Information Security

Defending the digital infrastructure

In This Issue

iSTOCK/GETTY IMAGES

Manage

Beyond the Page: Advanced Persistent Threats, Ransomware and More

The era of mobile, cloud and the Internet of Things is also an era of advanced persistent threats, ransomware and more. Here's how to stay secure.

Johannes Ullrich

By

Johannes Ullrich, SANS Technology Institute

Having better security than your neighbors may not be enough anymore as malicious actors move beyond “spray and pray” tactics to advanced persistent threats aimed at specific organizations and industries. Targeted attacks, as the Sony incident illustrated, are often for financial gain through extortion and threats to expose or delete sensitive data. This Beyond the Page outlines the top threats in 2015, from the invasion of digital things and undetected data loss to advanced DDoS attacks and crypto ransomware. We cover countermeasures to help organizations defend against evolving attack techniques and detect intrusions faster to minimize the damage.

Feature

Defending against the digital invasion

The confluence of the Internet of Things and BYOD may turn into a beachhead that attackers can use to completely compromise your network.

Continue reading

Video

Internet of Things devices and crypto ransomware at work

The next wave of cyberthreats will combine two trends in new ways, says SANS' Johannes B. Ullrich, head of the Internet Storm Center. In this video, he explains the threats and countermeasures for the Internet of Things devices and enterprise crypto ransomware.

Tech tip

Network-based controls: Securing the Internet of things

Securing the Internet of Things is challenging for enterprises. Here's a list of controls that you should already have implemented in your network.

Continue reading

Read the full April edition of Information Security magazine

Article 4 of 7Next Article

This was last published in April 2015

Dig Deeper on Emerging cyberattacks and threats

Get More Information Security

Access to all of our back issues View All

E-Zine | Oct 2003

Chain of command: Inside Prudential's security management program

E-Zine | Feb 2006

Best-of-breed: Security Products of the Year: 2006

E-Zine | Aug 2008

Everything you need to know about today's information security trends

E-Zine | Dec 2009

Step-by-step guide to avoiding basic database security risks

E-Zine | Nov 2011

Effectively navigating the security risk assessment process
E-Zine | Mar 2011

Best practices for securing virtual machines

E-Zine | Oct 2015

Emerging security threats from every which way
E-Zine | Sep 2015

Five ways CIOs build hybrid cloud security
E-Zine | Aug 2015

Is third-party vendor management the next IAM frontier?
E-Zine | Jul 2015

Insider Edition: Advanced security monitoring scrubs networks clean

E-Zine | Dec 2016

Dedicated CISO job still open to debate
E-Zine | Nov 2016

Insider Edition: Improved threat detection and incident response
E-Zine | Oct 2016

Identity of things moves beyond manufacturing
E-Zine | Sep 2016

Cloud governance model still behind services

E-Zine | Dec 2017

Will it last? The marriage between UBA tools and SIEM
E-Zine | Nov 2017

Next-gen SOC: What's on your automation roadmap?
E-Zine | Oct 2017

What does a CISO do now? It's a changing, increasingly vital role
E-Zine | Oct 2017

Growing data protection risks and how to manage them

E-Zine | Dec 2018

Allure of the threat hunter draws companies large and small
E-Zine | Oct 2018

User behavior analytics tackles cloud, hybrid environments
E-Zine | Aug 2018

Security data scientists on how to make your data useful
E-Zine | Jun 2018

CISOs face the IoT security risks of stranger things

E-Zine | Nov 2019

AI threats, understaffed defenses and other cyber nightmares
E-Zine | Aug 2019

Managing identity and access well unlocks strong security
E-Zine | May 2019

Conquering cloud security threats with awareness and tools
E-Zine | Feb 2019

CISOs build cybersecurity business case amid attack onslaught

E-Zine | Nov 2020

AI cybersecurity raises analytics' accuracy, usability
E-Zine | Aug 2020

Cybersecurity education for employees: Learn what works
E-Zine | May 2020

Why CISOs need advanced network security strategies now
E-Zine | Feb 2020

Getting the most from cyberthreat intelligence services

SearchCloudSecurity

6 SaaS security best practices to protect applications

Use these SaaS security best practices to ensure your users' and organization's SaaS use stays as protected as the rest of your ...
Review these 7 CASB vendors to best secure cloud access

CASB technology offers threat protection, increased visibility and policy enforcement. Explore how these seven vendors stack up ...
CASB explained: Know its use cases before you buy

CASB tools help to secure cloud applications so only authorized users have access. Discover more about this rapidly evolving ...

SearchNetworking

10 network security tips in response to the SolarWinds hack

From perimeter protection to persistent patching, enterprises should regularly review, update and test their network security ...
Considerations for SASE management and troubleshooting

SASE opens new territory for network and security management and troubleshooting. Ultimately, teams should look for system ...
Cisco sweetens Acacia deal by $2 billion

Cisco has agreed to pay $4.5 billion for Acacia, $2 billion more than the initial agreement in 2019. Cisco wants Acacia's optical...

SearchCIO

Cloud, security top list of IT spending priorities

The COVID-19 pandemic's influence on IT spending will continue into 2021, as organizations bolster security, accelerate cloud ...
What CIOs need to know about RPA in IT operations

We have yet to see a big investment in RPA for IT operations, but that could change as experts identify it as an area that can ...
Parler sues AWS, seeks restraining order

After abruptly losing web-hosting services, Parler sues AWS, alleging breach of contract and antitrust behavior.

SearchEnterpriseDesktop

Will Windows 10 be the last Windows OS?

It's difficult to say whether Windows 10 will be the final version of the Windows OS, but a look at Microsoft's history and ...
CES: Laptops sport designs friendly for remote workers

Top PC manufacturers Dell, HP and Lenovo emphasized at-home flexibility in their CES laptop announcements. Remote work has driven...
Evaluate if Windows 10 needs third-party antivirus

While Windows Defender, Microsoft's native antivirus for Windows 10 systems, is suitable for personal use, enterprise users may ...

SearchCloudComputing

IBM acquisition spree targets hybrid cloud consulting market

Acquiring five providers specializing in cloud-based consulting and managed services since November, IBM wants to make it easier ...
How to choose between IaaS and SaaS cloud models

Even if you already moved a few workloads to the cloud, it's never too early to start looking at where you are going and never ...
COVID-19 and remote work shift cloud predictions for 2021

If we learned anything from 2020, it's to expect the unexpected. Yet that doesn't stop analysts from trying to predict what's to ...

ComputerWeekly.com

Immigration exemption in data protection law faces further legal challenge

Human rights groups set to take legal challenge against immigration exemption to Court of Appeal on the basis that everyone, ...
Hackney Council tenders for cyber security upgrade

Suppliers are being invited to tender for enhanced cyber security capabilities at ransomware victim Hackney Council
Microsoft teams up with UK startup to minimise impact of climate change by aviation industry

Cambridge-based startup Satavia is tapping into the Microsoft Azure public cloud platform to help aviation industry minimise the ...

Close