Outrunning the Bear: 5 critical ways to take a more collaborative approach to IT security | SlashdotMedia AdOps Asset Management

Outrunning the Bear: 5 critical ways to take a more collaborative approach to IT security

Studies show the average time to resolve a security breach once detected is more than 45 days, and companies lose more than $1.6 million during that time. The obstacles to faster response include lack of resources and an inability to effectively communicate and collaborate among the multiple teams and tools larger enterprises rely on for protection.

This white paper examines the "outrun the bear" approach prevalent in IT security: you don't have to outrun the hackers; you just have to outrun other companies. It examines the challenges inhibiting faster response, and it offers five critical steps an organization can take to turn security intelligence into action.

Breach Response: How to Prepare for the Inevitable

To avoid being breached, you have to get it right every single time. To breach you, hackers only have to get it right once. Experts advise breaches are inevitable. And according to Ponemon Institute, the average time to resolve a cyber attack is 45 days, with an average cost of $35,647 per day. The key to minimizing damage is preparation.

This white paper tells you what you need to know to be prepared for a breach. Read it to understand:

• The right breach mindset
• Response team composition
• Communication needs with employees and customers
• Legal notification requirements
• The technologies that can help

Software Supply Chain Management with BOMtotal

BOMtotal is a free service that generates a bill of materials from any executable code.

Anyone who uses software has a right to know what's inside it. Just as you can examine any piece of food in a supermarket to see its ingredients, you should be able to know what's inside software that you use or might use.

Enabling anyone to generate a bill of materials (list of ingredients) for any piece of software results in a better world for all of us. Buyers gain visibility into software during their procurement cycles by requesting bills of materials from builders. Builders examine bills of materials for their own products to make sure they have no surprises. Ordinary people benefit because when builders and buyers effectively manage their software supply chains, the entire ecosystem becomes safer, more reliable, and more secure.

Security Analysis: Dating Apps Vulnerabilities & Risks to Enterprises

As more people utilize mobile dating applications to find companionship, the apps have become more attractive to potential attackers. This study explores mobile security vulnerabilities that were detected by IBM AppScan Mobile Analyzer on the Android platform, and provides helpful advice.

The State of Mobile Application Insecurity

The Ponemon institute recently interviewed Fortune 500 companies down to the mid-market to find "The State of Mobile Application Insecurity." Sponsored by IBM, the paper explores why security is being left behind or completely out of app development.

Five Steps to Achieve Risk-Based Application Security Management

Internally developed software applications support the most sensitive and strategically important business processes of most enterprises. Yet application security is one of the most neglected fields of cybersecurity.

Mobile Data Security: Finding the Balance

Bring Your Own Device has changed the rules for corporate security on smartphones and tablets. Companies need to find the right balance in securing devices and data without sacrificing the intuitive native experience that has made business move from typing to swiping.

Mobile Malware, The Hackers New Playground

Hacktavists have made the move to mobile. Malware, phishing and network attacks are now as likely to strike smartphones and tablets like any other system. Mobile Threat Management is now needed to stay ahead of new vectors of vicious intent.

Coverity Scan Open Source Report 2014

Managing software security and development risk in today’s evolving market is a difficult yet crucial requirement—one that many organizations are not effectively addressing, as evidenced by the latest headlines disclosing a series of data breaches of personal information.

The 2014 Coverity Scan Open Source Report details the changing landscape of open source and commercial software development, including how established development practices are slowly improving the state of software—and how they can be improved so that companies and individuals can write clean, effective software while minimizing the risk of becoming tomorrow’s headline.

Learn more about these changing dynamics within the open source community and discover how security and quality continue to improve.

IDC Paper: Attributes of SAN Storage Required for Business Critical Workloads

Organizations expect their IT departments to deliver a SAN storage infrastructure that can support faster rollout of applications and services, continuous and fast access to data in key applications, and efficient scale to address corporate data growth without comparable growth in IT expenses. This IDC white paper reviews the key SAN storage features required to meet such challenges and the NetApp SAN storage portfolio offerings that best address your needs.

ESG Brief: Enhancing Database Environments with NetApp Storage

Organizations of all kinds rely on their relational databases for both transaction processing and analytics, but many still have challenges in meeting their goals of high availability, security, and performance. Whether planning for a major upgrade of existing databases or considering a net new project, enterprise solution architects should realize that the storage capabilities will matter. NetApp’s systems, software, and services offer a number of advantages as a foundation for better operational results.

Office 365 Playbook: How to Ensure Security through Cloud Access Security Brokers

While Microsoft Office 365 includes some native security capabilities, things like protecting user passwords or how employees gain access to Office 365 are the customer’s responsibility. This playbook provides you with a practical guide for defining, developing, and executing an Office 365 security plan. It includes choosing and optimizing the appropriate solution to mitigate your Office 365 risk while also meeting all of your compliance obligations, be they regulatory requirements or best practice guidelines.

Behind The Syrian Conflict’s Digital Front Lines

Physical conflicts increasingly have a cyber element to them. This report highlights how Syrian opposition forces fell victim to a well-executed hacking operation targeting secret communications and plans.

FireEye researchers uncovered these stolen documents as part of our ongoing threat research. Between at least November 2013 and January 2014, the hackers stole a cache of critical documents and Skype conversations revealing the Syrian opposition’s strategy, tactical battle plans, supply needs, and troves of personal information and chat sessions belonging to the men fighting against Syrian President Bashar al-Assad’s forces. While we do not know who conducted this hacking operation, if this data was acquired by Assad’s forces or their allies it could confer a distinct battlefield advantage.

Download this report to learn more.

M-Trends® 2015: A View From the Front Lines

Mandiant’s annual threat report reveals key insights, statistics and case studies illustrating how the tools and tactics of advanced persistent threat (APT) actors have evolved over the last year. The report, compiled from hundreds of Mandiant incident response investigations in more than 30 industry sectors, also includes approaches that organizations can take to improve the way they detect, respond to, and contain advanced attacks.

Download the report to learn:

How attackers are staying hidden and maintaining a foothold in compromised systems
Which industries comprised the bulk of Mandiant engagements in 2014
Five key questions your investigation should answer
How the lines are blurring between nation-state attacks and cyber crime—and why it matters

Maginot Revisited: More Real-World Results from Real-World Tests

Attackers are bypassing conventional security deployments almost at will, breaching systems in a wide swath of industries and geographies. In this follow-up to our groundbreaking May 2014 report, “Cybersecurity’s Maginot Line: A Real-World Assessment of the Defense-in-Depth Model,” we examine new data gathered in the ensuing weeks. Like France’s famed Maginot Line—an impressive but ultimately futile defense line built in the run-up to World War II to stave off a German invasion—today’s defenses are failing.

Because FireEye sensors operate behind other security layers, we have unique vantage point from which to gauge other security tools. By design, any threat observed by FireEye in the study had passed through all other security defenses.

The new data validates our original findings and identifies several new trends. Across all industry segments, 96 percent of systems were breached on average. And 27 percent of those breaches involved advanced malware. Download the report to learn more.