Information Security

Defending the digital infrastructure

In This Issue

iSTOCK/GETTY IMAGES

Manage

Beyond the Page: Advanced Persistent Threats, Ransomware and More

The era of mobile, cloud and the Internet of Things is also an era of advanced persistent threats, ransomware and more. Here's how to stay secure.

Johannes Ullrich

SANS Technology Institute

Having better security than your neighbors may not be enough anymore as malicious actors move beyond “spray and pray” tactics to advanced persistent threats aimed at specific organizations and industries. Targeted attacks, as the Sony incident illustrated, are often for financial gain through extortion and threats to expose or delete sensitive data. This Beyond the Page outlines the top threats in 2015, from the invasion of digital things and undetected data loss to advanced DDoS attacks and crypto ransomware. We cover countermeasures to help organizations defend against evolving attack techniques and detect intrusions faster to minimize the damage.

Feature

Defending against the digital invasion

The confluence of the Internet of Things and BYOD may turn into a beachhead that attackers can use to completely compromise your network.

Continue reading

Video

Internet of Things devices and crypto ransomware at work

The next wave of cyberthreats will combine two trends in new ways, says SANS' Johannes B. Ullrich, head of the Internet Storm Center. In this video, he explains the threats and countermeasures for the Internet of Things devices and enterprise crypto ransomware.

Tech tip

Network-based controls: Securing the Internet of things

Securing the Internet of Things is challenging for enterprises. Here's a list of controls that you should already have implemented in your network.

Continue reading

Read the full April edition of Information Security magazine

Article 4 of 7Next Article

This was last published in April 2015

Dig Deeper on Emerging cyberattacks and threats

All
News
Get Started
Evaluate
Manage
Problem Solve

Start the conversation

Send me notifications when other members comment.

Get More Information Security

Access to all of our back issues View All

E-Zine | May 2002

Special report: Cyber menace
E-Zine | Apr 2002

Password pain relief
E-Zine | Mar 2002

Smart cards: Will security help the U.S. get on track with the rest of the world?
E-Zine | Feb 2002

Network forensics analysis: The future of real-time monitoring?

E-Zine | Dec 2003

Celebrating the best information security processes, people, policy and products
E-Zine | Nov 2003

Comeback kid: Sanjay Kumar on Computer Associates' security strategy
E-Zine | Oct 2003

Chain of command: Inside Prudential's security management program
E-Zine | Sep 2003

Women of vision: How 25 leaders are shaping the industry's future

E-Zine | Dec 2004

Products of the year 2004: Only the best win
E-Zine | Nov 2004

Delivering SSO: Postal Service simplifies passwords
E-Zine | Oct 2004

Help! Evaluating AV solutions and tech support
E-Zine | Sep 2004

Mission critical: Securing the critical national infrastructure

E-Zine | Dec 2005

Top forensics tools for tracking down cybercriminals
E-Zine | Nov 2005

Comparing five of the top network-based inline IPS appliances
E-Zine | Oct 2005

Security 7 Award winners unmasked
E-Zine | Sep 2005

What's the best IT security advice you've ever received?

E-Zine | Dec 2006

What's your biggest information security concern?
E-Zine | Nov 2006

Symantec 2.0: Evaluating their recent acquisitions
E-Zine | Oct 2006

Security 7 Award winners: Simply the best
E-Zine | Sep 2006

The power of SIMs for visibility and compliance

E-Zine | Jan 2008

Reflections on the impact of Sarbanes-Oxley
E-Zine | Nov 2007

Comparing seven top integrated endpoint security suites
E-Zine | Oct 2007

Tips from the 2007 Security 7 Awards
E-Zine | Sep 2007

How to dig out rootkits

E-Zine | Nov 2008

Security researchers on biometrics, insider threats, encryption and virtualization
E-Zine | Oct 2008

Security 7 Award winners sound off on key information security issues
E-Zine | Sep 2008

Lessons learned from good and bad NAC implementations
E-Zine | Aug 2008

Everything you need to know about today's information security trends

E-Zine | Dec 2009

Step-by-step guide to avoiding basic database security risks
E-Zine | Nov 2009

How to implement a change management that works and reduces security risks
E-Zine | Oct 2009

Winners of Information Security magazine's Security 7 Award
E-Zine | Sep 2009

2009 Security Readers' Choice Awards

E-Zine | Dec 2010

Inside the Data Accountability and Trust Act and what it means for security
E-Zine | Nov 2010

Meeting cloud computing compliance mandates
E-Zine | Oct 2010

Security 7 Award winners and the latest on effective security awareness
E-Zine | Sep 2010

2010 Security Readers' Choice Awards

E-Zine | Dec 2011

An insider look at the Windows Vista security review
E-Zine | Nov 2011

Effectively navigating the security risk assessment process
E-Zine | Oct 2011

Spotlight on top security trends of 2011 and Security 7 award winners
E-Zine | Sep 2011

The top 2011 security products: Information Security Readers' Choice Awards

E-Zine | Nov 2012

Market for vulnerability information grows
E-Zine | Oct 2012

Seven Outstanding Security Pros in 2012
E-Zine | Oct 2012

Security Readers' Choice Awards 2012: Your picks for the best security products
E-Zine | Sep 2012

Setting up for BYOD success with enterprise mobile management and mobile application security

E-Zine | Dec 2013

2013 Security 7 award winners revealed
E-Zine | Nov 2013

Virtualization security dynamics get old, changes ahead
E-Zine | Oct 2013

Insider edition: Layering mobile security for greater control
E-Zine | Oct 2013

Security Readers' Choice Awards 2013

E-Zine | Dec 2014

2014 Security 7 Award Winners
E-Zine | Nov 2014

Security Readers' Choice Awards 2014
E-Zine | Oct 2014

Devices, data and how enterprise mobile management reconciles the two
E-Zine | Oct 2014

Continuous monitoring program demystified

E-Zine | Oct 2015

Emerging security threats from every which way
E-Zine | Sep 2015

Five ways CIOs build hybrid cloud security
E-Zine | Aug 2015

Is third-party vendor management the next IAM frontier?
E-Zine | Jul 2015

Insider Edition: Advanced security monitoring scrubs networks clean

E-Zine | Dec 2016

Dedicated CISO job still open to debate
E-Zine | Nov 2016

Insider Edition: Improved threat detection and incident response
E-Zine | Oct 2016

Identity of things moves beyond manufacturing
E-Zine | Sep 2016

Cloud governance model still behind services

E-Zine | Dec 2017

Will it last? The marriage between UBA tools and SIEM
E-Zine | Nov 2017

Next-gen SOC: What's on your automation roadmap?
E-Zine | Oct 2017

What does a CISO do now? It's a changing, increasingly vital role
E-Zine | Oct 2017

Growing data protection risks and how to manage them

E-Zine | Dec 2018

Allure of the threat hunter draws companies large and small
E-Zine | Oct 2018

User behavior analytics tackles cloud, hybrid environments
E-Zine | Aug 2018

Security data scientists on how to make your data useful
E-Zine | Jun 2018

CISOs face the IoT security risks of stranger things

E-Zine | May 2019

Conquering cloud security threats with awareness and tools
E-Zine | Feb 2019

CISOs build cybersecurity business case amid attack onslaught

-ADS BY GOOGLE

SearchCloudSecurity

CASB market dynamics, from a customer perspective

The CASB market is changing. Learn how the fluctuating threat landscape has led to a use case evolution and operational changes ...
Top 4 strategies for cloud security automation

Automating security in the cloud can be invaluable for threat detection and mitigation. These are the key focal areas where ...
Another Amazon S3 leak exposes Attunity data, credentials

UpGuard security researchers found publicly exposed Amazon S3 buckets from data management firm Attunity, which included company ...

SearchNetworking

Niagara Networks and L7 Defense team up for API security

The L7 Defense application Ammune API Defense will run on Niagara Networks' Open Visibility Platform in an effort to bring ...
SD-WAN market sees continued growth, room for mobile support

The SD-WAN market is growing, thanks to financial firms with distributed deployments. VMware and Cisco continue to lead the ...
An introduction to smart NICs and their benefits

This introduction discusses how smart NICs work and how they can benefit data center servers. It also explores the smart NIC ...

SearchCIO

How edge computing differs from decentralized computing

Edge computing isn't about sticking servers and storage in a branch location. Learn the critical differences between edge and ...
Facebook's Libra project -- why enterprises should prepare

Facebook's foray into cryptocurrency is setting off alarm bells in government and finance circles. The question is how could the ...
Ransomware attacks: How to get the upper hand

Ransomware attacks are on the rise. Can organizations play like Radiohead and refuse to pay? The answer from security experts is ...

SearchEnterpriseDesktop

3 Windows 10 known issues and how to fix them

There are a few issues that accompanied the Windows 10 1903 update. Before deploying the latest update, IT admins should ...
Despite Windows 10 issues, customers remain confident in OS

The issues surrounding the latest Windows 10 OS update have affected some users to the point of annoyance, while others remain ...
How to take advantage of 3 features in Windows 1903 update

Windows Autopilot, reserved storage and SetupDiag are three new features in Windows 10. Here's how IT admins can use them for ...

SearchCloudComputing

Hybrid cloud deals dominate 2019's cloud computing market news

It has been a busy first half of 2019 for the cloud computing market. Here is a rundown of the biggest cloud news stories so far ...
What to expect -- and not expect -- from serverless computing

The scope of serverless computing continues to evolve as cloud providers try to reduce the drawbacks and join the technology with...
Conduct cloud security training across the business

A well-educated staff is one of the best tools in the fight against security breaches. Consider these tips to prepare your ...

ComputerWeekly.com

Phishing attack highlights cyber security need at universities

UK university cyber security is once again under the spotlight after Lancaster University reveals that it has been targeted by a ...
UK government to boost AI and data use in preventive healthcare

A programme led by Public Health England and NHSX will aim to usher in a “new era of evidence-based self-care", with patients ...
Home Office hands EE additional £220m for ESN

Home Office quietly announces a major extension to the ESN project, pumping over £200m of additional taxpayer money into its ...

Close