Recently, I had the good fortune to be invited to present the keynote speech at the 2014 Les Assises Security Conference held in the beautiful city state of Monaco. Les Assises is the largest information-security gathering in France and year-in and year-out it proves to be not only a huge information sharing opportunity, but also a time of self-reflection and strategy affirmation for the thousands of security executives that attend.read more
Last week, I was invited to speak at the 16th annual AT&T Cyber Security Conference in NYC where over the span of two days, speakers kept the audience immersed with engaging topics. Surrounded by security executives, I learned that we all share similar concerns. There were resounding messages that resonated with me that I’d like to share as my key takeaways from the event.read more
Denial of Service (DoS) has reigned as the most headline-grabbing network attack over the past three years. However, the truth is that attacks come in all different flavors ranging from Distributed DoS (DDoS) to low-volume application-layer attacks that target user credentials, financial information, trade secrets, or abuse of services to commit fraud. At the application layer we most often think of HTTP, however, there are almost an immeasurable number of Layer 7 applications available for exploit.read more
David Monahan is Research Director for Enterprise Management Associates (EMA) and is a featured guest blogger.
DDoS attacks have become commonplace these days. The offending attackers may be hacktivists, cyber-criminals, and nation states or just about anyone else with an Internet grudge and a PayPal or Bitcoin account. These attacks themselves often require no technical skill. Someone with a bone to pick can simply purchase the use of any number of nodes on one or more botnets for an hourly fee (long term rate discounts available); use a Graphical User Interface (GUI) to organize the attack and then launch it.read more
As companies accelerate their adoption of cloud technologies – like infrastructure as a service (IaaS) or software as a service (SaaS) – the need for solutions that provide secure access and reliable operations in the cloud increase in importance. Since your data will now reside in several different facilities, with different providers or partners, you now have a new “security perimeter” to monitor and defend. As such, the need to closely evaluate how cloud-based data is protected should be part of the overall security strategy. A top area of concern is defending applications from distributed-denial-of-service (DDoS) attacks.read more