Information Security

Defending the digital infrastructure

In This Issue

iSTOCK/GETTY IMAGES

Manage

Beyond the Page: Advanced Persistent Threats, Ransomware and More

The era of mobile, cloud and the Internet of Things is also an era of advanced persistent threats, ransomware and more. Here's how to stay secure.

Johannes Ullrich

By

Johannes Ullrich, SANS Technology Institute

Having better security than your neighbors may not be enough anymore as malicious actors move beyond “spray and pray” tactics to advanced persistent threats aimed at specific organizations and industries. Targeted attacks, as the Sony incident illustrated, are often for financial gain through extortion and threats to expose or delete sensitive data. This Beyond the Page outlines the top threats in 2015, from the invasion of digital things and undetected data loss to advanced DDoS attacks and crypto ransomware. We cover countermeasures to help organizations defend against evolving attack techniques and detect intrusions faster to minimize the damage.

Feature

Defending against the digital invasion

The confluence of the Internet of Things and BYOD may turn into a beachhead that attackers can use to completely compromise your network.

Continue reading

Video

Internet of Things devices and crypto ransomware at work

The next wave of cyberthreats will combine two trends in new ways, says SANS' Johannes B. Ullrich, head of the Internet Storm Center. In this video, he explains the threats and countermeasures for the Internet of Things devices and enterprise crypto ransomware.

Tech tip

Network-based controls: Securing the Internet of things

Securing the Internet of Things is challenging for enterprises. Here's a list of controls that you should already have implemented in your network.

Continue reading

Read the full April edition of Information Security magazine

Article 4 of 7Next Article

This was last published in April 2015

Dig Deeper on Emerging cyberattacks and threats

Get More Information Security

Access to all of our back issues View All

E-Zine | Dec 2009

Step-by-step guide to avoiding basic database security risks

E-Zine | Mar 2011

Best practices for securing virtual machines

E-Zine | Oct 2015

Emerging security threats from every which way
E-Zine | Sep 2015

Five ways CIOs build hybrid cloud security
E-Zine | Aug 2015

Is third-party vendor management the next IAM frontier?
E-Zine | Jul 2015

Insider Edition: Advanced security monitoring scrubs networks clean

E-Zine | Dec 2016

Dedicated CISO job still open to debate
E-Zine | Nov 2016

Insider Edition: Improved threat detection and incident response
E-Zine | Oct 2016

Identity of things moves beyond manufacturing
E-Zine | Sep 2016

Cloud governance model still behind services

E-Zine | Dec 2017

Will it last? The marriage between UBA tools and SIEM
E-Zine | Nov 2017

Next-gen SOC: What's on your automation roadmap?
E-Zine | Oct 2017

What does a CISO do now? It's a changing, increasingly vital role
E-Zine | Oct 2017

Growing data protection risks and how to manage them

E-Zine | Dec 2018

Allure of the threat hunter draws companies large and small
E-Zine | Oct 2018

User behavior analytics tackles cloud, hybrid environments
E-Zine | Aug 2018

Security data scientists on how to make your data useful
E-Zine | Jun 2018

CISOs face the IoT security risks of stranger things

E-Zine | Nov 2019

AI threats, understaffed defenses and other cyber nightmares
E-Zine | Aug 2019

Managing identity and access well unlocks strong security
E-Zine | May 2019

Conquering cloud security threats with awareness and tools
E-Zine | Feb 2019

CISOs build cybersecurity business case amid attack onslaught

E-Zine | Nov 2020

AI cybersecurity raises analytics' accuracy, usability
E-Zine | Aug 2020

Cybersecurity education for employees: Learn what works
E-Zine | May 2020

Why CISOs need advanced network security strategies now
E-Zine | Feb 2020

Getting the most from cyberthreat intelligence services

SearchCloudSecurity

Automate app security with SaaS security posture management
Keeping track of cloud application security settings and configurations businesswide is no easy task. Automate this cumbersome ...
What are cloud containers and how do they work?
Containers in cloud computing have evolved from a security buzzword. Deployment of cloud containers is now an essential element ...
Invest in cloud security to future-proof your organization
The cloud has opened many opportunities for enterprises to maintain operations during the pandemic, but it has also created ...

SearchNetworking

Enterprises look to formalize WFH network architecture
As work-from-home programs prove they're here to stay, enterprise network teams are assessing their network designs to ensure ...
5G core network functionality driven by SDN, NFV
To reap the full benefits of 5G, operators are using SDN, NFV and network slicing to build out core network functionality.
An introductory overview of 5G network capabilities
In this Q&A, author William Stallings discusses 5G services, such as network slicing and QoS, and other topics covered in his ...

SearchCIO

Inside look at Equifax's $1.5B digital transformation journey
A massive digital transformation effort at Equifax is gaining momentum. CTO Bryson Koehler talks about overhauling data ...
FTC's change to policy could make for healthier mergers
Cornell's Robert Hockett said the FTC's recent decision to rescind a 1995 policy could help prevent bad mergers, as scrutiny of ...
Chinese regulatory crackdown is about control, not data privacy
Despite China's messaging, analysts believe the government's recent regulatory tightening on tech companies is more about control...

SearchEnterpriseDesktop

Comparing offerings: Microsoft 365 vs. Google Workspace
Microsoft 365 vs. Google Workspace is a difficult choice, so organizations should evaluate each offering's features and pricing ...
Enterprise IT pros unclear on Microsoft Windows 11 benefits
Microsoft recently unveiled Windows 11, but its consumer-focused presentation left IT pros with questions about hardware ...
What's included in Microsoft 365 subscription plans
Microsoft 365 has different licensing plans for all kinds of businesses. Learn about the different subscription plans that ...

SearchCloudComputing

Key aspects of RPA in the cloud
As more enterprises prioritize automation, RPA seeks to build upon that growth within the cloud sector. Learn why vendors see the...
Dive into DigitalOcean Droplets and App Platform
DigitalOcean vies with AWS, Azure and others by targeting developers and startups. See what it has to offer and how it competes ...
4 best practices for big data security in cloud computing
When dealing with vast amounts of data in the cloud, enterprises need to be proactive with security. Don't wait for a threat to ...

ComputerWeekly.com

UK MoD turns to hackers to help secure digital assets
Hackers given direct access to internal Ministry of Defence systems to identify and report security vulnerabilities
Panasas’s 10x saving bumps NetApp from HPC storage deployment
University of Wollongong got 1.2PB for the cost of 100TB for HPC storage in its cryo-imaging institute. Scale-out NAS maker ...
New ransomware gang spins out of DarkSide
The emergence of a ransomware gang known as BlackMatter raises questions that it could be a re-brand of REvil or DarkSide

Close