Do you know what’s happening in the cloud at your organization?
Blog Published: 03/26/2014
By Sanjay Beri, Founder and CEO, NetskopeFor as long as “Shadow IT” has existed, technology vendors have encouraged IT professionals to uncover unsanctioned apps in their organizations so they can block them. But people rely on apps like Box, Dropbox, Evernote, Jira, and Workday for business c...
I Hunt Sys Admins’ SSH
Blog Published: 03/28/2014
KEVIN BOCEK, VP, SECURITY STRATEGY & THREAT INTELLIGENCE, VENAFI SSH keys again confirmed as a favorite target for advanced attackers - how will IT security fight back?Newly leaked NSA documents from Edward Snowden, entitled “I Hunt Sys Admins” show that sophisticated attackers are aiming ...
On behalf of the CDPC Leadership Team: Open Review Period - Cloud Data Protection Cert Candidate Project
Blog Published: 03/29/2014
We would like to invite Cloud Security Alliance (CSA) members as well as the cloud and security community to participate in the open review period for a new candidate project that we are proposing for contribution to the CSA Research Portfolio. In addition, we are considering contributing thi...
Windigo: Another Multi-Year APT Targets SSH Credentials
Blog Published: 04/04/2014
By Gavin Hill, Director, Product Marketing and Threat Intelligence, Venafi Last month, ESET, a leading IT security company, published a detailed analysis of operation Windigo. This operation, active since 2011, has compromised over 25,000 Linux and Unix webservers. Cyber-criminals use these se...
Why Should You Update Your Trusted CAs and Enforce Certificate Whitelists?
Blog Published: 04/09/2014
By Patriz Regalado, Product Marketing Manager, Venafi Your organization’s policies—or lack of policies—regarding trusted root CA certificates are exposing you to unnecessary risk. Because certificates serve as credentials for so many mission-critical transactions, attackers are constantly tryi...
DON’T LET THE END OF SUPPORT FOR WINDOWS XP PUT YOUR CORPORATE DATA AT RISK
Blog Published: 04/10/2014
By Harold Byun, Skyhigh Networks April 8 = Y2K all over again?I may be dating myself a little bit here by writing this, but at the turn of the century, the impending arrival of the year 2000 led to multi-year coding projects, systems upgrades, and a massive testing effort to ensure Y2K complia...
Cloud Policy? I’ll Take a Sharp Stick in the Eye, Please!
Blog Published: 04/10/2014
By Jamie Barnett, VP Marketing, NetskopeWe were struck by a survey we conducted with RSA Conference attendees in February when we learned that even though more than 60% of respondents didn’t have or didn’t know if they had a cloud app policy, 70% cared enough to think about their organization’...
24 HOURS AFTER HEARTBLEED, 368 CLOUD PROVIDERS STILL VULNERABLE
Blog Published: 04/10/2014
By Harold Byun, Skyhigh NetworksOver the past weeks, security teams across country have been grappling with end of life for Windows XP, which is still running on 3 out of 10 computers. That issue has been completely overshadowed with news of the Heartbleed vulnerability in OpenSSL, which is us...
Mad Max Here We Come: Heartbleed shows how much we blindly trust keys and certificates (and take them for granted)
Blog Published: 04/10/2014
KEVIN BOCEK, VP, SECURITY STRATEGY & THREAT INTELLIGENCE, VENAFI The race is on to respond and remediate by replacing keys and certificates in use with millions of applications because patching won't help. The world runs on the trust established by digital certificates and cryptographic ke...
FTC Recognizes Value of Trust Established by SSL and Digital Certificates
Blog Published: 04/14/2014
By KEVIN BOCEK, VP, SECURITY STRATEGY & THREAT INTELLIGENCE, VENAFIAttacks on digital certificates and trusted connections drive FTC to actionRecognizing that the trust established by Secure Sockets Layer (SSL) and digital certificates plays an important role in everyday life, the US Feder...
HOW CHICKEN EYES TAUGHT US TO DETECT CLOUD SECURITY BREACHES
Blog Published: 04/15/2014
By Sekhar Sarukkai, SkyHigh Networks A fascinating scientific discoveryThere was a fascinating discovery last month on a new state of matter never before seen in biology in, of all places, the eyes of chicken – a state of “disordered hyperuniformity”. This arrangement of particles in the chick...
The Heartbleed Bug: Learn How It Operates
Blog Published: 04/15/2014
By Zulfikar Ramzan, CTO, ElasticaThe entire internet security community was up in arms on Monday as a devastating new bug, Heartbleed was discovered in OpenSSL, the most widely deployed cryptographic function on the web. Google’s security team discovered the malicious bug. Since then OpenSSL h...
The Tie Between Cloud App Enterprise-Readiness Score and Heartbleed Remediation: 7 Steps You Need to Take Now
Blog Published: 04/17/2014
Krishna Narayanaswamy, Netskope Chief ScientistThe Heartbleed Bug is a serious vulnerability for websites around the world. Many enterprise cloud and SaaS apps were also impacted. While most app vendors have remediated their systems, some remain vulnerable.Netskope researchers have been scanni...
ALMOST 90% OF CLOUD PROVIDERS STILL HAVEN’T UPDATED CERTIFICATES 1 WEEK AFTER HEARTBLEED
Blog Published: 04/17/2014
By Harold Byun, Senior director, Product Management, Skyhigh Networks http://blog.skyhighnetworks.com/almost-90-of-cloud-providers-still-havent-updated-certificates-1-week-after-heartbleed/#sthash.FD2ttd1o.dpuf hundreds of cloud providers were vulnerable to the Heartbleed bug in OpenSSL eve...
Don’t Be Blinded by the Next Heartbleed
Blog Published: 04/22/2014
Organizations—from service providers, banks, and retailers to government agencies—were recently blindsided by the Heartbleed bug, a critical vulnerability in the OpenSSL cryptographic software library, which underlies trust for secure transactions worldwide. Attackers wasted no time exploiting...
Dropbox joins the Cloud Security Alliance
Blog Published: 04/23/2014
Here at Dropbox, keeping your stuff safe isn’t just part of our mission; it’s our top priority. As part of that, we’ve been engaging with the Cloud Security Alliance (CSA), a not-for-profit organization that promotes and provides education around cloud security best practices. Today, we’re exc...
Remediating Heartbleed with Next-Generation Trust Protection
Blog Published: 04/24/2014
By Gavin Hill, Director, Product Marketing and Threat Intelligence, Venafi. Heartbleed ImpactThe Heartbleed vulnerability unequivocally demonstrates the impact a single vulnerability has on all organizations when keys and certificates are exposed. Cyber-criminals have unfettered access to the ...
Responding to New SSL Cybersecurity Threats—Gartner Featured Research
Blog Published: 04/25/2014
By Gavin Hill, Director, Product Marketing and Threat Intelligence, VenafiWhen it comes to defending against advanced threats that take advantage of keys and certificates, most organizations have a gaping hole in their security strategy. Cyber criminals on the other hand know all too well how ...
The World is Failing to Remediate the Heartbleed Vulnerability
Blog Published: 04/28/2014
By Kevin Bocek, VP, Security Strategy & Threat Intelligence, Venafi. Time is running out to change keys and certificates or else…The world appears to be failing to respond to the Heartbleed vulnerability. In fact well under 16% of vulnerable keys and certificates have been replaced. Expert...
Exception Sprawl
Blog Published: 04/28/2014
By Krishna Narayanaswamy, Chief Scientist at NetskopeWe released the Netskope Cloud Report today. One of the key findings of the report is that 90 percent of cloud app usage is in apps blocked by perimeter technology.How can this be the case? Are all the firewalls broken?That usage is the exce...