Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
Autonym

FAQ: Protecting your OpenSSL Server from HeartBleed using IDP

by Juniper Employee ‎04-11-2014 05:10 PM - edited ‎04-17-2014 10:36 AM

Is it the Internet Armageddon? NO! Thanks to an Emergency Signature Release, IDP saves the day!

Read more...

Malware-Sandbox-Evasion.jpgWhile attackers are constantly improving their evasion tactics to extend the lifetime of their malware, users can also leverage these types of evasion tactics to help prevent malware infection in the first place.

 

Read the full article at SecurityWeek.

Read more...

middle.jpgAs the Target and Neiman Marcus data breach stories continue to evolve, so too does the story of how to combat malware. Today, the industry is spending billions of dollars a year using signatures to try to stop attacks or post-mortem forensic analyses to try to learn how to prevent future attacks. Problem is, neither of these methods is really cutting it.

 

In order to stop malware, you need first to understand how many attacks work. Though not always, but certainly often enough, malware follows this path: It looks for vulnerabilities, infects a system, propagates to other network devices, finds wanted data, and, finally, executes and brings home that sensitive data. If malware can't complete this process, attackers won't be successful.

 

Right now, the industry's attention sits squarely in the wrong place. Instead of solely thinking about how to prevent the initial infection or spending countless dollars autopsying an exploit after the fact, there's an opportunity to rethink the problem—or process—and a solution that lies smack-dab in the middle. The key is focusing on ways to stop malware after the infection, but prior to a damaging data breach.

 

Read the full article at SC Magazine.

Read more...

Magnet.jpgIt won’t be long before the number of connected devices outnumbers the number of connected people by a vast margin. With every additional connection, the opportunity for network-based business and economic growth increases. Unfortunately, so does the risk of cybercrime. The new, connected world is a magnet for criminals and driving a boom in cybercrime tools and stolen data.

 

Learn more on Net Matters, and find out what you can do to buck this trend.

 

Read more...

eomalley

Introducing Erin K. Banks—Security & Mobility Now Blogger

by Trusted Contributor ‎04-07-2014 07:05 AM - edited ‎04-07-2014 12:26 PM

Erin Banks.jpgIntroducing another new Security & Mobility Now blogger!

 

Please meet Erin K. Banks, senior technical marketing manager for virtualization security at Juniper Networks.

Read more...

eomalley

Introducing Ajay Bharadwaj—Security & Mobility Now Blogger

by Trusted Contributor ‎04-04-2014 10:48 AM - edited ‎04-04-2014 10:48 AM

cape of good hope.jpgAllow me to introduce another of our new Security & Mobility Now bloggers.

 

Please meet Ajay Bharadwaj, product manager for mobile security at Juniper Networks.

Read more...

grey.jpgIn the world of information technology, there are many kinds of markets. Black markets, where illicit products are sold. Commercial markets, which we might call white markets. And grey markets, defined as:

 

…the trade of a commodity through distribution channels which, while legal, are unofficial, unauthorized, or unintended by the original manufacturer.

 

The recent RAND Corporation report, “Markets for Cybercrime Tools and Stolen Data; Hackers’ Bazaar,” talks about the maturing cybercrime black market, which is both fascinating and disturbing, especially given the size, scope, and aggressive nature of its participants. The report also calls out the notion of a grey market, particularly for zero-days, in which a “legitimate vulnerability market” supports the buying and selling of vulnerabilities. (Spoiler alert: This is already happening and it will create a new class of millionaires.)

Read more...

rebeccalawson

One Simple Fact: It Pays to be Bad

by Juniper Employee ‎03-25-2014 07:00 AM - edited ‎03-25-2014 09:56 AM

We (the business world) have been too slow to associate a monitory value on digital assets in such a way that warrants protecting them. Think about it: Digital assets, or information of any sort, are not explicitly treated as assets on a balance sheet. They have no real value in the eyes of the owner. If we don’t treat information with the same care that we treat other corporate assets (buildings, equipment, cash and investments), and we can’t even articulate the value of a customer record, then naturally the cost of protecting that record will not become a point for discussion.

Read more...

skathuria

PCI Compliance Does Not Equal Data Security

by Juniper Employee ‎03-24-2014 04:03 PM - edited ‎03-24-2014 05:34 PM

PCI_not_equal_security.png

As evidenced by recent retailer data breaches and as stated in a recent Bloomberg Businessweek write-up , “It turns out the accreditation by PCI doesn’t always offer much protection against fraud.” My colleague Mora Gozani made a similar observation, and I couldn’t agree with her more.

 

A case in point is that Neiman Marcus claimed it had met PCI standards when it revealed in January 2014 that customer cards may have been compromised from July to October 2013. Despite retailers, banks and other enterprise organizations taking measures to demonstrate compliance, it isn’t enough. What they really need to consider is whether and to what extent they are enforcing employees, partners and customers to practice safe business practices with regards to securing sensitive data both physically and virtually.

Read more...

Mora Gozani

My PCI Pet Peeve

by Juniper Employee on ‎03-19-2014 12:05 PM

Since compliance is a pet peeve of mine, I felt compelled to expand on my colleague Seema Kathuria's insightful blog regarding the Target breach.  She perceptively calls out that while Target "complied" with PCI DSS guidelines, it was no excuse for not stopping a data breach.  Let's be honest, Target might have met the PCI DSS guidelines, but they certainly fell short in the "leadership," "communication" and "follow-up" categories.   

Read more...

eomalley

Hacks of Ages

by Trusted Contributor ‎03-19-2014 09:00 AM - edited ‎03-19-2014 08:53 AM

From the click-clack of the Enigma machine that stumped so many for so long to the Anonymous “Million Mask March” on the White House to protest against corporate and government corruption, we’ve assembled an illustrative timeline of the cyber world—and the crime that’s accompanied it. What’s clear is that the black markets that are supporting hackers have rapidly grown into mature economies that are greatly increasing the threats companies face. We’ve chronicled ecosystems, attacks, and products with the hope of offering you a bit of history you may not have known or thought about recently.

Read more...

If you have seen, listened or read any of the UK (or much of the international) press of the last few days you could not have failed to notice the coverage of the 2014 Cyber Security Challenge UK Masterclass. Juniper was there and this is what happened...

 

 

Read more...

rajoon

A Better Hybrid

by Juniper Employee on ‎03-17-2014 06:52 PM

verisign blog.jpgCompanies are under attack from an increasing variety of complex cyber threats. These include a new wave of DDoS attacks that are multi-vector (i.e., they combine flood attacks with Layer 7). Because tactics and vectors change during attacks, it becomes exceedingly difficult to mitigate using a single line of defense. 

 

Current solutions cobble together disparate pieces of DDoS protection and burden the customer with maintaining overall responsibility for security. Unfortunately, the results are less than efficient and the operational overhead is less than desirable.  Moreover, there’s a lack of open standards in DDoS mitigation, which encourages proprietary vendor lock-in by not offering a standard way for multi-vendor solutions to integrate tightly.

 

What’s needed, rather, is an agile response to a complex attack; a tightly coupled, coordinated mitigation across on-premise and the cloud; seamless redirection to the cloud based on local risk assessment; and fast mitigation response without operational involvement. To this end, Juniper has announced an alliance with Verisign to jointly deliver a hybrid DDoS solution that pushes past traditional solutions, and whereby the two companies plan to collaborate on defining and promoting an open standards platform for DDoS mitigation.

Read more...

carnival.jpgLast week during Rio’s famous Carnival, I watched an incredible parade of floats pass by. Each one unique and original, but none that quite caught my attention like the portable soccer field did. It was a veritable soccer party on wheels! And, oddly or not, it made me think of Firefly. Just like this mobile soccer field, Firefly offers me my own mobile security lab. Thanks, Firefly.

Read more...

skathuria

Target’s Data Breach Saga Continues . . .

by Juniper Employee ‎03-14-2014 01:25 PM - edited ‎03-14-2014 01:34 PM

TechnologyPeopleProcess.png

As a regular shopper at Target, I’ve been closely following the data breach ordeal. This week, I learned that the company did, in fact, have security intelligence in place, but the company’s Security Operations Center (SOC) didn’t react in time to prevent the damage. Astonishing!

 

It’s my hope that the following questions will eventually be answered, too . . .

 

Read more...

About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Paul Bristow
Senior Director
Product Management

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Henrik Davidsson
Director
Security Sales

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Steve Hanna
Distinguished Engineer

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.