SlashdotMedia AdOps Asset Management

Mobile Application Security Report 2016

HPE’s first mobile application security study was published in the fall of 2013. At that time we analyzed 2,000 applications and found that 97% of them accessed at least one private information source. Now, over two years later, and after testing over 36,000 applications, the situation has not improved; 96.52% of applications were flagged in at least one of the 10 core privacy checks.

Secure Stateless Tokenization: Data Protection and PCI Scope Reduction for Today’s Businesses

Cyber criminals have proved adept at thwarting existing IT defenses and exploiting weak links in the payments ecosystem. Merchants, service providers, and enterprises thus face severe and ongoing challenges securing card data from capture through the transaction lifecycle. Organizations are also under pressure to achieve scope and cost reduction goals in meeting compliance mandates such as the Payment Card Industry Data Security Standard (PCI DSS). Tokenization – replacing card numbers with tokens – is one method of data protection and audit scope reduction recommended by the PCI DSS Security Standards Council. Reducing audit scope using tokenization can both accelerate initial compliance efforts and reduce costs for future audits.

Data-Centric Protection: Enabling Business Agility While Protecting Data Assets

Corporate, government and other enterprises are under relentless attack by cyber criminals determined to steal business-critical data and confidential customer and third-party information. Whether for the purpose of identity theft, corporate espionage or other malicious ends, hordes of hackers running the gamut from organized crime groups to sovereign government organizations are working around the clock, around the globe to penetrate data stores in virtually every industry sector.

Year after year, organizations have struggled to thwart these criminals and the existential risks they pose to business enterprises. Yet, vulnerabilities continue to abound and the associated attacks are more pervasive, more sophisticated and more damaging than ever. And, that damage can affect an organization’s reputation, bottom line, and impact business success for years.

Market Focus – The Curious Case of Security Analytics

The challenge of overcoming known and unknown networks attacks is taking its toll on security professionals, vexing even the most experienced CISOs today, according to research sponsored by HPE. Essential security analytics seems to be missing from the equation.

SANS Threat Hunting: Open Season on the Adversary

Learn how threat hunting can help your enterprise security team aggressively track and eliminate cyber adversaries from your network as early as possible.
To build a mature threat-hunting program your organization needs to adopt the following goals:
- To provide early and accurate detection.
- To control and reduce impact and damage with faster response.
- To improve defenses to make successful attacks increasingly difficult.
- To gain better visibility into the organization’s weaknesses.

This report provides you with real-life results, advice and best practices for threat hunting processes.

2016 State of Security Operations

Hacker attacks are increasing, and the cost to businesses is growing. Experts tell us it's not if you'll be breached, it's when. So the effectiveness of your security operations determines how much damage you'll suffer. Since 2008, Hewett Packard Enterprise Security has performed 154 assessments of the maturity of security operations in 114 security operations centers (SOCs).

The 2016 report is both disturbing and encouraging. There has been a year-to-year decline in overall security operation maturity. But there is also encouraging news—many SOCs are adopting innovative techniques that leverage the power of data and analytics to stay ahead of the threat. Read the report to learn the findings and understand the trends in security operations.

Cyber Security Best Practices

Discover how enterprise security best practices can help you avoid suffering financial losses, damage to your brand, and damage to customer relationships caused by undetected or detected too late cyber attacks.

On average, advanced attacks now persist in the network seven months before they are detected. The time to resolve those attacks once detected has increased by 221 percent to 45 days.

This paper shows you how you can tap into the best threat intelligence solutions and what new ideas you can use in your organization to find the needle in the haystack that indicates hackers are at work.

Behind the Mask: The Changing Face of Hacking

Headlines featuring large-scale cyber breaches at Target, Home Depot, Sony Pictures, and others have taught us one thing—no one is safe. But who are the hackers who are able to pull off such huge attacks against sophisticated targets, including the U.S. Government? And how do they do it?

This new report will help you learn more about hackers and how they work, which can help you better plan and deploy your own defenses. Read it to understand:

The attack methods hackers use
Why simple approaches like phishing still work
How HPE Security Research provides actionable security intelligence that can help make your organization safer

Companies cautiously optimistic about cybersecurity

Optimism is good. But being overconfident about your ability to counter cyber attacks is dangerous. And that's what many security professionals are doing according to new research by SC Magazine. Eighty percent of survey respondents believe the chances of being breached are 50-50 or less. But the Ponemon Institute 2015 Cost of Cyber Crime Study finds the average company actually experiences 1.9 successful cyber attacks per week.

The disconnect seems to spring from respondents' confidence that they can block known attacks coupled with concern about new and unknown hacker threats. Read this report to learn:

Respondents' highest cyber defense priorities
How they view their ability to respond to breaches
The five top action items for security pros

Poucos estão totalmente preparados para riscos de segurança em softwares

Hackers invadem organizações e roubam informações por meio de vulnerabilidades em aplicativos. Mesmo assim, menos de metade das organizações de TI confiam na segurança dos softwares que utilizam nos negócios. E somente 11% dizem que sabem com certeza quais aplicativos apresentam riscos. Essas são algumas das descobertas de uma pesquisa da Gatepoint sobre SSA (Garantia de segurança de software) descrita neste artigo técnico.

Leia o artigo técnico para saber mais:

Quantos entrevistados têm programas completos de SSA implementados
Como SSA funciona
Quanto SSA reduziu o tempo de remediação de problemas

Pocos están bien preparados para los riesgos de seguridad de software

Los hackers penetran las organizaciones y roban información a través de las vulnerabilidades de las aplicaciones de software. Sin embargo, menos de la mitad de las organizaciones de TI confían en la seguridad del software que hace funcionar su negocio. Y solo el 11 por ciento dice que sabe con certeza cuáles son las aplicaciones que están en riesgo. Estos son resultados de una encuesta de Gatepoint sobre garantía de seguridad de software (SSA) que se destacan en este artículo.

Lea el artículo para aprender:

Cuántos encuestados tienen programas de SSA completos vigentes
Cómo funciona la SSA
Cómo la SSA ha reducido el tiempo de corrección

Como se proteger melhor contra uma violação de segurança

Especialistas em segurança cibernética alertam cada vez mais para o fato de que defesas de perímetro, como firewalls, não são suficientes para impedir ataques cibernéticos. Como resultado, segundo esse estudo da IDG, 70% das empresas adquiriram sistemas de SIEM (Gerenciamento de informações e eventos de segurança) para coletar e analisar dados de logs.

Mas a maioria das organizações ainda está mais focada na conformidade que na segurança, e apenas 20% usam o SIEM de maneira avançada ou personalizada. Leia o estudo para saber:

Por que apenas metade confia em seus recursos defensivos
O que as empresas procuram em soluções de SIEM
Como o Ponemon Institute diz que as empresas poderiam estar economizando US$ 5,3 milhões por ano em perdas com crimes cibernéticos

Cómo mejorar la protección contra una falla de seguridad

Los expertos en seguridad informática advierten cada vez más que las defensas perimetrales, como los firewalls, no son suficientes para detener los ataques cibernéticos. Como resultado, según este estudio de IDG, el 70 por ciento de las empresas adquirieron sistemas de información de seguridad y gestión de eventos (security information and event management, SIEM) para recopilar y analizar datos de registro.

Sin embargo, la mayoría de las organizaciones todavía se centra en el cumplimiento en lugar de hacerlo en la seguridad, y solo el 20 por ciento usa SIEM de manera avanzada o personalizada. Lea el estudio para obtener información sobre lo siguiente:

Por qué apenas la mitad tiene confianza en sus capacidades de defensa
Qué buscan las empresas en las soluciones de SIEM
De qué manera Ponemon Institute considera que las empresas pueden ahorrar $5,3 millones anualmente en pérdidas por delitos cibernéticos

Estudio del costo de los delitos cibernéticos 2015: global

Descubra los resultados más sobresalientes de este estudio de seguridad e inteligencia empresarial y conozca qué puede hacer para proteger su organización.

Existe una importante variación en los costos totales de los delitos cibernéticos entre las compañías participantes. La muestra de Estados Unidos presenta el mayor costo total promedio, con USD$15 mill, mientras que Rusia presenta el menor costo total promedio, con USD$2.4 mill. Es interesante, además, observar que Alemania, Japón, Australia y Rusia experimentaron una leve disminución en el costo de los delitos cibernéticos respecto del año pasado. Expresado en porcentaje, el cambio neto entre el ejercicio fiscal 2015 y el ejercicio fiscal 2014 es del 1,9 %.

Estudo do Custo de Crimes Cibernéticos de 2015: Brasil

Descubra como soluções de segurança empresarial te ajudar a administrar os principais sistemas e atividades do processo de negócios que geram uma série de despesas associadas à resposta da empresa a crimes cibernéticos.

A estrutura de custos dos crimes cibernéticos inclui:

Os custos relacionados ao combate do crime cibernético (centros de atividades de custos internos): detecção, investigação e encaminhamento, contenção, recuperação e resposta ex post.
Os custos relacionados às consequências do ataque cibernético (consequências e custos externos): perda ou roubo de informações, interrupções dos negócios, danos a equipamentos e perda de receita.