Security Exposed

Norman’s Security Exposed Blog offers information about general security topics. This blog provides insight into security issues in a way that does not require the readers to have extensive technical knowledge. The Security Exposed Blog’s contributors are experts from different parts of Norman’s organization.

Latest Posts in Security Exposed

Make Your Defense-in-Depth Strategy a Differentiator

April 3, 2012 by Darin Andersen - No Comments

Widespread coverage appeared starting last Friday that Global Payments, one of the many firms that handles credit card payment processing for the likes of Visa and MasterCard, suffered a security breach in late-January through late-February. More seriously, the breach exposed Track 1 and Track 2 credit card information, meaning names, … Read More

Tags: Credit Card, Economics, security strategy, Vulnerabilities

Hat’s Off to Another Successful Black Hat Europe

March 29, 2012 by Darin Andersen - No Comments

Black Hat Europe didn’t disappoint this year, with many high-quality sessions in a venue somewhat smaller than the U.S. counterpart. As with RSA a couple of weeks ago, SCADA protection seems to be at top of mind with many speakers and participants. Many were also discussing Stuxnet, and increasing attacks … Read More

Tags: Conferences, New Trends, security strategy

Patch Tuesday Problems – When 30 Days Was In Fact 2

March 23, 2012 by Audun Lødemel - No Comments

We recently wrote about Microsoft’s March Patch Tuesday. This month, the company’s monthly patch cycle was relatively mild, addressing six issues in total, but only a single critical vulnerability – a flaw that allowed an attacker to execute any code they desired remotely without authentication. According to the security bulletin, … Read More

Tags: enterprise security, Patch Tuesday, Vulnerabilities, Vulnerabilities / Exploits

Changes in Data Protection Privacy Laws May Raise the Stakes on Data Breaches

March 23, 2012 by Audun Lødemel - No Comments

Technology advances in storage and computing models (e.g. cloud) have made it possible for modern companies to save massive amounts of data about their customers and partners. These increasingly large stores of information can provide insights that improve marketing efforts, help refine product offerings or even enable completely new service/product … Read More

Tags: application and device control, enterprise security, network protection, patch and remediation

Patch Tuesday Targets Critical Windows Bug

March 14, 2012 by Audun Lødemel - 1 Comment

Yesterday it was time for Microsoft’s monthly ritual, Patch Tuesday, when Microsoft released a regularly scheduled batch of security fixes. This month’s list of fixes is unusually mild –six bulletins that fix six vulnerabilities and Microsoft only classifies one as critical. Although March’s Patch Tuesday is light, the addition of … Read More

Tags: enterprise security, Patch Tuesday

The Energy Level Was High at RSA

March 13, 2012 by Darin Andersen - No Comments

I would like to touch on the RSA Conference while it is still fresh in everyone’s mind. It was clear to me right away the show has regained its swagger after a few lean years. The louder buzz was clear even as I was walking the floor before the show … Read More

Tags: Conferences, New Trends, RSA

Winning the Battle Against Advanced Persistent Threats

March 1, 2012 by Audun Lødemel - No Comments

Advanced persistent threats (APTs), non-traditional attacks designed to remain undetected for long periods, have been making headlines for the last couple of years due to high profile attacks against companies like RSA, Google, Sony and even nations. Despite the frequent discussion, there is still some disagreement on the precise definition … Read More

Tags: APT, enterprise security

Information is Power

February 24, 2012 by Audun Lødemel - No Comments

You may have heard the saying, “Information is power.” This is especially true when it comes to securing your network. When your network is breached, the attacker has information about your network that you do not. The attacker is aware of some vulnerability or flaw that allows them to gain … Read More

Tags: enterprise security

SCADA Environments Lack Sufficient Information Security

February 22, 2012 by Audun Lødemel - 1 Comment

The technicians at a local chemical manufacturing plant have discovered that a virus has disabled their temperature monitoring controls. Although they are unsure of when the virus compromised the systems, they do know several vats are overheating. Alarms are signaling that an immediate evacuation is required. The warning isn’t limited … Read More

Tags: enterprise security, network protection, network security, SCADA

How To Manage Security Threats Related To Employee Behavior

February 22, 2012 by Audun Lødemel - No Comments

Humans, sometimes referred to as wetware by security insiders, are a major source of enterprise security vulnerabilities. Cyber criminals regularly target employees and temporary workers with malware and social engineering attacks to breach security defenses and gain access to private information. You might assume that as technology savvy twenty-somethings fill … Read More

Tags: enterprise security

← Older Posts

Newer Posts →

Security Exposed Bloggers

Norman Blog Archive

2012 (82)
2011 (86)
2010 (47)
2009 (31)
2008 (11)

Subscribe