Information Security

Defending the digital infrastructure

In This Issue

iSTOCK/GETTY IMAGES

Manage

Beyond the Page: Advanced Persistent Threats, Ransomware and More

The era of mobile, cloud and the Internet of Things is also an era of advanced persistent threats, ransomware and more. Here's how to stay secure.

Johannes Ullrich

By

Johannes Ullrich, SANS Technology Institute

Having better security than your neighbors may not be enough anymore as malicious actors move beyond “spray and pray” tactics to advanced persistent threats aimed at specific organizations and industries. Targeted attacks, as the Sony incident illustrated, are often for financial gain through extortion and threats to expose or delete sensitive data. This Beyond the Page outlines the top threats in 2015, from the invasion of digital things and undetected data loss to advanced DDoS attacks and crypto ransomware. We cover countermeasures to help organizations defend against evolving attack techniques and detect intrusions faster to minimize the damage.

Feature

Defending against the digital invasion

The confluence of the Internet of Things and BYOD may turn into a beachhead that attackers can use to completely compromise your network.

Continue reading

Video

Internet of Things devices and crypto ransomware at work

The next wave of cyberthreats will combine two trends in new ways, says SANS' Johannes B. Ullrich, head of the Internet Storm Center. In this video, he explains the threats and countermeasures for the Internet of Things devices and enterprise crypto ransomware.

Tech tip

Network-based controls: Securing the Internet of things

Securing the Internet of Things is challenging for enterprises. Here's a list of controls that you should already have implemented in your network.

Continue reading

Read the full April edition of Information Security magazine

Article 4 of 7Next Article

This was last published in April 2015

Dig Deeper on Emerging cyberattacks and threats

Get More Information Security

Access to all of our back issues View All

E-Zine | Oct 2003

Chain of command: Inside Prudential's security management program

E-Zine | Dec 2009

Step-by-step guide to avoiding basic database security risks

E-Zine | Mar 2011

Best practices for securing virtual machines

E-Zine | Oct 2015

Emerging security threats from every which way
E-Zine | Sep 2015

Five ways CIOs build hybrid cloud security
E-Zine | Aug 2015

Is third-party vendor management the next IAM frontier?
E-Zine | Jul 2015

Insider Edition: Advanced security monitoring scrubs networks clean

E-Zine | Dec 2016

Dedicated CISO job still open to debate
E-Zine | Nov 2016

Insider Edition: Improved threat detection and incident response
E-Zine | Oct 2016

Identity of things moves beyond manufacturing
E-Zine | Sep 2016

Cloud governance model still behind services

E-Zine | Dec 2017

Will it last? The marriage between UBA tools and SIEM
E-Zine | Nov 2017

Next-gen SOC: What's on your automation roadmap?
E-Zine | Oct 2017

What does a CISO do now? It's a changing, increasingly vital role
E-Zine | Oct 2017

Growing data protection risks and how to manage them

E-Zine | Dec 2018

Allure of the threat hunter draws companies large and small
E-Zine | Oct 2018

User behavior analytics tackles cloud, hybrid environments
E-Zine | Aug 2018

Security data scientists on how to make your data useful
E-Zine | Jun 2018

CISOs face the IoT security risks of stranger things

E-Zine | Nov 2019

AI threats, understaffed defenses and other cyber nightmares
E-Zine | Aug 2019

Managing identity and access well unlocks strong security
E-Zine | May 2019

Conquering cloud security threats with awareness and tools
E-Zine | Feb 2019

CISOs build cybersecurity business case amid attack onslaught

E-Zine | Nov 2020

AI cybersecurity raises analytics' accuracy, usability
E-Zine | Aug 2020

Cybersecurity education for employees: Learn what works
E-Zine | May 2020

Why CISOs need advanced network security strategies now
E-Zine | Feb 2020

Getting the most from cyberthreat intelligence services

SearchCloudSecurity

Unify on-premises and cloud access control with SDP

One security framework available to organizations struggling with on-premises and cloud access control issues is a ...
Get to know cloud-based identity governance capabilities

As enterprise cloud adoption increases, the market for cloud identity governance is expected to expand. Learn more about the use ...
6 AIOps security use cases to safeguard the cloud

Explore six AIOps security use cases in cloud environments, such as threat intelligence analysis and malware detection, as well ...

SearchNetworking

Wi-Fi 6 rollout requires careful review of network devices

Wi-Fi 6 is just one part of the overall enterprise network. Organizations need to evaluate several network components to ensure a...
How cloud-native networking will transform infrastructure

Cloud-native networking aims to prioritize business needs and enable networks to become more efficient. Learn more about the ...
The role of network observability in distributed systems

Network observability sounds like a new term for an existing practice, but is that the case? This chapter excerpt lays out what ...

SearchCIO

Managing cybersecurity during the pandemic and in the new digital age

Roota Almeida, CISO at Delta Dental of New Jersey and Delta Dental of Connecticut, talks about the cybersecurity threats she's ...
Enterprise architecture has business's ear at Scottish Water

Scottish Water's enterprise architecture team leader discusses how engaging with business leaders and software tools can help ...
4 IT contract negotiation strategies to drive value in 2021

To ensure businesses today can effectively save costs through IT sourcing and outsourcing, we're offering four tips for IT ...

SearchEnterpriseDesktop

Incorporating zero trust into endpoint security

Zero trust is a complex term, but organizations that take security seriously must know what it is and how it can support existing...
Keeping tabs on employees in the hybrid workplace

Companies want better ways to determine if their employees are mentally healthy or are at risk of a breakdown in the hybrid ...
Top 6 endpoint security software options in 2021

The market for endpoint security software can be confusing to navigate for decision-makers, but this market roundup should help ...

SearchCloudComputing

Choose the right serverless container service

Many IT pros consider serverless containers to be largely hype, while others say it offers real advances in serverless computing....
IBM boosts vertical cloud push with financial services cloud

IBM doubles down on its investment in vertical markets, rolling out a financial services cloud that shares workloads with clouds ...
Open source cloud platforms and tools to consider

Although the most popular cloud platforms are proprietary, open source options can enhance the agility and cost-effectiveness of ...

ComputerWeekly.com

Dutch accuse UK of ‘damaging confidence’ by disclosing details of EncroChat police collaboration

The Dutch Public Prosecution Service claims Britain has damaged confidence by disclosing details of an international ...
Uber ordered to reinstate six drivers fired by automated process

A default judgment handed down by Dutch court has ordered Uber to reinstate six drivers with compensation following unevidenced ...
Google launches multimillion-dollar cloud tech push to boost Covid-19 vaccine distribution

Tech giant Google is ploughing millions of dollars into initiatives to bolster the availability of Covid-19 vaccines and make it ...

Close