People talk about security threats all the time, but where are those threats? If you want to visualize them, you might be interested in a small application called Pulse. You can download it to your iPAD, iPhone or your Android device. You can also see the information online at hpinfosecpulse.com.
Pulse is an application that gives you real-time threat visibility based on the information gathered from DVLabs, HP’s premier security research organization. Since I started using Pulse to gain an understanding on how things are going in cyber security I’ve realized that things aren’t pretty out there.
The one thing I learned is that 100 percent security no longer exists in the digital world. Unfortunately, many companies have to recognize that they have not developed a pro-active enough security strategy. They also recognize that they have notput the appropriate procedures in place the to coop with a security breach when it happens. Instead, they are in reactive mode. The latest illustration (of a long list), is the leakage of Apple device identifications, claimed to have come from the FBI. Actually the hackers lied, it came from breaching an app publisher who did not even realized his information had been leaked.
Are you being pro-active or simply reactive?
We are confronted with a world where employees bring their own devices and use them for both their private and their business lives. We know some of our information resides in the public cloud. Our employees keep using social media. Our enterprise is connected through a maze. And somewhere in that maze, people are on the outlook to break into our systems and steal valuable information.
It’s no longer enough to look at security in a piecemeal approach. We have to take a comprehensive view; combining application, endpoint, network, datacenter and operations security. We need to respond in a way where we limit the risk of being broken into to a level that is acceptable. Rethinking your enterprise security and redefine your security strategy is a must. And there is some urgency.
The good news is that HP has been addressing enterprise security for years and has developed a unique expertise in that area. To make your life easier, this week, HP announced enhancements to its security portfolio. In particular, these include:
- New enhancements addressing security in the public cloud. In particular, enhanced HP Assured Identity, CATA on demand: now available via SaaS and HP’s Private Security Operations Center
- HP Data Center Protection Services, including Data Center Protection Optimization, Governance, Risk and Compliance Readiness, and Protection Management
- HP ArcSight Enterprise Security Manager 6.0c which is now built on HP’s CORR engine
- HP TippingPoint NX-series next generation intrusion prevention systems
- HP security for imaging and printing addressing amongst others access control for Healthcare
If you want to know more, go to the Security & Risk Management page.
But just putting in place security processes and tools is not enough. In preparing for the original blog post on the CloudSource blog, I ran into a white paper by Cathy Pitt, titled “Defend your business against the dark art of social engineering.” The paper is quite entertaining and made me smile… till I realized what Cathy describes can easily happen to me.
We’re out there to help people; we want to be seen as nice. And some people are out there to take advantage of our kindness to rob us. It’s a sobering thought. Now, who has not yet received an e-mail from a poor guy in Africa proposing you to help him get money out of a country? I definitely have, and that one is so obvious that I did not fall in the trap. But have I fallen in some other traps? Maybe. I actually don’t know. And that is what is frightening. Being out in the social media world, you get a lot of questions and you try to respond. In that process, are you giving things away? Maybe.
As our world is getting increasingly integrated, and as social media is used by enterprises to reach their customers and prospects, we need to train our people to ensure they are watchful for social engineering. According to Wikipedia Social engineering, in the context of security, is understood to mean the “art of manipulating people into performing actions or divulging confidential information.” While it is similar to a confidence trick or simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or computer system access. In most cases the attacker never comes face-to-face with the victims.
Pro-actively define your security strategy. Decide what an acceptable risk level is. Choose and implement tools and procedures accordingly and train, train, train your employees. Believe me, this may cost you money, but it will be a factor less than if your security is breached. Just think about the damage to your brand if you are compromised.