February 1, 2016

Comments Off on Here’s Who Inspires Top Tech Execs Like Mark Zuckerberg and Bill Gates

Laurence Autorino

Here’s Who Inspires Top Tech Execs Like Mark Zuckerberg and Bill Gates

Get a look into their playlists

Source: Here’s Who Inspires Top Tech Execs Like Mark Zuckerberg and Bill Gates

Advertisements
Continue reading...

January 30, 2016

Comments Off on Here’s How Much Google Paid the Guy Who Bought Google.com

Google Laurence Autorino

Here’s How Much Google Paid the Guy Who Bought Google.com

He owned the world’s most popular domain for a hot second

Source: Here’s How Much Google Paid the Guy Who Bought Google.com

Continue reading...

January 24, 2016

Comments Off on Cisco Nexus 9000

Cisco Nexus 9000 Laurence Autorino

Cisco Nexus 9000

The Cisco Nexus 9000 Series delivers proven high performance and density, low latency, and exceptional power efficiency in a broad range of compact form factors. Operating in Cisco NX-OS Software mode or in Application Centric Infrastructure (ACI) mode, these switches are ideal for traditional or fully automated data center deployments.

Features and Capabilities

The Cisco Nexus 9000 Series Switches offer both modular (9500 switches) and fixed (9300 switches) 1,10, 40, and 100 Gigabit Ethernet (GE) configurations designed to operate in one of two modes:

Cisco NX-OS mode for traditional architectures and consistency across the Cisco Nexus portfolio
ACI mode to take full advantage of the policy-focused services and infrastructure automation features of the Cisco Application Centric Infrastructure (ACI)
Other benefits include:

Architectural Flexibility

  • Delivers high performance and density
  • Can be deployed in an energy-efficient traditional three-tier or leaf-spine architecture
  • Provides a highly flexible and scalable Virtual Extensible LAN (VXLAN) multi-tenancy solution
  • Provides a foundation for Cisco ACI, automating application deployment and delivering simplicity, agility, and flexibility

Programmability

  • Offers an open-object API programmable model for provisioning Layer 2 and 3 featuresProvides extensibility through a Route Processor Module application package, Linux containers, and
  • Broadcom and Linux shell access
  • Uses Cisco NX-OS API for easy-to-use web-based programmatic access
  • Simplifies infrastructure management through integration with DevOps automation tools
  • Visit DevNet Community for Programmability Resources

Scalability

  • Provides up to 60 Tbps of nonblocking performance with less than 5-microsecond latency
  • Features up to 2304 10-Gbps, 576 40-Gbps, or 128 100-Gbps Layer 2 and Layer 3 Ethernet ports
  • Offers wire-speed gateway, bridging, routing, and Cisco Border Gateway Protocol Control Plane for
  • Virtual Extensible LAN (BGP EVPN VXLAN)

High Availability

  • Features software patching for continued operations
  • Has fully redundant and hot-swappable components
  • Improves reliability and performance with a mix of third-party and Cisco ASICs performance

Energy Efficiency

  • Designed without a midplane to optimize airflow and reduce energy requirements
  • Optimized to run with fewer ASICs, resulting in lower energy use
  • Rated at 80 Plus Platinum in power supply efficiency

Investment Protection

  • Allows for reuse of an existing 10 GE cabling plant for 40 GE with 40-Gbps bidirectional transceiver
  • Designed to support future ASIC generations
  • Supports Cisco Nexus 2000 Series Fabric Extenders in both NX-OS and ACI modes
  • Facilitates migration from NX-OS mode to ACI mode

Latest Innovations

  • Intelligent Traffic Director (ITD): The industry’s first hardware based solution to deliver multi-terabit layer 4 load-balancing, traffic steering, and clustering solutions.
  • Virtual Topology System: Automate overlay provisioning for both virtual and physical workloads for faster application delivery.
  • Cisco Nexus Data Broker: Build a tap or SPAN aggregation infrastructure that is scalable, cost-effective, and programmable.
  • Cisco BGP EVPN VXLAN: It supports highly scalable multitenancy data centers with, optimized resource use and traffic routing for transparent workload mobility.
Continue reading...

November 29, 2013

Comments Off on Google Is Serial Privacy Violator, Simpson Says

Google Laurence Autorino

Google Is Serial Privacy Violator, Simpson Says

http://www.youtube.com/watch?v=dBMfIv6-XTQ&w=560&h=315

John Simpson, director of Consumer Watchdog’s privacy project, and Nick Thompson, editor of New Yorker Magazine Inc.’s Newyorker.com and a Bloomberg News contributor, talk about Google Inc.’s agreement to pay $7 million to settle a multistate probe over the collection of data from unsecured wireless networks across the U.S. They speak with Cory Johnson on Bloomberg Television’s “Bloomberg West.”

Continue reading...

November 28, 2013

0 Comments

Laurence Autorino

Fortinet Unified Threat Management Solution Overview Video

Laurence Autorino | laurence.autorino.autorino@gmail.com

http://www.youtube.com/watch?v=rEmiijE6s7w&w=560&h=315

Fortinet Unified Threat Management (UTM)  solution overview video. Watch this video to learn more about the advanced UTM features on Fortinet’s FortiGate security appliance.

Related Articles

Thank you,

Laurence Autorino

laurence.autorino.autorino@gmail.com

Contact Laurence Autorino

Continue reading...

November 28, 2013

0 Comments

Laurence Autorino

FireEye Advanced Persistent Threat Protection Solution Video

Laurence Autorino | laurence.autorino.autorino@gmail.com

http://www.youtube.com/watch?v=bz-4Roaa8zc&w=560&h=315

FireEye Advanced Persistent Threat Protection (APT) solution overview video

Thank you,

Laurence Autorino

laurence.autorino.autorino@gmail.com

Contact Laurence Autorino

Continue reading...

November 25, 2013

0 Comments

Laurence Autorino

Juniper Networks On-Demand Web Application Security Webinar

Laurence Autorino | laurence.autorino.autorino@gmail.com

Juniper Networks  held an important webinar on November 20th 2013 about the future of cyber attacks, and wanted to make it available to as many people as possible. You can watch it anytime, here. Download the webinar slides.

With the growing volume and sophistication of threats targeting Web applications and servers, network security needs to become more intelligent in how it identifies and blocks attacks.

Conducted by a leading security analyst, the Next-Generation Application Security for Today’s Modern Data Center webinar will teach you:

  • New techniques for detecting and mitigating the outside-in threat.
  • Why it’s vital to globally share data about attackers.
  • How deception can be used to detect and block unknown and zero-day attacks.
  • The difference between protecting the data center and campus edge—and the different security tools for each.

Download IDC’s Unique Security Challenges in the Data Center Demand Innovative Solutions.

This hot-off-the-press white paper will address external and internal threats to the data center, the types of security technologies needed to react to those threats, and ultimately, how to drive productivity improvements and revenue in the data center while minimizing risk of attacks and breaches. And after you’ve read the white paper, register to take your security even further with a demonstration of our innovative WebApp Secure technology. It uses the Intrusion Deception technique to detect, track, profile, and prevent Web attackers in real time.

Related Articles

Thank you,

Laurence Autorino

laurence.autorino.autorino@gmail.com

Contact Laurence Autorino

Continue reading...

November 25, 2013

0 Comments

Laurence Autorino

Security Breach Roundup: Supermarkets, Colleges, Utilities, Serious Gamers and More

Laurence Autorino | laurence.autorino.autorino@gmail.com

Re-blogged from Carousel Connect Blog Security Breach Roundup: Supermarkets, Colleges, Utilities, Serious Gamers and More.

Breach at Schnucks Chain Puts 2.4 Million Customers at Risk

The biggest breach in April, at least in terms of potential damage, was that suffered by the Schnucks chain of food and drug stores. The company operates some 100 stores in Missouri, Illinois, Indiana, Wisconsin and Iowa and had revenue of $2.5 billion in 2012. In other words, lots of people use the stores – and they are now potential targets of identity theft and the like.

The St. Louis CBS affiliate reports:

ST. LOUIS (KMOX) – The credit card and debit card information of 2.4 million Schnucks customers may have been compromised between December 2012 and March 2013.

Schnucks says just the card numbers and expiration dates were stolen, not the cardholder’s name, address or anything else.

“On behalf of myself, the Schnuck family, and all of our 15,000 teammates, I apologize to everyone affected by this incident,” said Scott Schnuck in a written statement sent to KMOX News early Monday.

The company also sent news outlets a timeline showing what happened and when. The company says it was told of an issue on March 15, formed a response team on March 19, contacted police on the 20, and began to identify the problem on the 28th, but didn’t communicate any concern to customers until March 30. …

According to the company, “if you used your card at any one of the 79 affected stores between December 2012 and March 29, 2013, your card could have been accessed.”

As we’ve discussed in the past, letting time lapse before letting your customers know about a breach is not a great idea. That kind of behavior can get you sued, as Mr. Schnuck found out. Bizjournals.com reports:

Schnuck Markets Inc. has been hit with a class-action lawsuit stemming from a security breach last month.

The suit, filed April 8 in St. Louis Circuit Court, alleges that the Maryland Heights-based grocery chain learned of the breach March 15 but informed the public March 30 via a press release stating the breach had been “found and contained.”

The story goes on to cite a comment from a Schnucks spokeswoman that the lawsuit is “without merit.”  It will be interesting to watch how this one unfolds.

Community College Applicant Data Stolen in Breach

Next up is the almost obligatory breach of an educational institution, this time a community college in Iowa. The Omaha World Herald reported on Tues., April 9:

IOWA CITY (AP) — Hackers gained access to an online database containing the personal information of 125,000 people who applied to take credit classes at an Iowa community college during the past eight years, the school said Monday.

Kirkwood Community College in Cedar Rapids announced that “sophisticated hackers” using an international IP address hacked into the student application database on its website March 13. College officials noticed a spike in activity, quickly shut down the site and contacted the FBI to report the suspected breach, vice Kristie Fisher, vice president of student services, said Monday.

The college said the database contained the names, Social Security numbers, dates of birth, race and contact information for those who applied for courses from February 2005 through March 2013. No financial information or grades were stored in the system, and the breach did not affect tens of thousands of students who take continuing education classes.

Fisher said the college sent letters Friday to those who may have been affected and announced the breach publicly Monday. So far no cases of identity theft or suspicious activity have been reported. The FBI is investigating, Fisher said.

In a more aggressive approach to the breach, the college decided to shut down the site and call in the FBI. And while the school likewise took more than two weeks to inform those potentially affected, given the fact that the FBI was involved and no financial data was stolen, we can give the school the benefit of the doubt.

Long-running Breach at Maine Utility Puts Applicant Data at Risk

And here we have another of the very same variety, this time affecting folks who applied for jobs with a utility company in Maine. The Bangor Daily News reports:

Central Maine Power has revealed that a security breach of its parent company’s recruitment website has potentially exposed the personal data of anyone who has applied for or accepted a job at CMP or any of its sister companies in the past six years.

Iberdrola USA, which is based in New Gloucester and owns CMP, confirmed that last week someone had gained “unauthorized access” to its recruitment website, which handles personnel recruitment for itself, as well as its three operating companies: CMP, Rochester Gas and Electric Corp., and New York State Electric and Gas Corp.

Roughly 5,100 individuals may have provided personal information through the website since January 2007 and may be potentially affected, according to John Carroll, CMP’s manager of public affairs. …

The company is attempting to notify all potentially affected individuals.

When a breach goes back six years, we can see how notifying those affected can be a challenge. Like Kirkwood, CMP also contacted the FBI and hired a security firm to help with the investigation.

Two Popular Online Games Suffer Security Breaches

This month saw not one but two massively multiplayer online (MMO) games suffering breaches in April. CVG.com reports on the first:

Survival horror MMO The War Z and the game’s forums have temporarily been taken offline following a security breach.

The game’s publisher, OP Productions LLC, confirmed in a statement that hackers had gained access to the game’s forum and databases and player data contained within.

The data accessed includes email addresses, encrypted passwords, in-game character names and IP addresses, but no payment or billing information. Players and forum members are advised to change their passwords immediately.

The makers of the game World of Tanks, which reportedly has 45 million registered players (45 Million?  Tanks?  Seriously?), suffered a similar breach, but came up with an innovative response. Escapistmagazine.com reports:

Wargaming, the makers of World of Tanks, confirmed yesterday that the game had suffered a security incident that may have allowed outside parties access to player information. Though no financial information was included in the breach, account holders are still being urged to update their profiles with new passwords to help prevent any further problems. To help motivate players to reset their passwords and do it quickly, Wargaming is hosting a “Change Your Password Event.”

“In order to improve security and maintain account integrity for all of our players, Wargaming is supplying a one-time installment of 300 gold to each player that successfully updates their account password,” said Wargaming in an announcement. “While we do support the regular updating of your account password, your account is only eligible for one payment.”

At press time, we were still trying to determine how much “300 gold” is worth. (OK, no we’re not, because we don’t really care.)

Verizon Study: Cyber Espionage and Phishing Are On the Rise

Finally, Verizon released its annual Data Breach Investigations Report (DBIR) in late April, which never fails to produce numerous stories covering different angles. ITWorld.com focused on cyber espionage:

April 22, 2013, 8:07 PM — Even though the majority of data breaches continue to be the result of financially motivated cybercriminal attacks, cyberespionage activities are also responsible for a significant number of data theft incidents, according to a report that will be released Tuesday by Verizon.

Verizon’s 2013 Data Breach Investigations Report (DBIR) covers data breaches investigated during 2012 by the company’s RISK Team and 18 other organizations from around the globe, including national computer emergency response teams (CERTs) and law enforcement agencies. The report compiles information from over 47,000 security incidents and 621 confirmed data breaches that resulted in at least 44 million compromised records.

In addition to including the largest number of sources to date, the report is also Verizon’s first to contain information on breaches resulting from state-affiliated cyberespionage attacks. This kind of attack targets intellectual property and accounted for 20 percent of the data breaches covered by the report.

In over 95 percent of cases the cyberespionage attacks originated from China, said Jay Jacobs, a senior analyst with the Verizon RISK team. …

“Typically what we see in our data set are financially motivated breaches, so the targets usually include retail organizations, restaurants, food-service-type firms, banks and financial institutions,” Jacobs said. “When we looked at the espionage cases, those industries suddenly dropped down to the bottom of the list and we saw mostly targets with a large amount of intellectual property like organizations from the manufacturing and professional services industries, computer and engineering consultancies, and so on.”

A surprising finding was the almost fifty-fifty split between the number of large organizations and small organizations that experienced breaches related to cyberespionage, the analyst said.

“When we thought of espionage, we thought of big companies and the large amount of intellectual property they have, but there were many small organizations targeted with the exact same tactics,” Jacobs said.

So, big or small, apparently you’re all on alert.

CRN chose to focus on a mode of attack that the Verizon study showed was on the rise last year: phishing:

People are most often the first target of an attacker and not technology, as cybercriminals are increasingly using social engineering and phishing attacks to gain a foothold into corporate networks, according to new analysis of hundreds of data breaches to be issued this week.

Social engineering attacks designed to steal account credentials were the most often used technique carried out to gain access to endpoint machines and then pivot to systems containing more sensitive data, according to the 2013 Verizon Data Breach Investigations Report (DBIR). The study, an analysis of 621 confirmed data breaches and thousands of security incidents, found that stolen credentials were used in four out of five breaches, regardless of whether the attack was driven by financially motivated cybercriminals, nation-state-driven cyberespionage activity or hacktivists.

We’ve said it before but it bears repeating: two-factor authentication is a good defense against social engineering and phishing attacks. Check out our previous post on the topic to get up to speed.

Thank you,

Laurence Autorino

laurence.autorino.autorino@gmail.com

Contact Laurence Autorino

Continue reading...

November 24, 2013

0 Comments

Laurence Autorino

Juniper Networks | Next Generation Data Center Application Security Webinar

Laurence Autorino | laurence.autorino.autorino@gmail.com

NEXT-GENERATION APPLICATION SECURITY FOR TODAY’S MODERN DATA CENTER

Watch this important webinar on detecting and preventing unknown attacks against your data center. In the Next-Generation Application Security for Today’s Modern Data Center webinar, you’ll hear a leading security analyst’s perspective on the different use cases for target attacks in the enterprise, and the security tools required. Juniper also discusses how we approach securing your most valuable Web-based applications and assets in the enterprise.

You’ll learn:

  • New techniques for detecting and mitigating the outside-in threat.
  • Why it’s vital to globally share data about attackers.
  • How deception can be used to detect and block unknown and zero-day attacks.
  • The difference between protecting the data center and campus edge, and the different security tools for each.

Thank you,

Laurence Autorino

laurence.autorino.autorino@gmail.com

Contact Laurence Autorino

Continue reading...

November 24, 2013

0 Comments

Laurence Autorino

Defending Against Escalating Application Layer Attacks

Laurence Autorino | laurence.autorino.autorino@gmail.com

Re-blogged Via: Defending against escalating application-layer attacks | Net Matters.

There’s a new DDoS security threat in town. It can’t be mitigated in the cloud and it’s displacing the classic, easily detected, volumetric attack seen frequently today. This latest exploit is known as a DNS amplification attack, an application-layer DDoS attack that targets Domain Name Servers (DNS). Which means there are several million servers online today that are making companies vulnerable to the possibility of financial exploitation, costly service outages and damage to their brand.

Domain name servers make attractive prey because they’re very large and run on high-speed Internet connections. Attackers can exploit them by using simple DNS queries, and are able to do so quite effortlessly and anonymously. They can conceal their identities by using a technique where they send DNS queries to reflectors. These reflectors process the queries but instead of sending the responses to the IP address that initiated them (the hacker) the responses are sent to the target. What’s worse is that this process can be amplified using bots or botnets to quickly inundate and knock a defenseless target offline. DNS amplification attacks can result in a security breach as happened recently to California State University at Sacramento, which resulted in 1,800 records being stolen.1 Attackers were able to trick the school’s DNS server into giving up an authentication security code which allowed for the breach. And it’s not just educational institutions at risk. Gaming, financial, healthcare and the e-commerce industry are all equally vulnerable to DNS reflection and amplification attacks.

Defending against DNS attacks

Detecting application layer attacks requires a dedicated low latency solution, that’s on-premise and living at the enterprise perimeter, to monitor both inbound and outbound traffic. The best-of-breed solutions use special algorithms to assign a real-time risk score associated with the traffic. These solutions also monitor how the application server responds, and learn from each encounter. This innovative approach enables the technology to determine both what normal traffic looks like and what normal responses from an application server look like. As new attacks occur, the technology updates the algorithm to include the characteristics of the new attack, creating a highly intelligent DDoS defense system. In the case of a DNS amplification attack, the leading edge DDoS solutions apply intelligence about the behavior of the DNS resource to shut down the attack before it can overwhelm and bring down the DNS server. The solution also applies its new intelligence to filter out repetitive requests to a DNS system for the same information.

In essence, the system is differentiating erratic, real human traffic from that of consistent, machine-generated traffic. This approach ensures that legitimate traffic passes through and denies attackers before they can do harm. This is crucial during periods when the servers are under a heavy load, such as during a holiday season, and any loss of server access due to false positives could result in needless loss of revenue. Many attackers today combine these new, sophisticated DDoS attacks with volumetric attacks; fortunately this same technology can detect and prevent both.

This new approach to security can greatly reduce potential theft and financial fraud. Still more important to many industries, it can also ensure the availability of critical business resources. In the case of healthcare, and the financial and education industries, loss of sensitive data could result in huge lawsuits and terrible outcomes for individuals who have their information stolen. A loss of availability for airline ticketing sites or e-commerce sites, large or small, could result in a loss of revenue and credibility. But with the right DDoS security in place, organizations can focus less on security and more on capturing new opportunities for their business.

Thank you,

Laurence Autorino

laurence.autorino.autorino@gmail.com

Contact Laurence Autorino

Continue reading...

November 24, 2013

0 Comments

Laurence Autorino

Stop Worrying About Mobile Device Security | ForeScout solutions for BYOD

Laurence Autorino | laurence.autorino.autorino@gmail.com

 

ForeScout Solutions for Mobile Security

Looking to secure mobile devices in your enterprise, and prevent sensitive data loss?

ForeScout provides a range of products and cloud-based services to fit any budget. With ForeScout, you can let users enjoy the productivity benefits of mobile devices while you keep your network safe from data loss and malicious threats.

Rather than attacking the mobile security problem in a piecemeal fashion, ForeScout has designed a set of security products that integrate with your existing security and network infrastructure. This gives you stronger security, and saves you time and money.

ForeScout mobile security products include:

Network Security: ForeScout CounterACT™ is an automated security control platform that provides real-time visibility of personal and mobile devices on your network, limits the network access of those devices, and prevents those devices from spreading malware onto your network.

Enhanced Network Access Control: ForeScout Mobile Security Module adds additional capability to ForeScout CounterACT, giving it additional intelligence to make advanced decisions about whether to allow a device onto your network.

Mobile Device Management:  ForeScout MDM Enterprise is an easy-to-use platform that includes all of the essential functionality that you need for end-to-end management of iOS, Android, Blackberry, and Windows Phone devices. And what’s better is that it integrates with ForeScout CounterACT, our flagship network security and policy automation system, to give you unified visibility and control over everything on your network.

ForeScout, A Market Leader
ForeScout Technologies is a leading provider of real-time network security control solutions for Fortune 1000 enterprises and government organizations. With ForeScout, organizations can accelerate productivity and connectivity by enabling people to access corporate network resources where, how and when needed without compromising security.

Thank you,

Laurence Autorino

laurence.autorino.autorino@gmail.com

Contact Laurence Autorino

Continue reading...

November 21, 2013

0 Comments

Laurence Autorino

ForeScout Changes the Game for Network Security

Laurence Autorino | laurence.autorino.autorino@gmail.com

 

ForeScout Changes the Game for Network Security

Just as Bruce Lee was a game changer in martial arts, ForeScout has changed the game for network security with the ControlFabric™ platform, an open platform that enables ForeScout CounterACT and other IT solutions to exchange information and mitigate a wide variety of network and endpoint security concerns. The platform helps enterprises to advance situational awareness by leveraging infrastructure data and to improve the security posture by applying policy-based controls to expedite remediation actions.  Jon Oltsik, senior principal analyst at Enterprise Strategy Group, describes this announcement: “ForeScout‘s ControlFabric platform represents a flexible approach to gain the context and policies necessary to advance endpoint compliance, continuous monitoring and security analytics.”

Learn more by watching a broadcast with CSO Magazine

This  broadcast brings together a panel of industry experts to discuss the advantages gained by leveraging controls and intelligence through a bi-directional integration. Join Bob Bragdon, Publisher, CSO Magazine, interviews executives from ForeScout, HP ArcSight, FireEye, McAfee, MobileIron, and The Chertoff Group as they discuss how their customers can advance continuous monitoring and mitigation techniques, and also examines how the ForeScout ControlFabric™ platform can be applied to strengthen security posture, improve IT responsiveness and optimize resources.

Register today to watch “Continuous Monitoring and Mitigation – the New InfoSec Frontier”. 

http://www2.forescout.com/continuous_frontier_video

ForeScout, A Market Leader
ForeScout Technologies is a leading provider of real-time network security control solutions for Fortune 1000 enterprises and government organizations. With ForeScout, organizations can accelerate productivity and connectivity by enabling people to access corporate network resources where, how and when needed without compromising security.

Thank you,

Laurence Autorino

laurence.autorino.autorino@gmail.com

Contact Laurence Autorino

Continue reading...

November 21, 2013

0 Comments

Laurence Autorino

Deploying 802.11ac: New Opportunities and Hidden Threats – Aruba Networks Webinar

Laurence Autorino | laurence.autorino.autorino@gmail.com

802.11ac is now built into a wide range of mobile devices — devices that are probably already creeping onto your network.  Is your current network secure with the influx of these new 802.11ac-based threats? Join this webinar as we discuss how to:

  • Assess new threats introduced by 802.11ac devices
  • Apply techniques to identify and contain 802.11ac rogues
  • Weigh the advantages of architectural approaches to wireless intrusion prevention for 802.11ac

Guest speaker Craig Mathias from the FarPoint Group discusses how to navigate through some of these difficult topics. In this webinar we will share steps to ensure reliability with existing 802.11n networks and tips for safeguarding against .11ac threats so that your Wi-Fi deployment is optimized.

Confirmed attendees will receive a free copy of the new Tech Note from the FarPoint Group, “Getting Ready for 802.11ac: Security and Assurance Strategies for Initial Deployments.”

Webinar Details

  • Date: Dec. 4, 2013
  • Time: 10:00 AM PDT

Speakers:

  • Craig Mathias
    Principal, Farpoint Group
  • Peter Lane
    Sr. Product Manager, Aruba Networks

Register Here: http://page.arubanetworks.com/11acSecurity.html?

Thank you,

Laurence Autorino

laurence.autorino.autorino@gmail.com

Contact Laurence Autorino

Continue reading...

November 21, 2013

0 Comments

Laurence Autorino

Juniper Webapp Secure | Deny Hackers with Deception

Posted by: Laurence Autorino | laurence.autorino.autorino@gmail.com | www.laurence-autorino.com

The innovative Juniper Networks Junos WebApp Secure is the first Web Intrusion Deception System that detects, tracks, profiles and prevents hackers in real-time. Traditional web application firewalls are seriously flawed because their reliance on a library of signatures to detect attacks and makes them susceptible to unknown zero day web attacks.

Intrusion Deception

Juniper’s Junos WebApp Secure Software technology uses Intrusion Deception to address this problem. Unlike signature-based approaches Junos WebApp Secure inserts random, variable detection points, or tar traps, into the code of outbound Web application traffic to proactively identify attackers before they can do damage – without false positives.

Detect using deception

Junos WebApp Secure inserts detection points into web application code including urls, forms and server files to create a variable minefield. These traps detect hackers when they manipulate the detection points during the reconnaissance phase of the attack, before they can establish an attack vector. And because hackers are manipulating code that has nothing to do with the website or web application, the malicious action is certain.

Track attackers beyond the IP address

Junos WebApp Secure captures an attacker’s IP address as one data point for tracking. But many legitimate users could also be accessing the site from the same IP address—for this reason, Junos WebApp Secure goes beyond the IP address and tracks attackers more granularity. Attackers using a browser are tracked by injecting a persistent token into their client. Attackers using scripts and tools are tracked using a fingerprinting technique to identify the machine delivering the script.

Understand attackers and record their attack

The tracking techniques allow us to profile the attacker and record the attack. Every attacker is assigned a name and each incident is recorded along with a threat level based on their intent and skill.

Respond to attackers

Once an attack has been detected, an appropriate response—from a warning, to requiring a CAPTCHA, to blocking a user or forcing them to logout, can be deployed manually or automatically in real-time.

Easy Deployment

Junos WebApp Secure is a software and hardware product that sits logically inline and functions as a reverse proxy. Deployment is easy and protects web applications located in internal data centers, virtualized environments and hosted in the cloud.

Continue reading...

November 21, 2013

0 Comments

Laurence Autorino

Managed Security Solutions

Posted by: Laurence Autorino | laurence.autorino.autorino@gmail.com | http://www.laurence-autorino.com

www.laurence-autorino.com

Carousel’s Security Solutions powered by Clone Systems® is the dedicated security arm of Carousel Managed Services solutions and focuses on the following It security solutions:

Security Scanning

Compliance certified vulnerability scanning and penetration testing against your internal or external network posture to identify potential threats and weakness. LEARN MORE

Intrusion Detection / Prevention

24/7 Management of perimeter related network security devices, such as firewalls, IPS and UTMs, with alerting and reporting. LEARN MORE

Log Management

Real-time monitoring alerting and reporting of logs collected from multiple devices across the entire network. LEARN MORE

(SIEM) Security Information & Event Management

Centralized security intelligence in real-time by correlating various events and incidents from all network devices using log management. LEARN MORE

Continue reading...

March 10, 2016

Comments Off on Justice Department rebuffs Apple, accuses company of ‘corrosive’ rhetoric

department of justice

Justice Department rebuffs Apple, accuses company of ‘corrosive’ rhetoric

The war of words between Apple and the federal government relating to the San Bernardino case intensified today with the release of a 43-page document from.

A 43-page rebuttal from the Justice Department today characterized Apple’s earlier response to an iPhone unlocking request as “corrosive.” Shortly thereafter, an Apple press conference attended by TechCrunch provided a rejoinder from two Apple executives, including General Counsel Bruce Sewell, who said that “the tone of the brief reads like an indictment.”

Source: Justice Department rebuffs Apple, accuses company of ‘corrosive’ rhetoric

Continue reading...

February 14, 2016

Comments Off on Imagining Snapchat’s Future

Laurence Autorino

Imagining Snapchat’s Future

Snapchat could be used by over 1 billion daily active users in time and substantially accelerate how many videos and photos people share and consume. But..

Source: Imagining Snapchat’s Future

Continue reading...

February 5, 2016

Comments Off on How To Stream Super Bowl 50 This Sunday

Laurence Autorino

How To Stream Super Bowl 50 This Sunday

So you decided to finally ditch your cable package this year. Great! But now the Super Bowl is rolling around and you’re wondering how you’re going to..

Source: How To Stream Super Bowl 50 This Sunday

Continue reading...