Data Protection — Opinions

Taking down the worlds largest botnets

Botnets are controlled by sophisticated cybercriminals. Grum, the world's third-largest botnet, included a network of hundreds of thousands of infected computers perpetrating cybercrime and online fraud, impacting consumers and organizations worldwide. Hear directly from a FireEye malware expert who led the effort to take down Grum, including: • Distinct strategies for botnet takedowns • Evolution of Grum • Role of the research community in finding Grum master CnC servers • A blow-by-blow account of how the criminals tried to salvage Grum and what's next Learn how botnets operate and how research and technology from FireEye played a key role in dismantling four of the world's largest botnets since 2008, including Grum, Rustock, Ozdok/Mega-D, and Srizbi.

CSO staff | 30 Aug | Read more

Winning in the modern threat landscape

There are three major attack vectors which must remain secure. Insider threats are related to users who interact with data. Opportunistic attacks deal with understanding the threat scape and global threat intelligence. Targeted attacks are related to internal intelligence; for example, where are my critical assets? What are they vulnerable to? Where are my counter measures? With a strong security connected framework we can begin to address all of these with one centralized security solution that is capable of looking at everything from endpoint, network, to data security. This webcast proposes best practices for: • Understanding and protect against insider, opportunistic and targeted attacks • Integrating the threatscape with one security solution that incorporates all types of attacks • Bringing together endpoint, network and data security into one unified control

CSO staff | 30 Aug | Read more

Part 1:The business drivers and technology basics of two-factor or multi-factor authentication

The Prime Minister’s Department invited submissions to “Cyber Security White Paper” late in 2011. This is Brass Razoo’s submission that prosecuted the case for Australia to adopt a federated multi-factor authentication that could be deployed nationally. By extending existing identification systems administered by Government and Financial Service providers, the nation could build an identification and security system that would be the envy of the world.

Mike Ryan | 07 May | Read more

Cloud governance – manage the cloud challenge

The word governance derives from the Greek verb κυβερνάω [kubernáo], which means to steer, and was used for the first time in a metaphorical sense by Plato (according to Wikipedia). Wikipedia further expands on the term, rightly calling it “the act of governing”. Governance relates to decisions that define expectations, grant power, or verify performance.

Puneet Kukreja | 30 Apr | Read more

Security complexity threatens enterprises

Information security is one of the biggest challenges facing enterprises this year. Being hacked by criminals is becoming depressingly familiar for a many businesses. A roll call of prominent brands has succumbed to what is an unprecedented number of attacks.

Gordon Makryllos | 30 Apr | Read more

Security complexity threatens enterprises

Information security is one of the biggest challenges facing enterprises this year. Being hacked by criminals is becoming depressingly familiar for a many businesses. A roll call of prominent brands has succumbed to what is an unprecedented number of attacks. Increasing threats, regulations and complexity have catapulted network security up the corporate agenda. Considering billions are being spent on cyber security each year, why are businesses continuing to fall victim to cyber attacks?

Gordon Makryllos | 23 Apr | Read more

Addressing the security risks of BYO device

The head of security hastily leaves the meeting without excusing herself. Her body language indicates that it is an important call. As she walks back in, all eyes in the room subliminally pose the same question. Without further prompting, the head of security says: “The CEO wants to know why she can’t watch a YouTube video on her iPad. It’s against policy, but we have to make it happen. While we’re at it, she also wants to be able to access her email and calendar on her iPhone”. This actually happened at a large financial institution.

Ian Yip | 29 Mar | Read more

Embracing the Cloud – A Decision Framework

With major restrictions and inherent limitations in most IT environments, it’s become an attractive option for businesses. Concerns such as spending restrictions; immature capacity management; uncertain demand forecasting; duplication of capability; slow delivery of infrastructure and slow business application delivery all lead businesses to look wistfully at cloud computing.

Puneet Kukreja | 19 Mar | Read more

To Cloud or Not To Cloud

In today’s uncertain times, cost-savings are a primary focus for executives. Cloud services do seem to offer a silver bullet solution when it comes to infrastructure and ancillary IT services.

Puneet Kukreja | 14 Feb | Read more

Opinion: Fighting the botnet threat



ISPs in Australia have for some time been notifying users about the likelihood that their computers have been compromised by malware. Now under the icode, the system has been formalised. Education and remediation tools are being made available to suspected victims.

Peter Coroneos | 22 Jul | Read more

Opinion: Cyber-Security – Stay Smart Online

Australians are increasingly relying on the internet in their everyday lives, from banking and shopping, through to using emails, social networking and blogs to keep in touch with family and friends. They are using a range of devices such as smart phones, tablets, computer game consoles and other devices to go online.

Sabeena Oberoi | 15 Jul | Read more

Opinion: The Wild List

The WildList is a compilation of sample viruses that have been submitted by security professionals from around the world. It is published each month to a select group of subscribers. Contributors can be any security professional, but the sample must be submitted by at least two respected sources before it will be included in the list.

Ian Hyndman | 13 Jul | Read more

Opinions: Even More Reason to Get Protection

Most modern day cyber attacks tend to target organisations and governments with the explicit purpose of stealing information and causing disruption. As a consequence, governments have had to reassess their stance on cyber crime, and many are attempting to tackle the problem directly.

Ian Hyndman | 11 Jul | Read more

Opinions: The sorry state of application security

Application security is currently one of the major battlegrounds in information security. Compromised web applications are ransacked for credit card numbers, personally identifiable information and is a major vector for spreading crimeware enabling criminals to defraud our banking institutions

Matthew Hackling | 11 Jul | Read more

Social media - part 3

We like our risk management, don’t we? It allows us to identify risks, and take action to mitigate them. Risk Management can and should be applied to social media usage. It makes good sense to manage the risk by having a very clear social media policy.

Breed Lewis | 12 Mar | Read more