Information Security

Defending the digital infrastructure

In This Issue

iSTOCK/GETTY IMAGES

Manage

Beyond the Page: Advanced Persistent Threats, Ransomware and More

The era of mobile, cloud and the Internet of Things is also an era of advanced persistent threats, ransomware and more. Here's how to stay secure.

Johannes Ullrich

SANS Technology Institute
Published: 07 Apr 2015

Having better security than your neighbors may not be enough anymore as malicious actors move beyond “spray and pray” tactics to advanced persistent threats aimed at specific organizations and industries. Targeted attacks, as the Sony incident illustrated, are often for financial gain through extortion and threats to expose or delete sensitive data. This Beyond the Page outlines the top threats in 2015, from the invasion of digital things and undetected data loss to advanced DDoS attacks and crypto ransomware. We cover countermeasures to help organizations defend against evolving attack techniques and detect intrusions faster to minimize the damage.

Feature

Defending against the digital invasion

The confluence of the Internet of Things and BYOD may turn into a beachhead that attackers can use to completely compromise your network.

Continue reading

Video

Internet of Things devices and crypto ransomware at work

The next wave of cyberthreats will combine two trends in new ways, says SANS' Johannes B. Ullrich, head of the Internet Storm Center. In this video, he explains the threats and countermeasures for the Internet of Things devices and enterprise crypto ransomware.

Tech tip

Network-based controls: Securing the Internet of things

Securing the Internet of Things is challenging for enterprises. Here's a list of controls that you should already have implemented in your network.

Continue reading

Read the full April edition of Information Security magazine

Article 4 of 7Next Article

Dig Deeper on Emerging cyberattacks and threats

All
News
Get Started
Evaluate
Manage
Problem Solve

Start the conversation

Send me notifications when other members comment.

Get More Information Security

Access to all of our back issues View All

E-Zine | May 2002

Special report: Cyber menace
E-Zine | Apr 2002

Password pain relief
E-Zine | Mar 2002

Smart cards: Will security help the U.S. get on track with the rest of the world?
E-Zine | Feb 2002

Network forensics analysis: The future of real-time monitoring?

E-Zine | Dec 2003

Celebrating the best information security processes, people, policy and products
E-Zine | Nov 2003

Comeback kid: Sanjay Kumar on Computer Associates' security strategy
E-Zine | Oct 2003

Chain of command: Inside Prudential's security management program
E-Zine | Sep 2003

Women of vision: How 25 leaders are shaping the industry's future

E-Zine | Dec 2004

Products of the year 2004: Only the best win
E-Zine | Nov 2004

Delivering SSO: Postal Service simplifies passwords
E-Zine | Oct 2004

Help! Evaluating AV solutions and tech support
E-Zine | Sep 2004

Mission critical: Securing the critical national infrastructure

E-Zine | Dec 2005

Top forensics tools for tracking down cybercriminals
E-Zine | Nov 2005

Comparing five of the top network-based inline IPS appliances
E-Zine | Oct 2005

Security 7 Award winners unmasked
E-Zine | Sep 2005

What's the best IT security advice you've ever received?

E-Zine | Dec 2006

What's your biggest information security concern?
E-Zine | Nov 2006

Symantec 2.0: Evaluating their recent acquisitions
E-Zine | Oct 2006

Security 7 Award winners: Simply the best
E-Zine | Sep 2006

The power of SIMs for visibility and compliance

E-Zine | Jan 2008

Reflections on the impact of Sarbanes-Oxley
E-Zine | Nov 2007

Comparing seven top integrated endpoint security suites
E-Zine | Oct 2007

Tips from the 2007 Security 7 Awards
E-Zine | Sep 2007

How to dig out rootkits

E-Zine | Nov 2008

Security researchers on biometrics, insider threats, encryption and virtualization
E-Zine | Oct 2008

Security 7 Award winners sound off on key information security issues
E-Zine | Sep 2008

Lessons learned from good and bad NAC implementations
E-Zine | Aug 2008

Everything you need to know about today's information security trends

E-Zine | Dec 2009

Step-by-step guide to avoiding basic database security risks
E-Zine | Nov 2009

How to implement a change management that works and reduces security risks
E-Zine | Oct 2009

Winners of Information Security magazine's Security 7 Award
E-Zine | Sep 2009

2009 Security Readers' Choice Awards

E-Zine | Dec 2010

Inside the Data Accountability and Trust Act and what it means for security
E-Zine | Nov 2010

Meeting cloud computing compliance mandates
E-Zine | Oct 2010

Security 7 Award winners and the latest on effective security awareness
E-Zine | Sep 2010

2010 Security Readers' Choice Awards

E-Zine | Dec 2011

An insider look at the Windows Vista security review
E-Zine | Nov 2011

Effectively navigating the security risk assessment process
E-Zine | Oct 2011

Spotlight on top security trends of 2011 and Security 7 award winners
E-Zine | Sep 2011

The top 2011 security products: Information Security Readers' Choice Awards

E-Zine | Nov 2012

Market for vulnerability information grows
E-Zine | Oct 2012

Seven Outstanding Security Pros in 2012
E-Zine | Oct 2012

Security Readers' Choice Awards 2012: Your picks for the best security products
E-Zine | Sep 2012

Setting up for BYOD success with enterprise mobile management and mobile application security

E-Zine | Dec 2013

2013 Security 7 award winners revealed
E-Zine | Nov 2013

Virtualization security dynamics get old, changes ahead
E-Zine | Oct 2013

Insider edition: Layering mobile security for greater control
E-Zine | Oct 2013

Security Readers' Choice Awards 2013

E-Zine | Dec 2014

2014 Security 7 Award Winners
E-Zine | Nov 2014

Security Readers' Choice Awards 2014
E-Zine | Oct 2014

Devices, data and how enterprise mobile management reconciles the two
E-Zine | Oct 2014

Continuous monitoring program demystified

E-Zine | Oct 2015

Emerging security threats from every which way
E-Zine | Sep 2015

Five ways CIOs build hybrid cloud security
E-Zine | Aug 2015

Is third-party vendor management the next IAM frontier?
E-Zine | Jul 2015

Insider Edition: Advanced security monitoring scrubs networks clean

E-Zine | Dec 2016

Dedicated CISO job still open to debate
E-Zine | Nov 2016

Insider Edition: Improved threat detection and incident response
E-Zine | Oct 2016

Identity of things moves beyond manufacturing
E-Zine | Sep 2016

Cloud governance model still behind services

E-Zine | Dec 2017

Will it last? The marriage between UBA tools and SIEM
E-Zine | Nov 2017

Next-gen SOC: What's on your automation roadmap?
E-Zine | Oct 2017

What does a CISO do now? It's a changing, increasingly vital role
E-Zine | Oct 2017

Growing data protection risks and how to manage them

E-Zine | Dec 2018

Allure of the threat hunter draws companies large and small
E-Zine | Oct 2018

User behavior analytics tackles cloud, hybrid environments
E-Zine | Aug 2018

Security data scientists on how to make your data useful
E-Zine | Jun 2018

CISOs face the IoT security risks of stranger things

E-Zine | Aug 2019

Managing identity and access well unlocks strong security
E-Zine | May 2019

Conquering cloud security threats with awareness and tools
E-Zine | Feb 2019

CISOs build cybersecurity business case amid attack onslaught

-ADS BY GOOGLE

SearchCloudSecurity

How to build and maintain a multi-cloud security strategy

When using multiple cloud service providers, it's critical to consider your enterprise's cloud scope and the specifics of each ...
Why CASB tools are crucial to your cloud security

CASB tools have gained traction as cloud security becomes more important. Among other features, a cloud security access broker ...
Complexity requires new cloud-based patch management strategies

Patch management for cloud creates new challenges than traditional in-house programs. Expert Dave Shackleford presents patch ...

SearchNetworking

F5 Networks updates NGINX Application Platform, other tools

Updates include improved security and observability features, a new developer portal, API importing and improved analytics and ...
Legacy tools encumber modern network infrastructure monitoring

Many IT teams still use older monitoring tools that provide limited visibility across multiple network environments. AI and ...
CenturyLink acquires Streamroot, adding P2P CDN capabilities

Peer-to-peer content delivery network technology from Streamroot will enable CenturyLink to reach underserved areas and offer ...

SearchCIO

OT security brings new challenges in the age of IoT

We're diving into the IoT security challenges CIOs need to be aware of as a result of integrating OT devices, which often work in...
The changing role of the CIO

The shift to a digital economy is dramatically changing the role of the CIO, from trusted IT operator to business strategist.
Book excerpt: Communication structures of an organization

The following is an excerpt from 'Team Topologies: Organizing Business and Technology Teams for Fast Flow,' by Matthew Skelton ...

SearchEnterpriseDesktop

DaaS may encourage organizations to adopt Macs and Chromebooks

New options for delivering remote Windows apps in the cloud, combined with the maturity of SaaS apps, Chromebooks and Mac ...
Zoho adds new Zoho One features, management application

Zoho One customers can now make phone calls using Zoho's telephony platform, extend provisioning through custom apps and use the ...
4 steps to check application compatibility with Windows 10

Before a Windows 10 migration, IT admins should make sure all applications are compatible with the new OS. Here are four steps to...

SearchCloudComputing

Prepare for these 4 cloud migration problems

Ready to move to the cloud? Review these common mistakes users tend to make when moving data and avoid them during your cloud ...
Top 6 Google cloud certification programs

The cloud job market continues to grow, but it can be hard to get your resume to the top of the pile. Consider these Google cloud...
Microsoft extends Azure networking with satellite connections

Microsoft Azure customers can now tap satellite internet providers through the private Azure ExpressRoute service. The move ...

ComputerWeekly.com

Ensign InfoSecurity opens global headquarters in Singapore

The Singapore-based cyber security firm’s new headquarters will also be home to a new security operations centre that will ...
Gartner Catalyst: Prepare for web giants crushing your industry

Companies like Amazon and Alibaba are taking a bigger chunk of the customer journey, but they are also spreading across industry ...
Research explores economic benefits of full-fibre and 5G at local level

The Broadband Stakeholders Group (BSG) has published research by Oxera to help local authorities understand the benefits of ...

Close