Monday, November 18, 2024
Latest:

Security

Networkworld 

IBM service aims to secure multicloud operations

TH Author ,

IBM is launching a new service to help customers manage their data encryption keys in a hybrid cloud environment. Unified Key Orchestrator lets customers integrate all security key-management systems into one managed service that’s backed by Big Blue’s Hardware Security Module. HSM is IBM’s system that protects against physical or logical attacks and has special hardware to perform cryptographic operations and protect keys.Gartner: IT skills shortage hobbles cloud, edge, automation growth
Available from IBM Cloud, Unified Key Orchestrator lets customers maintain visibility and control over who has access to their critical data, while running workloads across hybrid or multicloud cloud environments. In addition, with a single, secure, cloud-based  view of an organization’s crypto keys, enterprises can create and revoke keys for their data across multiple clouds. At the same time, companies no longer need to rely on security experts with specialized knowledge of each individual cloud to handle security operations, according to IBM.To read this article in full, please click here READ MORE HERE…

Read more
Networkworld 

What is NAC and why is it important for network security?

TH Author , , , ,

Network Access Control (NAC) is a cybersecurity technique that prevents unauthorized users and devices from entering private networks and accessing sensitive resources. Also known as Network Admission Control, NAC first gained a foothold in the enterprise in the mid-to-late 2000s as a way to manage endpoints through basic scan-and-block techniques.As knowledge workers became increasingly mobile, and as BYOD initiatives spread across organizations, NAC solutions evolved to not only authenticate users, but also to manage endpoints and enforce policies.How NAC works
NAC tools detect all devices on the network and provide visibility into those devices. NAC software prevents unauthorized users from entering the network and enforces policies on endpoints to ensure devices comply with network security policies. NAC solutions will, for instance, make sure that the endpoint has up-to-date antivirus and anti-malware protections.To read this article in full, please click here READ MORE HERE…

Read more
Networkworld 

Gartner: SSE is SASE minus the SD-WAN

TH Author , ,

SASE adoption has been skyrocketing since the start of the pandemic. Secure access service edge, a term Gartner coined in 2019, combines security and networking in a single, scalable, cloud-based platform that fits well in a world in which employees work from home and mostly access cloud-based apps and services.Now Gartner is pushing a new acronym. Turns out, companies might prefer to get their SASE without the “A” — just security service edge, or SSE. Gartner this month published a Magic Quadrant for SSE (something the company never did for SASE); it’s available from vendors listed in the report (here and here, for example).To read this article in full, please click here READ MORE HERE…

Read more
Networkworld 

Cisco IDs top 2022 security threats and what to do about them

TH Author , ,

2022 will be another busy year for enterprise incident responders as ransomware, supply chain and myriad zero-day attacks will continue to rise, according to Cisco’s Talos security experts.To help address the threats, the Cisco Talos team used a blog and online presentation to detail steps enterprises can take to defend themselves against the growing field of bad actors and also to point out lessons learned from recent damaging exploits such as the Log4j vulnerability and Microsoft Exchange server zero-day threats.Once, zero-day attacks were typically launched by state actors against service providers, but those days are gone, wrote Nick Biasini head of outreach at Cisco Talos in a blog about the security landscape in 2022. Now new, less experienced combatants seek out a broader range of targets, using less surgical attacks. “This has led to more risky behavior than we’ve seen historically, without as much regard for collateral damage,” he wrote.To read this article in full, please click here READ MORE HERE…

Read more
Networkworld 

5 best practices for making smart-building LANs more secure

TH Author , ,

Power, they say, corrupts, and absolute power corrupts absolutely. While that was said about politics, it sure seems like it was tailor-made for smart buildings.Facility-control technology is exploding because the concept is useful and often saves money. Unfortunately, smart devices have also proven to be an on-ramp for major intrusions. Smart buildings are surely absolutely powerful in a way; are they absolutely corruptible? Maybe, if we’re not very careful.[Get regularly scheduled insights by signing up for Network World newsletters.]
If corruption means overall bad-ness, then hacking a smart building surely qualifies. It could let intruders mess with lights, heating and air conditioning, and maybe other critical systems, too. We also know from news stories that a hacker could use a successful smart building intrusion to sneak into other business applications, potentially compromising them and  critical company information. It’s important to address these risks, and that means starting with how they arise.To read this article in full, please click here READ MORE HERE…

Read more
Networkworld 

Log4j hearing: ‘Open source is not the problem’

TH Author ,

The high-tech community is still trying to figure out the long-term impact of the serious vulnerability found late last year in the open-source Apache Log4j software, and so is the US Senate.“Open source is not the problem,” stated Dr. Trey Herr, director of the Cyber Statecraft Initiative with Atlantic Council think tank during a US Senate Committee on Homeland Security & Government Affairs hearing this week. “Software supply-chain security issues have bedeviled the cyber-policy community for years.”Experts have been predicting a long-term struggle to remedy the Log4j flaw and its impact. Security researchers at Cisco Talos for example stated that Log4j will be widely exploited moving forward, and users should patch affected products and implement mitigation solutions as soon as possible.To read this article in full, please click here READ MORE HERE…

Read more
Networkworld 

Major security vulnerability found in top servers

TH Author , ,

Security firm Binarly has discovered more than 20 vulnerabilities hiding in BIOS/UEFI software from a wide range of system vendors, including Intel, Microsoft, Lenovo, Dell, Fujitsu, HP, HPE, Siemens, and Bull Atos.Binarly found the issues were associated with the use of InsydeH20, a framework code used to build motherboard unified extensible firmware interfaces (UEFI), the interface between a computer’s operating system and firmware.[Get regularly scheduled insights by signing up for Network World newsletters.]
All of the aforementioned vendors used Insyde’s firmware SDK for motherboard development. It is expected that similar types of vulnerabilities exist in other in-house and third-party BIOS-vendor products as well.To read this article in full, please click here READ MORE HERE…

Read more