Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements

PhysicalandVirtualSpaces.png

 

In a recent article, writer Adam Clark Estates shared that, “Over the next three years, the U.S. Army will be filling its brand new cyber warfare institute at West Point with the best and brightest hackers it can find.” This approach aligns well with the sentiments recently expressed by Nawaf Bitar at the RSA Conference in San Francisco in his keynote, “The Next World War Will Be Fought in Silicon Valley.”

 

It isn’t sufficient for nations to protect only their physical borders. They must protect more. They must protect critical data and infrastructures, including financial systems, wireless communications, electric power grids, oil and natural gas systems, and others, from cybercrime.

 

Here are three actions to consider as part of embarking on this important endeavor:

1. Evaluate and deploy state of the art/best of breed security and intelligence systems to protect critical infrastructure, especially with the proliferation of multitudes of “smart” gadgets and the inception of “machine-to-machine” communications taking place amongst residents and citizens both within and outside the nation’s borders and which are vulnerable to cyber-attack.

 

2. Selectively hire white hat hackers who can seek out vulnerabilities in the network.

 

3. Recruit experienced IT security specialists who will oversee and manage the deployed security systems as well as take rapid action on detected vulnerabilities and remediate post-breach.

 

While the initiative of taking cybercrime as seriously as physical warfare is agreeable, building a comprehensive and strong plan and “army” who will adeptly fight black hat hackers and “beat them at their own game” is no small feat. As part of building its security intelligence arsenal, federal and law enforcement agencies may want to consider Juniper’s intrusion deception approach that helps stop threats and attackers before they can do harm.

 

Before embarking on the battle against cybercrime, ensure you have the right plan, people and protection to maximize your chances of success against the enemy!

Read more...

Autonym

FAQ: Protecting your OpenSSL Server from HeartBleed using IDP

by Juniper Employee ‎04-11-2014 05:10 PM - edited ‎04-17-2014 10:36 AM

Is it the Internet Armageddon? NO! Thanks to an Emergency Signature Release, IDP saves the day!

Read more...

Malware-Sandbox-Evasion.jpgWhile attackers are constantly improving their evasion tactics to extend the lifetime of their malware, users can also leverage these types of evasion tactics to help prevent malware infection in the first place.

 

Read the full article at SecurityWeek.

Read more...

abharadwaj

Heartbleed - you couldn't have missed this

by Juniper Employee ‎04-09-2014 10:45 PM - edited ‎04-15-2014 04:01 PM

A few days ago, heartbleed1.jpgmillions of servers around the world were impacted by Heartbleed, a security vulnerability in OpenSSL. This was arguably one of the hottest topics on the Internet. Organizations scrambled to put a fix in place and update builds. At Juniper, several product teams worked round the clock to ensure that customers get updates on highest priority. As of a short while ago, Junos Pulse Connect Secure (VPN) and Policy Secure (UAC) released patches that would fix the vulnerability for its mobility offering. 

Read more...

middle.jpgAs the Target and Neiman Marcus data breach stories continue to evolve, so too does the story of how to combat malware. Today, the industry is spending billions of dollars a year using signatures to try to stop attacks or post-mortem forensic analyses to try to learn how to prevent future attacks. Problem is, neither of these methods is really cutting it.

 

In order to stop malware, you need first to understand how many attacks work. Though not always, but certainly often enough, malware follows this path: It looks for vulnerabilities, infects a system, propagates to other network devices, finds wanted data, and, finally, executes and brings home that sensitive data. If malware can't complete this process, attackers won't be successful.

 

Right now, the industry's attention sits squarely in the wrong place. Instead of solely thinking about how to prevent the initial infection or spending countless dollars autopsying an exploit after the fact, there's an opportunity to rethink the problem—or process—and a solution that lies smack-dab in the middle. The key is focusing on ways to stop malware after the infection, but prior to a damaging data breach.

 

Read the full article at SC Magazine.

Read more...

Magnet.jpgIt won’t be long before the number of connected devices outnumbers the number of connected people by a vast margin. With every additional connection, the opportunity for network-based business and economic growth increases. Unfortunately, so does the risk of cybercrime. The new, connected world is a magnet for criminals and driving a boom in cybercrime tools and stolen data.

 

Learn more on Net Matters, and find out what you can do to buck this trend.

 

Read more...

eomalley

Introducing Erin K. Banks—Security & Mobility Now Blogger

by Trusted Contributor ‎04-07-2014 07:05 AM - edited ‎04-07-2014 12:26 PM

Erin Banks.jpgIntroducing another new Security & Mobility Now blogger!

 

Please meet Erin K. Banks, senior technical marketing manager for virtualization security at Juniper Networks.

Read more...

eomalley

Introducing Ajay Bharadwaj—Security & Mobility Now Blogger

by Trusted Contributor ‎04-04-2014 10:48 AM - edited ‎04-04-2014 10:48 AM

cape of good hope.jpgAllow me to introduce another of our new Security & Mobility Now bloggers.

 

Please meet Ajay Bharadwaj, product manager for mobile security at Juniper Networks.

Read more...

Autonym

Zero-Day Behavioral-Based Malicious Activity Intervention Using IDP

by Juniper Employee ‎04-02-2014 04:05 PM - edited ‎04-02-2014 04:08 PM

Zero-Day Protection from IDP?  It's more likely than you think...

Read more...

Attackers stay ahead of the game by continuously cooking up new, innovative, and distasteful schemes. As reported in the new RAND Corporation research report, “Markets for Cybercrime Tools and Stolen Data - Hackers’ Bazaar,” their innovations will likely outpace our ability to defend.

 

What’s maybe more interesting—and worrisome—is the fact that attackers don’t even really need to take the time to create new attacks from scratch. They can simply use ingredients that are already widely available on the market. In fact, according to the recent RAND report, the market is ripe with off-the-shelf goods and services that can be combined for easy and effective attacks.

Read more...

HenrikDavid

Countries under Attack

by Juniper Employee ‎03-31-2014 12:45 PM - edited ‎03-31-2014 12:45 PM

Nawaf Bitar, SVP & General Manager, Security Business Unit at Juniper Networks spoke at the RSA Conference in San Francisco earlier in March that The Next World War will be Fought in Silicon Valley. That we are under attack and that we are not allowed to fight back. This is a new digital war. Everyone has a breaking point. What is yours? 

Read more...

skathuria

From TJX to Target: Protect or Pay Up!

by Juniper Employee ‎03-28-2014 12:00 PM - edited ‎03-27-2014 04:22 PM

                          ProtectorPay.png

As many would have rightly guessed, Target has been sued due to the significant data breach affecting its customers in 2013. According to this Reuters article, “Trustmark National Bank and Green Bank NA accused the defendants [,Target Corp and Trustwave Holdings Inc, which provides credit card security services,] of failing to properly secure customer data, enabling the theft of about 40 million payment card records plus 70 million other records.”

 

This reminds me of the prominent TJX (operator of TJ Maxx stores) data breach eight years ago that affected ~94M records, making it the largest single data breach to date. You can learn more about it on the Hacks of Ages timeline that Erin O’Malley so eloquently described recently. Juniper will add the Target breach to it.

 

According to the Ponemon Institute 2013 Cost of Data Breach Study: Global Analysis report, German and U.S. companies had the most costly data breaches ($199 and $188 per record, respectively). For U.S. retailer TJX, the financial losses were significant. The company agreed to pay $9.75 million to 41 states. Of this, per the settlement, $5.5 million was to be dedicated to data protection and consumer protection efforts by the states, and $1.75 million was to aid in reimbursement of the costs and fees of the investigation. Further, $2.5 million of the settlement was to be used to fund a Data Security Trust Fund to be used by State Attorneys General to advance enforcement efforts and policy development in the field of data security and protecting consumers’ personal information.

 

Let’s see how Target financially fares with regards to the settlement. In the meanwhile, I hope that both these and other enterprises will take effective, preventative measures to detect and stop such attacks early. If they don’t protect their customers’ data, certainly, sooner or later, they will have to pay the price. And, as my esteemed colleague, John Pennington, warned loudly and clearly in his blog, which summarizes the findings of a compelling study of the cybercriminal world, “Take action or be hacked!”

Read more...

 

It's official, cyber criminals have their own economy and it's thriving. Fuelled by Bitcoin and other online currencies the business of selling botnets, malware kits and social media login details is massive.

 

Read more...

grey.jpgIn the world of information technology, there are many kinds of markets. Black markets, where illicit products are sold. Commercial markets, which we might call white markets. And grey markets, defined as:

 

…the trade of a commodity through distribution channels which, while legal, are unofficial, unauthorized, or unintended by the original manufacturer.

 

The recent RAND Corporation report, “Markets for Cybercrime Tools and Stolen Data; Hackers’ Bazaar,” talks about the maturing cybercrime black market, which is both fascinating and disturbing, especially given the size, scope, and aggressive nature of its participants. The report also calls out the notion of a grey market, particularly for zero-days, in which a “legitimate vulnerability market” supports the buying and selling of vulnerabilities. (Spoiler alert: This is already happening and it will create a new class of millionaires.)

Read more...

When your 15 and your most valued possession is a computer, even if it's a 486SX running at 25Mhz with 4 MB of RAM, you need a way to keep it safe.  My story as an early implementer of Intrusion Deception.

Read more...

About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Paul Bristow
Senior Director
Product Management

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Henrik Davidsson
Director
Security Sales

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Steve Hanna
Distinguished Engineer

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.