ADS BY GOOGLE
From the Blogosphere

Exposing a virtualization weakness for data theft, Snapshotting your data, and the internal threat, are new cloud risks that didn’t exist when the data was stored between the four walls of your datacenter. Data encryption is a critical first step for any organization considering the ...
Since the European ITSEC and US TCSEC product security evaluation mechanisms were merged into the Common Criteria in around 1998, lots of vendors’ product literature has sported EAL numbers regarding how well-tested their products are. What isn’t typically seen in such documents, thoug...
This is the second post of a two-part blog post that discusses HTML5 WebSocket and security. The first post, HTML5 WebSocket Security is Strong, talked about the security benefits that derive from being HTTP-compatible and the WebSocket standard itself. In this, the second post, I will...
Startup Porticor (privately held) has released its “Virtual Private Data” solution for enterprises wishing to make more secure use of public cloud resources. Secure use of public resources requires encryption of data at rest and in motion, to minimize the possibility of eve...
This is a two-part blog post that discusses HTML5 WebSocket and security. In this, the first post, I will talk about the security benefits that come from being HTTP-compatible and the WebSocket standard itself. In the second post (coming soon) … Mar. 1, 2012 02:00 AM EST  Reads: 20,436
Internet threats are widely varied and multi-layered. Although applications and their data are attackers' primary targets, many attackers gain entry at the network layer. Internet data centers and public-facing web properties are constant targets for large-scale attacks by hacker/hact...
Reporting from Sausalito, CA - I give you a preview of F5's activities at the 2012 RSA Conference in San Francisco. Decent night shot of the city included.
The Security Innovation Network (SINET) 6th annual IT Security Entrepreneurs’ Forum (ITSEF) takes place at Stanford University, March 20 & 21, 2012.  ITSEF is the flagship event of the Security Innovation Network. ITSEF is designed to bridge the gap between the Federal Govern...
The term Advanced Persistent Threat (APT) is often regarded somewhat suspiciously by security professionals, seeing as it how it can be a buzzword that obscures actual analysis of the dynamics of cyber attacks or a diplomatic fiction because it’s not polite to openly accuse the Chinese...
In almost all professions, report writing is a requirement. Typically, reports document the success and failures of a particular action. While it may not be your favorite part of the job, report writing does validate your work to the customer. In our profession, Cyber Security, we hav...
Passwords suck. They are long, hard to remember (even if you have easier-to-remember phrases), more so when new, and are largely a difficulty for users to user properly. Combined with the fact that many users choose easy-to-guess or easy-to-ascertain passwords based off of commonly-k...
[Editor's note: this analysis predates any official announcements by NASA] Recently, some news of a NASA hack-and-dump passed my twitter deck. I decided after watching a few of my friends re-tweet the news that it might be worth checking out. At least I’d see if I could perform some...
How many of us take for granted Microsoft’s family of tools that contribute to the security of your organization? The most commonly used and appreciated tools are: Forefront Family Microsoft Security Essentials Windows Intune / Windows Update / Microsoft System Center Family Windows Fi...
People often believe that if a developer is capable of creating clean, functional code that they will by default be writing secure code. Unfortunately, this is not always the case. Security vulnerabilities can result from poor code, functional bugs can be security bugs too, but the tr...
"Cyber Threat Analysis" is the practice of effectively fusing knowledge of an organizations network vulnerabilities, both internal and external (including essential IT systems), and matching these against actual cyberattacks and threats seen out in the wild. The output of this fused a...
One thing I’ve noticed over the last couple years is that there are 5 Stages of a Data Breach: Denial: We do not believe these attacks breached our critical servers. Anger: We want to make it clear that we take security seriously! Bargaining: We’d like to offer our affected customer...
One thing I've noticed over the last couple years is that there are Five Stages of a Data Breach: Denial: We do not believe these attacks breached our critical servers. Anger: We want to make it clear that we take security seriously! Bargaining: We'd like to offer our affected custo...
Protecting web applications is an around-the-clock job. Almost anything that is connected to the Internet is a target these days, and organizations are scrambling to keep their web properties available and secure. The ramifications of a breach or downtime can be severe: brand reputatio...
Over the past few years we’ve seen firewalls fail repeatedly. We’ve seen business disrupted, security thwarted, and reputations damaged by the failure of the very devices meant to prevent such catastrophes from happening. These failures have been caused by a change in tactics from inva...
The past year brought us many stories focusing on successful attacks on organizations for a wide variety of reasons. Why an organization was targeted was not nearly as important as the result: failure to prevent an outage. While the volume of traffic often seen by these organizations w...
In recent discussions with IT leaders from both federal and Department of Defense sides of US government, representatives stated that they are having a heck of a time accommodating expansive growth in mobile computing. This is critical given that today, in most cases, agencies and depa...
We were very excited to announce recognition of our hard work on our SSL VPN solutions: F5 Positioned in Leaders Quadrant of SSL VPN Magic Quadrant. Second, we were even more excited to announce adding industry-leading support for Android’s 4.x OS, enhancing its SSL VPN capabilities. ...
1 if by land, 2 of by sea, 0 if by IP I know I’ve said this before but it sure seems like almost daily there is a security breach somewhere. Over the years, the thought process has changed from prevent all attacks to, it is inevitable that we will be breached. The massive number of ...
In today’s episode Sr. IT Pro Evangelists Blain Barton and Dan Stolts (the ITProGuru) talk candidly about Security concerns and issues many IT Pros and organizations face today when thinking about Cloud Computing. Tune in as they discuss the Security Lifecycle, from assessing physical ...
Penetration testing and red-team exercises have been running for years using the same methodology and techniques. Nevertheless, modern attacks do not conform to what the industry has been preparing for, and do not utilize the same tools and techniques employed by such tests. This paper...
Over the last couple weeks, we’ve been rolling out a series of short Security Vignette videos about various IT security challenges. We’ve posted them to the F5News blog account but also wanted to share in case you missed them. If we were going to sum up the role of security in corpor...
Around this time of year, almost everyone and their brother put out their annual predictions for the coming year. So instead of coming up with my own, I figured I’d simply regurgitate what many others are expecting to happen. Security Predictions 2012 & 2013 – The Emerging Security...
Recently, in our post on Database security in the cloud, we reviewed the threats against database installations in the cloud and best practices for protecting your data. A number of customers have asked us follow-on questions: Which database brands are open and tested with these techn...
Imagine if every single American citizen had his or her personally identifiable information, such as full names and addresses, leaked onto the Internet. This cybersecurity and privacy nightmare might seem implausible, but that’s exactly what happened in Israel, where 9 million records,...
I was part of a panel titled “Developing Security Strategies to Successfully Combat Sophisticated Threats to your Network, while Protecting Customer Privacy” at the TM Forum conference two weeks ago. Given the topic, and the interesting conversation, I wanted to highlight some of the ...
We try to offer many learning opportunities thru webinars so if there are other topics you’re interested in, there are some links below but also check out the F5 WebCasts page along with DevCentral’s Media site. We also post video content to our YouTube Channel, if that’s your game. ...
When creating any security-enabled network device, development teams must fully investigate security of the device itself to ensure it cannot be compromised. A gate provides no security to a house if the gap between the bars is large enough to drive a truck through. Many highly effec...
The two mainstream protocols available for Secure FTP transfers are named SFTP (FTP over SSH) and FTPS (FTP over SSL). Both SFTP and FTPS offer a high level of protection since they implement strong algorithms such as AES and Triple DES to encrypt any data transferred. Both options als...
I debated about writing and/or blogging about this for a few days since it is very personal and didn’t want a pity-party coming my way. But covering security, often from the human behavior standpoint, is what I do and what better way to share a security incident than when it happens...
“My company still relies heavily on FTP. I know we should be using something more secure, but I don’t know where to begin.” Sound familiar? The easy answer is that you should migrate away from antiquated FTP software because it could be putting your company’s data at risk – Unsecure...
It is a fact of IT that different businesses have different technical requirements in terms of security, processing, performance, and even storage. In many organizations, particularly those that transport sensitive personal or financial information, end-to-end encryption is a must. At ...
In a recent conversation with a public cloud provider, the message was loud and clear. Software vendors that use their cloud have an intense need for security, and they need it packaged with cloud friendly APIs (Application Program Interfaces). This is actually a deep point. There hav...
John Dodge (@thedodgeretort) and Bob Gourley (@bobgourley) review the Enterprise CIO Forum’s (@ECIOForum) top 10 Cloud Security Tweets of the week in the following podcast. Tweets selected by John included: zdnet: Will cloud security ever be sufficient? http://t.co/vLJjhFAY cloud...
Bob Gourley and HP’s Andrzej Kawalec, CTO of Enterprise Security continued to discuss emerging security issues at the HP Protect 2011 conference on Monday, September 12, 2011, exploring problems with traditional approaches to enterprise security. Andrzej began by defining the custom...
NJVC®, one of the largest information technology solutions providers supporting the Department of Defense, announces its lineup for the Gartner Symposium/ITxpo®, Oct. 16 - 20 at the Walt Disney World Dolphin Hotel in Orlando, Fla. Visit the NJVC booth (#206) on the tradeshow floor to ...


ADS BY GOOGLE