In an age littered with cyberattacks being launched from behind screens halfway around the globe, it’s hard to imagine the idea of someone willing to entertain the risk of physically stealing a corporate backup appliance from a secure data center. Obviously this scenario isn’t as common as the data breaches that continue to make headlines; however, certain industries require data to be encrypted at rest for compliance purposes — ensuring that any lost or stolen data can’t be viewed by anyone other than its owner.
When we announced our new cloud generation firewall capabilities a couple of weeks ago, it was really interesting to hear from some of our experts about what these added capabilities would mean for customers. We started with Tim Jefferson, VP public cloud who provided some thoughtful insight into what’s necessary for customers to be secure in the public cloud, and how security has to adapt to these new requirements. This week, we caught up with network security guru Klaus Gheri to discuss some of the questions that often come up in regards to network security in the cloud generation. Here’s what he had to say:
Most organizations today don’t really know how much their information is worth, which tends to make securing data across an enterprise an exercise in futility for many IT security professionals.
Greg Touhill, a retired brigadier general and former CISO for US Government who is now president of Cyxtera Federal Group, an IT security consulting firm, says that conundrum results in organizations spending $100 to protect information that is only worth a dollar, while simultaneously not spending enough money to protect critical intellectual property.
Whether you are planning to migrate to the cloud or already have applications there, you have the responsibility to secure your data and applications. There are a million reasons why the cloud can be the right move for your business, and the decision could be the catalyst for your organization’s explosive growth and performance.
To benefit from everything the cloud has to offer AND maintain effective security, companies need functionality and pricing designed for the cloud. Barracuda Cloud Generation Firewalls are engineered specifically for this and will make your cloud migration seamless, faster, and more cost-effective.
It won’t come as much of a surprise to cybersecurity professionals that a shortage of cybersecurity skills is becoming more acute. A new survey of 343 cybersecurity professionals published by the Information Systems Security Association (ISSA) in collaboration with the market research firm Enterprise Strategy Group (ESG) finds that not only do 70 percent say the cybersecurity skills shortage has had an impact on their organization; a full 62 percent say their organizations are falling behind in providing an adequate level of training for their cybersecurity professionals. That represents a full 10 percentage point game over the same survey conducted by ISSA last year.
Specifically, a shortage of security analysis and investigations skills tied with a shortage of application security skills as the highest cause for concern (31%); followed closely by 29 percent citing a shortage of cloud computing security skills.
Big Brands and Bonus Bucks Gift Cards: Cybercriminals are launching widespread phishing campaigns spoofing popular e-commerce and consumer brand websites aimed to steal your information.
The appeal of camping out on Thanksgiving night to be the first one in the door for your favorite department store’s Black Friday sale is quickly becoming less tempting since much more can be accomplished online — without having to lose sleep or battle crowds. However, as we gladly wave goodbye to crowded parking lots and endless lines, we aren’t quite free of holiday shopping battles — they’re just being fought on a different, less familiar field. In fact, as online shoppers are looking for the best deals to jump on, cybercriminals have taken notice and continue to come up with creative scams to lure would-be deal seekers.
In this Black Friday / Cyber Monday version of the Threat Spotlight, we examine some of the mass phishing attacks happening now, that look to take advantage of eager holiday shoppers.
Barracuda comes out on top
Scoops “Cybersecurity vendor of the year” accolade at CRN 2017 Channel Awards
Thursday evening marked an exciting time for us, as members of the Barracuda team made their way over to Battersea Park for CRN’s annual Channel Awards. We are extremely pleased to announce that we did not return empty-handed, having been awarded “Cybersecurity Vendor of the Year”!
Most people transfer at least one file or more a day without giving it much thought. But chances are high those files contain some form of sensitive information. In fact, a new survey of 200 IT professionals in the financial services sector conducted by Blackberry illustrates how pervasive this issue has become.
Announced this week at a Blackberry Security Summit event, the survey finds there were security breaches caused by the use of personal email and file-sharing accounts (20 percent) as well as the use of personal software or devices for corporate business (20 percent). The survey also finds that one-third of the IT professionals reported end users in their organization are using file-sharing applications not approved by IT.
Ask any CIO today what their top priorities are and digital transformation is likely to come pretty high up. In fact, new research from Daisy Group reveals that 63% of UK firms now have a such a strategy, up from just 27% last year. Unsurprisingly, cloud computing is driving these efforts in many (46%) firms. There’s just one problem: it’s also creating huge security blind spots and gaps which attackers are more than capable of exploiting.
To combat these challenges, organisations need to look to a mix of cloud-ready security tools, which increasingly need to slot into DevOps, alongside people and process changes.
We’re still in an era where the term firewall is typically thought of as a tool for securing data center architectures because that’s what a next-generation firewall is designed to do. However, as organizations continue to inch closer to the cloud era, many are still using traditional firewalls to secure cloud workloads and applications. Is this the best way to approach security in the cloud? It might be worthwhile to step back and take a look at the cloud security requirements moving forward before continuing to implement the same security tools in an entirely different environment. For example, you need to find out if the firewall integrates with the cloud fabric, or provides a full-featured API, or if the pricing aligns with current cloud consumption models? This all depends on if the firewall is engineered for the cloud — ultimately it’s about having the right tool for the job. But don’t take my word for it, let’s ask someone who spends a lot of time in the cloud.
Q & A with Tim Jefferson, VP Public Cloud, Barracuda
Q: Does the cloud require a different set of security tools?
A: It’s critical to understand the cloud environment that your applications will be deployed in, and the native services that the IaaS provider offers to achieve security control coverage. Then, customers can instrument in their required controls that leverage the provider’s deployment best-practices. This means not necessarily bringing in legacy data-center architectures and tools, which tend to be ‘anti-patterns’ in the cloud. For example, perimeter-based firewall architectures are highly effective in a data center, but can become sources of friction when deployed in the public cloud. The public cloud also offers customers agility, while being consumed differently than traditional IT. Those who are building in the cloud, like DevOps teams, for example, are looking for the same agility when deploying security controls — specifically for ways to consume and deploy third-party security tools via API.