security trends

E-Zine | Dec 2009

Step-by-step guide to avoiding basic database security risks

E-Zine | Nov 2011

Effectively navigating the security risk assessment process
E-Zine | Mar 2011

Best practices for securing virtual machines

E-Zine | Oct 2015

Emerging security threats from every which way
E-Zine | Sep 2015

Five ways CIOs build hybrid cloud security
E-Zine | Aug 2015

Is third-party vendor management the next IAM frontier?
E-Zine | Jul 2015

Insider Edition: Advanced security monitoring scrubs networks clean

E-Zine | Dec 2016

Dedicated CISO job still open to debate
E-Zine | Nov 2016

Insider Edition: Improved threat detection and incident response
E-Zine | Oct 2016

Identity of things moves beyond manufacturing
E-Zine | Sep 2016

Cloud governance model still behind services

E-Zine | Dec 2017

Will it last? The marriage between UBA tools and SIEM
E-Zine | Nov 2017

Next-gen SOC: What's on your automation roadmap?
E-Zine | Oct 2017

What does a CISO do now? It's a changing, increasingly vital role
E-Zine | Oct 2017

Growing data protection risks and how to manage them

E-Zine | Dec 2018

Allure of the threat hunter draws companies large and small
E-Zine | Oct 2018

User behavior analytics tackles cloud, hybrid environments
E-Zine | Aug 2018

Security data scientists on how to make your data useful
E-Zine | Jun 2018

CISOs face the IoT security risks of stranger things

E-Zine | Nov 2019

AI threats, understaffed defenses and other cyber nightmares
E-Zine | Aug 2019

Managing identity and access well unlocks strong security
E-Zine | May 2019

Conquering cloud security threats with awareness and tools
E-Zine | Feb 2019

CISOs build cybersecurity business case amid attack onslaught

E-Zine | Aug 2020

Cybersecurity education for employees: Learn what works
E-Zine | May 2020

Why CISOs need advanced network security strategies now
E-Zine | Feb 2020

Getting the most from cyberthreat intelligence services

SearchCloudSecurity

Prevent cloud account hijacking with 3 key strategies

The ability to identify the various methods of cloud account hijacking is key to prevention. Explore three ways to limit ...
Security for SaaS applications starts with collaboration

Following established best practices helps enterprises facilitate collaboration and communication through SaaS applications while...
An inside look at the CCSP cloud security cert

Get insights into the Certified Cloud Security Professional cert, cloud infrastructure and platform benefits and risks, and more ...

SearchNetworking

How to secure remote access for WFH employees

The global pandemic caused mayhem on network security environments. Enterprises need to bring rigor back to their systems and ...
What's involved in VPN maintenance and management?

Before an organization's VPN is up and running, IT teams must address four important aspects of VPN maintenance and management to...
The pros and cons of 5G networks

Enterprises are evaluating 5G and its effect on their operations. Before they can start reaping the benefits from the standard, ...

SearchCIO

What CIOs need to know about hardening IT infrastructure

Infrastructure hardening is an ongoing, proactive way of life for CIOs and their IT teams. Here, we provide guidance to ensure ...
Enterprise architect job still requires IT in critical role

Jeanne Ross offers advice to existing and aspiring enterprise architects and discusses the latest trends as she reflects on 26 ...
Holy Grail still elusive in enterprise architecture strategy

MIT's Jeanne Ross discusses why enterprise architecture projects succeed and fail and what companies can do to better align ...

SearchEnterpriseDesktop

Evaluate if Chromebooks are secure enough for business use

Chromebooks are cost-effective endpoints that strip away desktop features for a simple desktop experience. Admins should evaluate...
Set up Windows Remote Desktop on a Mac device

Organizations that need to enable remote workers on Mac devices should consider allowing them to remotely access Windows desktops...
Microsoft Endpoint Manager gets better Mac, iPad management

Microsoft Endpoint Manager will eventually have new tools for securing and managing Macs, iPads and virtual endpoints. A more ...

SearchCloudComputing

An introduction to Alibaba cloud offerings

Learn about the fourth largest public cloud provider with this look at some of Alibaba's core computing, networking, storage and ...
The cloud shared responsibility model for IaaS, PaaS and SaaS

The shared responsibility model defines cloud security, but it changes for IaaS, PaaS and SaaS. Get to know the ins and outs of ...
Microsoft's Azure Arc reaches GA milestone

Microsoft has delivered a key component of Azure Arc -- the ability to manage Windows and Linux-based virtual and physical ...

ComputerWeekly.com

BT: UK government’s national fibre target could be missed by eight years

Government is in danger of not realising its full-fibre coverage broadband ambitions, says telco, which had identified seven key ...
Erasure coding vs RAID: Data protection in the cloud era

Erasure coding has come to prominence with its use in object storage and, by extension, in the cloud. We run the rule over its ...
UK and US marked down on responsible AI

The UK and US have been rated as leaders in government use of artificial intelligence, but the Nordics and Baltics attained the ...

Close