Like antibiotic resistant strains of bacteria give nightmares to medical epidemiologists, modular malware systems are doing the same to cyber defenders. Learn how malwares work and what cyber defenders can do with the tools they have:
Google recently stated that none of its 80,000 employee accounts using their Titan Security Key has been compromised since deployment. This is because this hardware authentication device is a possession factor that cyber criminals cannot electronically steal as they do passwords. But, as great as this and like tools are, they are susceptible when the endpoints using them are compromised. Read on to learn more about how your different authentication mechanisms depend on endpoint protection as well as the one capability you need for this but may have never heard about.
There’s a pervasive, false perception in contemporary politics. The candidate that advocates spending the most on something cares most about solving the problem. Today’s endpoint protection suites are similarly ranked. Those with the longer list of features are ranked higher. Similarly, like features are seldom compared one-to-one but are presumed little different among different suites. The breadth and price of the package carries too much weight. Actual results bear too little, including level of effort. And ultimately, the features checklists have usurped the overarching mission of endpoint protection suites, preventing compromises.
One of today’s most widespread cybersecurity principles seems prudent on the surface but has made the enterprise cyber program a bloated, lumbering beast of burden. Defense in depth is simple to intuit; it is as obvious as two heads are better than one. Reality demands, however, that the enterprise optimize. How many are too many? What combination is best, and so on? Clearly, finding that sweet spot depends more on just what mitigates the spectrum of prioritized risks. The following anonymous customer story exposes at least two other major dimensions that matter. These other two are the difference between excellence and mediocrity.
If ever in a freezing cold room with IT/Sec-Ops people, raising the topic of patch management can heat it up fast. Patching applications on an organization’s client and server endpoints is far more challenging than most people realize. The uncertainty over what applications need to be patched in the next cycle makes it seem a never ending game of whack-a-mole.
Fortunately for the weary, there is an astonishingly simple, effortless, and effective way to snuff out those moles for good (figuratively speaking of course), including those invisible ones otherwise known as zero-day attacks.
Soldiers in combat over the last century rapidly grow accustomed to the distant cacophony of artillery and bombs. Some even get desensitized to nearby explosions. How many of us react with shock and horror at a data breach headline? Few do. We all hear them rumbling in the distance all the time.
Look at all of the familiar names in this list of recent casualties: Sears, Kmart, Best Buy, Saks Fifth Ave, Lord & Taylor, Whole Foods, JC Penny, Walmart, Panera Bread, Sonic, Arby’s, AppleBees, Coca-Cola, Delta Airlines, Under Armour, Orbitz, Atlantic City, Equifax, Yahoo, SunTrust Banks, Blue Shield of California, Western Union, Boeing, CareFirst BlueCross BlueShield, and Bed Bath & Beyond.
These Categories will Help Simplify Endpoint Security Product Evaluation
The terms, names, and jargon cumulatively found reading cybersecurity articles even confuses and befuddles the people that write them. For years, anti-malware vendors and researchers have gained 15 minutes of fame after naming a malware family or variant they discovered and analyzed. Now, there are zillions of them. The omnipresent keyword chaos literally complicates endpoint security.
While most people worry that the Equifax data breach will cause a spike in identity theft and other cyber fraud, maybe we should be more concerned if this does NOT happen.
Articles about Equifax and the breach headlined periodicals not just in the trade rags but also in the mainstream. Such coverage surprises no one given the vast number of records that were compromised. But what of the countless breaches not headlined, not fully disclosed, and not discovered at all?