Posts Tagged ‘mobile security’
Tuesday, February 21st, 2012
 Boston Research Group, a leading provider of research services, found that 78 percent of IT security professionals believe that network access control (NAC) is an essential function to protect enterprises from mobile device risks and that enterprises want unified policy controls to manage security risks for both mobile devices and PCs.
The research, which focused on mobile device management and mobile security, was completed in January 2012 and sponsored by ForeScout Technologies Inc., a leading provider of automated security control solutions for Fortune 1000 enterprises and government organizations.
The mobile security study surveyed 365 North American IT security professionals in companies having 1,000 employees or more. The findings present greater insight into how IT security professionals are influencing mobile device management (MDM) purchases and their perceptions of mobile security risks.
Of those surveyed:
- 88% would either be the “purchaser” or the “purchase recommender” for an MDM tool. This suggests that the same people who make network and information security decisions will also be making MDM decisions.
- 68% are concerned about mobile security risks associated with mobile devices accessing corporate resources. The majority of concerns center on: data loss (26%), malware (23%), unauthorized users and devices (14%), and intrusions (13%).
- 78% believe that network access control is an essential feature for mobile security. While inventory management, software management and security management were deemed as important and essential, the means to enforce security policies based on identity, device, configuration, security posture and network activity are also considered crucial features for mobile security, capabilities available from NAC tools that are incomplete in MDM tools.
- 96% want unified security policy management for both mobile devices and PCs, reinforcing the need for a layered approach for managed and unmanaged handhelds and PCs in the enterprise.
“IT professionals see many of the same security risks in mobile devices such as smartphones that have long been a concern for laptops and notebook computers. Device mobility, wireless access, personal applications and the high risk of lost or stolen handhelds creates a need for added defenses against data loss, unauthorized access and malware,” said Paul McClanahan, research analyst and partner at the Boston Research Group.
“The study also showed that IT security teams are well involved in MDM purchase and implementation decisions.”
Security teams want the same endpoint intelligence, security assessment and enforcement options for mobile devices as they have for PCs, and they want it all managed from one operating console. ForeScout today introduced ForeScout Mobile to meet these requirements by delivering the industry’s first unified approach for NAC, BYOD and MDM. .
Tags: Boston Research Group, ForeScout Technologies, mobile device management, mobile security, network access controls
Posted in IT, Mobile, Security, smartphones, Studies, surveys, reports, Telecommunications | No Comments »
Friday, December 30th, 2011
 With high profile security breaches in the news throughout 2011, security firm Agiliance sees dramatic changes ahead for the security industry in 2012. It’s list of predictions for the coming year in security focus on mobile, cloud computing, legislation, and social media.
These predictions are based on the company’s engagement with Global 2000 companies, government agencies, fellow security vendors, industry analysts and security consultants, as well as market research it conducts on a regular basis.
Topping the list is Agiliance’s prediction that organizations will recognize that risk is security’s new compliance.
A risk-based approach and holistic view of the organization’s IT infrastructure will be driven by further consumerization of IT, challenges related to social media as an instrument in cyber warfare, stricter enforcement and new legislation focused on data protection, threat information sharing, and incident disclosure, as well as the emerging need to assess cloud service providers’ ability to enforce security policies and continuously maintain an adequate compliance posture.
“For many years, complying with government standards and industry regulations has been seen as a check box in the lengthy list of IT security tasks,” said Torsten George, vice president of worldwide marketing at Agiliance.
“In 2012, we will see progressive organizations applying a risk-based, continuous approach to security. By doing so, they will be able to make risk visible, measurable, and actionable.”
Specifically, Agiliance expects dramatic changes in the following areas:
Mobile Devices and Social Media
New products and services will emerge that deal with the necessary delineation of employer-owned versus employee-owned data on mobile devices.
These products will go beyond anti-virus and malware software to deal with embedded strong authentication, secure mobile operating systems scanners, mobile operating system vulnerability scanning, and data segregation / encryption. For social media threats, existing security tools’ capabilities will be extended to cover monitoring of social media networks to tackle the emergency of social media cyber warfare.
Cloud Computing Security
Agiliance predicts an acceleration of efforts to create standards around cloud security, primarily driven by the data consolidation efforts of the U.S. government as well as wide-ranging support of the Cloud Security Alliance. Independent, continuous monitoring of cloud service providers’ security controls will become a standard part of service level agreements.
Legislative Initiatives
Agiliance predicts that, in the second half of 2012, a government mandate will be passed that will lead to a pro-active Information Security Risk Management system and related best practices to tackle cyber security threats.
Similar to stricter enforcement policies of the HiTech Act by the HHS, regulations penalty cases will surge in 2012. Furthermore, privacy audit is becoming a major driver behind security tool investments as organizations are coming up short on audits relating to data breaches, disclosure notifications, data handling, attribution, and incident closure.
Anti-Cyber Crime Collaboration
Sharing of sensitive threat information will become essential to prevent widespread cyber attacks across different verticals and industries. Nowadays, cyber criminals are coordinating their efforts and are well-versed in sharing vulnerabilities and attack methodologies. They even have their own online communities where they exchange information.
This is unmatched by the commercial sector and government agencies. As a result, Agiliance predicts that the increase in cyber security attacks and data breaches will lead to the introduction of a formal information sharing database that will be made accessible to a broader group.
Risk is Security’s New Compliance
With more than 365 security incidents reported this year to date, affecting over 126 million records, cyber security attacks have become a mainstream event in the industry.
Based on these changes, Agiliance predicts further increase in demand for software tools that are able to aggregate data from existing security tools and information management applications to make risk visible, measurable, and actionable.
These tools will not only provide advanced reporting capabilities, but interconnectivity to ensure that remediation actions can be triggered and followed through easily. To better describe the capabilities of these tools, analysts will create a new software category called Security Risk Management.
For the in-depth predictions, data, and accompanying graphics, please see Agiliance’s 2012 IT Security Predictions:http://www.agiliance.com/forms/WhitePaperReg.html?doc=Security_Predictions.
Tags: Agiliance 2012 security industry predictions, anti-crime collaboration, cloud computing secuirty, cyber security legislation, mobile security, risk management, social media
Posted in Cloud, Internet/New Media, IT, Mobile, Security, smartphones, social media, Studies, surveys, reports, Telecommunications | Comments Off
Tuesday, December 14th, 2010
 ORLANDO, FL -PandaLabs, the antimalware laboratory of Panda Security, the cloud security company, has forecasted several radical innovations in cyber-crime for 2011. Hacktivism and cyber-war; more profit-oriented malware; social media; social engineering and malicious codes with the ability to adapt to avoid detection will be the main threats in the coming year. There will also be an increase in the threats to Mac users, new efforts to attack 64-bit systems and zero-day exploits.
Following is a summary of what PandaLabs predicts as the ten major security trends of 2011:
| 1. |
Malware creation: In 2010, PandaLabs witnessed significant growth in the amount of malware and discovered at least 20 million new strains, more than in 2009. At present, Panda’s Collective Intelligence database stores a total of more than 60 million classified threats. The actual rate of growth year-on-year however, appears to have peaked. Several years ago it was over 100 percent and in 2010 it was 50 percent. |
|
|
|
|
| 2. |
Cyber war: Stuxnet and the WikiLeaks cables suggesting the involvement of the Chinese government in the cyber-attacks on Google and other targets have marked a turning point in the history of these conflicts. Stuxnet was an attempt to interfere with processes in nuclear plants, specifically, with uranium centrifuge. Attacks such as these, albeit more or less sophisticated, are still ongoing, and will undoubtedly increase in 2011, even though many of them will go unnoticed by the general public. |
|
|
|
|
| 3. |
Cyber-protests: Cyber-protests , or hacktivism, are all the rage and will continue to grow in frequency. This new movement was initiated by the Anonymous group and Operation Payback, targeting organizations trying to close the net on Internet piracy, and later in support of Julian Assange, editor-in-chief of WikiLeaks. Even users with limited technical know-how can join in the distributed denial of service attacks (DDoS) or spam campaigns. |
|
|
|
|
|
Despite hasty attempts in many countries to pass legislation to counter this type of activity effectively by criminalizing it, PandaLabs believes that in 2011 there will be more cyber-protests, organized by this group or others that will begin to emerge. |
|
|
|
|
| 4. |
Social engineering: Cyber-criminals have found social media sites to be their perfect working environment, as users are even more trusting with these than with other types of tools, such as email. |
|
|
|
|
|
Throughout 2010, PandaLabs witnessed various attacks that used the two most popular social networks – Facebook and Twitter – as launching pads. In 2011, not only will hackers continue to use these networks, but it is predicted that they will also be used more for distributed attacks. |
|
|
|
|
|
BlackHat SEO attacks (indexing and positioning of fake websites in search engines) will also be widely employed throughout 2011, as always, taking advantage of hot topics to reach as many users as possible. In addition, a significant amount of malware will be disguised as plug-ins, media players and other similar applications. |
|
|
|
|
| 5. |
Windows 7 influencing malware development: It will take at least two years before there is a proliferation of threats designed specifically for Windows 7. In 2010, PandaLabs began seeing a shift in this direction, and predicts that in 2011, new cases of malware targeting users of this new operating system will continue to emerge. |
|
|
|
|
| 6. |
Mobile phones: In 2011 there will be new attacks on mobile phones, but it will not be on a massive scale. Most of the existing threats target devices with Symbian, an operating system which is now on the wane. Of the emerging systems, PandaLabs predicts that the threats for Android will increase considerably throughout the year, becoming the number one mobile target for cyber-crooks. |
|
|
|
|
| 7. |
Tablets: The dominance of the iPad will start to be challenged by new competitors entering the market. Therefore PandaLabs does not believe that tablet PCs will become a major consideration for the cyber-criminals in 2011. |
|
|
|
|
| 8. |
Mac: Malware for Mac exists, and will continue to exist. And as the market share of Mac users continues to grow, the number of threats will grow. The greatest concern is the number of security holes in the Apple operating system. Developers will need to patch these holes as soon as possible, as hackers are well aware of the possibilities that these vulnerabilities offer for propagating malware. |
|
|
|
|
| 9. |
HTML5: HTML5 is the perfect target for many types of criminals and could eventually replace Flash. It can be run by browsers without any plug-ins, making it even more attractive to find a security hole that can be exploited to attack users regardless of which browser they use. PandaLabs expects to see the first attacks on HTML5 in the coming months. |
|
|
|
|
| 10. |
Highly dynamic and encrypted threats: PandaLabs expects dynamic and encrypted threats to increase in 2011. PandaLabs is receiving more and more encrypted, stealth threats designed to connect to a server and update themselves before security companies can detect them. There are also more threats that target specific users, particularly companies, as information stolen from businesses will fetch a higher price on the black market. |
Tags: cyber protests, cyber war, FL, HTML, Mac, mobile security, Orlando, Panda Labs, social engineering, tablets, to ten cyber security threats for 2011, Windows 7
Posted in Florida, Internet/New Media, IT, Security | Comments Off
|
|
|
