cloud

What's in the future for FedRAMP?

The program could move to cover high security requirements or standardize service-level agreements for agencies and providers.

supply chain

What you don't know about the IT supply chain can hurt you

NIST gives supply-chain security its own publication, offering guidelines for incorporating it into an agency's overall risk management program.

Aegis

A portable drive with rock-solid security

Apricorn's software-free Aegis Padlock Fortress keeps all data encrypted and protected from tampering.

Cyber tools sniffs malware on network traffic

New cyber tool learns network behavior to sniff out malware

Researchers from Georgia Tech demonstrate a prototype tool, ExecScent, that learns a network's normal traffic patterns to spot the command and control traffic from infected hosts. In live tests it identified dozens of new C&C domains and discovered hundreds of infected computers.

Email leaking out of briefcase

Secure email services went dark because email is 'broken'

Silent Circle's decision to shut down its encrypted email service is the latest in a number of responses to the NSA's surveillance of sensitive communications.

IPv6 router in the crosshairs

Easy-to-use attack exploits IPv6 traffic on IPv4 networks

Setting up a rogue IPv6 router on an IPv4 network gives attackers access to the host's Internet traffic, one more reason to enable IPv6 rather than waiting for an attacker to do it for you.

privguard

Privilege Guard watches those who watch over the network

The product extends privilege management to admins, giving them enough control to do their jobs but restricting them to authorized tasks.

cracked phone

Phun with Phones: 3 ways to phreak Android, iOS

The convergence of computing and mobile telephony has made smartphones the new frontier of cybersecurity, with a host of new vulnerability research presented at this year’s Black Hat Briefings.

comfoo

Reverse engineering reveals inner workings of Comfoo Trojan

Researchers at Dell SecureWorks were able to monitor the command and control system of the persistent RAT, which was used in the 2010 RSA breach that also compromised DOD contractors and is still in wide use.

Ants on a jar of honey

Industrial control 'honeypots' show systems are under attack

Recent research by Trend Micro shows ICS networks are frequently attacked -- and not by accident.

Savannah

Energy lab's wireless system secure enough for classified data

The Savannah River National Lab’s prototype hardware, designed in collaboration with NSA, uses Suite B cryptography for a system that could be adapted for other uses.

Gen. Keith Alexander

NSA's Alexander to Black Hats: Trust us, we need you

Gen. Keith Alexander traveled to the "technical center of gravity" instead of appearing before Congress to plead his case that surveillance programs are targeted, limited and under control.

Topic Resources

  • Advanced Threats and Big Data: The New Cybersecurity Landscape

    So often in our organizations, information silos keep us from sharing data and communicating the right information at the right time to stop advanced threats. Hear why a big data solution is an important part of a defense against advanced threats and ideas about what data sources are required across the organization for this analysis to combat these attacks.

  • The STAND: Cybersecurity

    Advanced persistent threats. Zero-day attacks. Insider threats. Cybersecurity experts say that if IT leaders are not concerned about the ongoing evolution of the cyber landscape, it just means they are not paying enough attention. The problem is that these and other emerging cyber tactics are designed to evade traditional cyber defenses and escape detection until it’s too late. The good news is it’s not a lost cause. In this special report, two subject matter experts discuss cybersecurity technologies and strategies that can help agencies defend their systems and data against the latest cyber threats, today and into the future.

  • Establishing a Logical Perimeter: The Evolution of Network Security

    This whitepaper highlights the challenges you face when users are off network, and strategies to address the compliance and protection issues posed by remote network users.

  • Zero Trust Approach to Network Security

    The continued, high frequency of successful cyberattacks against today’s enterprises has made it abundantly clear that traditional, perimeter-centric security strategies are no longer effective. Read this whitepaper to learn about the effectiveness of a Zero Trust security model in addressing the shortcomings of failing perimeter-centric strategies.

  • Stalking the Kill Chain

    Gain insight into the effects of the changing information security threat landscape. Learn RSA’s approach to identifying strategies and techniques to establish a good defense, the “kill chain” concept and how to detect and respond, and how to level the adversarial playing field