Mobile threats: Don't ignore the hype

Ignoring mobile hype? Don't overlook growing mobile device threats
[Eric Parizo, Senior Site Editor]
eparizo@techtarget.com

Enterprise information security practitioners know better than to be seduced by over-hyped threats.

In the early days of 2011, mobile device attacks seem to be an emerging threat everybody wants to talk about. Cisco Systems Inc.'s 2010 Annual Security Report predicts attackers will increasingly target smartphones, tablets and other mobile devices that are making their way onto enterprise networks. Similarly, IBM predicts rising mobile threats because of the difficulty companies have extending their endpoint security management capabilities to mobile devices.

Many have long predicted a rise in mobile threats, and yet the attack landscape has changed only marginally. This is no doubt causing many to disregard the recent mobile security warnings. However, a word to the wise: Don't be fooled by what may seem to be another round of mobile threat hype, because there are key changes taking place this year that will make mobile device security a weakness to address.

Read the rest of the column here

This month's featured content:

Video: The ins and outs of endpoint integrity enforcement
From server-based endpoint security suites and directory-based group policy compliance checks, to appliances and network-based access controls, this video featuring expert Lisa Phifer explores the variety of endpoint integrity scan and remediation options available for today's increasingly diverse on-the-go population.

Career networking strategies: Alternatives to infosec certification
One of the most common questions that comes up after our presentations and in our Career Advice Tuesday question set is about the value of certifications and, specifically, which certifications are most likely to assist a security professional in getting a job. The answer that we give most often is some version of: "It depends on the job that you want to get."

Mozilla proposes Firefox Do Not Track feature to boost browser privacy
Mozilla is proposing a new feature that enables users of its Firefox browser to opt out of online behavioral advertising. 

Shaking things up in outsourcing, agility and innovation

Outsourcing solutions FAQ: Getting your outsourcing strategy right
[Linda Tucci, Senior News Writer]

Developing and sticking to an outsourcing strategy has been anything but simple in the past couple of years. Squeezed by the worst recession in decades, IT budgets dipped, and CIOs got busy renegotiating outsourcing contracts.

In 2009, when the U.S. economy was on the brink of collapse, 50% of 1,074 organizations surveyed by consultancy Gartner Inc. reported a sharp uptick in contract renegotiations. Then they hunkered down.

Learn more in the full story.


FEATURED TIP
Converged infrastructure can be the cure for complex IT environments
[Niel Nickolaisen, Contributor]

In today's environment, IT products and services need to be extremely flexible and adaptable. I have learned the hard way that if the IT department's systems and processes are complex, my agility suffers, and suffers badly.

And if my agility suffers, IT becomes a bottleneck to my organization.

With my "complex IT is the enemy of agility" mantra in mind, the concept of a converged infrastructure is extremely compelling. A well-designed infrastructure based on a set of common, already integrated and optimized components can simplify IT dramatically.

> READ THE COMPLETE TIP

Cloud over offshore outsourcingCloud over offshore outsourcing

Offshore outsourcing: China runs the sun, will it rule the cloud too?

Gartner came out with its annual list of the top 30 countries for offshore outsourcing. Despite my complicated relationship with lists (totally sucked in and deeply skeptical), I've found the Gartner lineup an interesting window into the global economy over the years. Vietnam, a "best-kept secret" just a few years ago, for example, is now a player, attractive for its English language skills and cultural affinity to the United States. READ THE ENTIRE BLOG POST  Converged infrastructures promise to simplify private clouds What are private clouds? A. Virtualized environments. B. On-demand metered services. C. Converged infrastructures. D. All of the above.

How to choose a UTM vendor: Must-have features and functions‏

UTM appliances: How to choose among UTM vendors
 Anand Sastry, Contributor

A SearchSecurity.com reader recently asked network security expert Anand Sastry: "We're in talks with vendors about purchasing a UTM device, and are having trouble winnowing down the field. How many products would you recommend actually testing on our networks, and what's the best way to decide which ones to test?"

Anand's response: One thing to keep in mind when deciding among unified threat management vendors is your existing network platform. This can not only make integration and migration a bit easier, but there may also be cost benefits to expanding a deal with an existing vendor.
UTM appliances in the enterprise: Are they enough?


UTM appliances are in high demand at small and midsize companies looking to secure their networks. But how do UTM appliances fit into a defense-in-depth strategy in the enterprise? In this tip, Michael Cobb weighs the pros and cons of using UTM devices in enterprise networks.
The case against UTM: Is there a better alternative? Read more

Sign up for more e-newsletters from SearchSecurity.com


Search Security.com offers many timely and informative newsletters. Sign up today for our newsletters on current threats, with advice on everything from finding and addressing SQL injection and cross-site scripting flaws to data breach response and business continuity planning.

IBM predicts cyberattacks targeting critical infrastructure in 2011‏

 IBM predicts critical infrastructure attacks in 2011
 Robert Westervelt, News Director

Big Blue anticipates organizations struggling to manage smartphone security and predicts that critical infrastructure will be among the top targets of cybercriminals in 2011.

 Google Android Trojan surfaces in China
Security Bytes blog
The newly discovered Geinimi Trojan infects users of Android smartphones by embedding itself in mobile applications downloaded from third-party services.
Android enterprise security: Mobile phone data protection advice


Cybersecurity 2010: Looking back and lessons learned - Part 2
Security Squad podcast
The editorial team continues its discussion on some of the top IT security news stories of 2010 such as Microsoft's legal action against Waledac botnet, the McAfee DAT File issue and more.
Cybersecurity 2010: Looking back and lessons learned - Part 1

Stop Web Attacks

Follow these free how-to tips and improve your security capabilities:
Performing a security risk analysis to assess acceptable level of risk
 Email, website and IP spoofing: How to prevent a spoofing attack
How to detect rogue DHCP servers, routers and NICs on a network
 Fake antivirus pop-up scams: Forming a security awareness training plan
How to detect and prevent keylogger attack

Dell to acquire SecureWorks for managed security services‏

 Dell to acquire SecureWorks for managed security services
 Robert Westervelt, News Director

Dell said the "strategic investment" helps it offer managed security services including network intrusion prevention and detection capabilities to midsize businesses.
Researcher uncovers browser vulnerabilities with cross_fuzz
Security researcher Michal Zalewski said his new cross_fuzz tool has helped identify about 100 bugs in prominent browsers that include Internet Explorer, Firefox and Opera.
Learn how to use fuzzing for internal application security testing


Organizations develop 12 IT security principles
SearchSecurity.co.UK
ISF, (ISC)² and ISACA have worked together to create 12 principles intended to help business and security teams understand and aid each other.
IT security policy management: Effective polices to mitigate threats

Top Mobile technology and management White Papers

New White Papers and Webcasts January 07, 2011

New white papers, case studies, webcasts and product information on the topics you are interested in.


The CIO's Guide to Fixed Mobile Convergence
by BlackBerry
Organizations seeking solutions that provide high-performance access while addressing security needs can leverage fixed mobile convergence (FMC) systems to enhance communication. This document explores why your organization should implement an FMC solution, the benefits of FMC and considerations for methods of implementation.

Presentation Transcript: Path to a Secure Application
by IBM
This presentation transcript of the webcast “Path to a Secure Application” explains how automatic vulnerability scanning tools can greatly improve the speed and accuracy of code review, and integrate seamlessly into the development life cycle.

Diskeeper Trialware for Networks
by Diskeeper Corporation
Trying to eliminating fragmentation across a network can actually add to expenses and lower performance if done wrong. Diskeeper prevents/ eliminates fragmentation automatically while lowering operating costs.

Don’t Fire Your Firewall
by AT&T Corp
Listen to this webcast to learn how AT&T Security Device Management (SDM) can help you control complexity, cost and compliance by monitoring your on-premise security hardware and software.

The Value of Performance Metrics in Managing IT Service
by CA Technologies.
Read this paper to learn how CA Technologies is helping IT manage changing environments and assure service levels across the enterprise.

---