Migrating from XP to 7 offers organizations a good moment to re-assess their security setup. But where to start?
After nearly 13 years, Tuesday 8 April is the day Windows XP reaches the end of the road as Microsoft pulls extended support. Anyone still running XP after that day will be on their own and left exposed to an inevitable wave of malware attacks lured by the pickings to be had from millions of PCs running an unpatched operating system. Continue reading
Imagine an OS without security updates, hotfixes or support – being stuck in a world of perpetual zero days in what would effectively be open season for cybercriminals. Come April 8th 2014, this is exactly what many organizations will be facing as Microsoft withdraws it’s free support for the hugely popular Windows XP operating system. Continue reading
2013 will be remembered as a somewhat turbulent year for cyber and data security. Amongst the numerous high profile data breaches, involving such companies as The New York Times, Adobe and Facebook, was of course Edward Snowden and the NSA scandal, which effectively changed the game in terms of the ‘insider threat’.
However, promising to be just as significant a year for security, we look at the top 5 challenges affecting organizations in 2014. Continue reading
Hackers have evolved since the days when you would receive an anonymous email with a suspicious attachment. Now cyber-criminals are using ever more sophisticated methods to circumvent system defences and actively pursue an organization’s single biggest weakness, the user. Continue reading
Edward Snowden’s data leakage at the NSA has certainly caused a ripple effect across the entire IT landscape, forcing organizations across all industries to take a closer look at their current security defenses. At the McAfee FOCUS conference in October this year, we conducted a survey to examine just how closely security professionals were rethinking their approaches to security as a result of the NSA incident. And just as important – if not more – was determining how many of those professionals were actually converting these attitudes to action. Continue reading
As the dust settles on the notorious IE zero-day exploit which was fixed in October’s Patch Tuesday, a fresh zero-day utilizing Tagged Image File Format (TIFF) files makes an appearance. Continue reading
To celebrate the 10th anniversary of Patch Tuesday this month, we take a quick look at how Microsoft’s update format changed the IT landscape. Continue reading
User Account Control was a great idea but it has taken privilege management to fulfill its potential
How did computer security get into such a troubled and confused state? It’s a question security professionals must ask themselves on a daily basis as they face demands that threaten to explode budgets while offering no guarantee that any of the expensively-assembled defenses will actually work.
The roots of the malaise go back to the early years of the millennium when enterprises and consumers using Windows 2000 and Windows XP were suddenly ambushed by waves of clever software attacks that warned the world that criminals had floored an evolutionary accelerator pedal. By the time XP and Windows received its first major security upgrade in the form of Service Pack 2 in 2004, it was becoming clear that security had entered an unsettling era that might take decades to play out. Continue reading
Plans to reduce admin numbers by 90% have probably been misunderstood
A year ago, few beyond the realms of computer security, politics and journalism had even heard of the US National Security Agency (NSA) let alone could explain what it did. Then the Edward Snowden affair happened and suddenly one of the world’s most secretive organizations overnight turned into one which has had its every action and statement pored over with huge fascination.
Even so, when NSA director General Keith Alexander turned up at the International Conference on Cybersecurity in New York on 8 August to speak at a roundtable discussion, he probably didn’t think he was going to say much that hadn’t already been said in recent weeks.
Then he mentioned plans to reduce the number of NSA IT system administrators by a dramatic-sounding 90 percent, and people’s ears pricked up. Edward Snowden was a system administrator, of course, one of around 1,000 employed by the Agency itself, or indirectly through consultancy firms. Was this a way of saying that sysadmins at the NSA had too much power and getting rid of them would reduce the risk of another embarrassing breach? Continue reading
Why privilege management must apply to everyone
Administrators, privileged network deities or just a type of ordinary network user much the same as anyone else? Years into an age where IT security has become a mainstream topic, this remains the sort of polarising question that can provoke one of two reactions; shock or relief.
Those in the ‘shock’ camp will probably have grown up used to the traditional divide in which there were only two types of network being; the queen bees at the centre of chaotic and uncertain network who needed absolute power and were called ‘network admins’. Everyone else was mortal and had to make do with a support number stating the hours of service. In too many organizations, the power of admins was not only seen as natural so much as necessary, a benign dictatorship of those ‘in the know’.
This model persists, especially in smaller organizations, but it is obsolete because, quite simply, it creates unquantifiable risk. For anyone who agrees with this analysis, the realization that admins are just a specialized type of user is more likely to elicit the second response…that of relief. Continue reading