Advanced persistent threats and targeted attacks:
Fortunately, advanced capabilities are available to help you detect, analyse, and respond to these attacks before damage is done.
Cloud computing and storage solutions provide users and enterprises with various capabilities to store and process their data in third-party data centres. Organizations use the Cloud in a variety of different service models (SaaS, PaaS, and IaaS) and deployment models (Private, Public, Hybrid, and Community). There are a number of security concerns associated with cloud computing.
How do you know that the controls you have implemented are performing their functions properly? How do you know that your antivirus software, firewall, or any other security solution will block the threats?
A DDoS attack is an attempt to make a system or network resource unavailable to its employees or customers. The methods for carrying out a DDoS attack can vary, but they typically consist of efforts to temporarily or indefinitely interrupt services of a host system that’s connected to the Internet.
According to Gartner, “Deception technologies are defined by the use of deceit and/or feints designed to thwart or throw off an attacker's cognitive processes, disrupt an attacker's automation tools, delay an attacker's activities or disrupt breach progression. Deceptions are achieved through use of deceitful responses, purposeful obfuscations, feints, misdirections and other falsehoods. These techniques leverage the trust that attackers and the attackers' tools must have in the network protocols, infrastructure, applications, systems and data elements they interact with or access during the execution of their attacks or throughout their intelligence gathering activities. Deception in this context is used as a technique for defensive or disruptive purposes, and is not offensive in nature.”
As the number and variety of monitoring tools grow, it's getting harder to track which metrics to collect and why. One of the more fascinating points about IT systems businesses is that most of its operations are invisible to the naked eye. You may be sitting in a server room, but still have no idea what workloads are being performed, whether services are up or down, or what performance is like. That's why we rely on the monitoring tools that offer a deep view of what's going on inside this hidden world.
‘Next-generation’ endpoint protection or next-gen AV has been getting a lot of press recently. But what does the term actually mean? For IT security managers under pressure, the most important thing isn’t the latest buzzword but finding a solution which is effective in protecting their organization from an increasingly agile and determined online enemy. Multiple threat protection techniques working in synergy is the key to this.
Next-generation firewalls combine the capabilities of traditional firewalls -- including packet filtering, network address translation (NAT), URL blocking and virtual private networks (VPNs) -- with Quality of Service (QoS) functionality and features not traditionally found in firewall products.
A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safelytrying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, service andapplication ﬂaws, improper configurations, or risky end-user behaviour. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as, end-user adherence to security policies.
A good security awareness program should educate employees about corporate policies and procedures for working with information technology. Employees should receive information about who to contact if they discover a security threat and be taught that data as a valuable corporate asset.
The core capabilities of SIEM technology are a broad scope of event collection and the ability to correlate and analyse events across disparate sources. The security information and event management (SIEM) market is defined by the customer's need to analyse event data in real time for the early detection of targeted attacks and data breaches, and to collect, store, investigate and report on log data for incident response, forensics and regulatory compliance.
There are many commercially available vulnerability management solutions. These offerings range from automated vulnerability management systems to vulnerability management tools that require implementation by the organization.
While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy. WAFs may come in the form of an appliance, server plugin, or filter, and may be customized to an application.