|By PR Newswire||
|January 29, 2014 01:30 PM EST||
SEATTLE, Jan. 29, 2014 /PRNewswire/ -- Between November 27 and December 15, 2013, unknown attackers breached Target's network and stole the debit and credit card data of 40 million account holders, including an additional 70 million accounts with personally identifying information (PII). More than a month later, it is now known that the attackers used a derivative variant of BlackPoS, called Trojan.POSRAM, and security researchers have linked the malware to young Russian hackers.
In a recent blog post, WatchGuard Technologies' Director of Security Strategy and Research, Corey Nachreiner (CISSP), explores the Target data breach and provides: 1.) a complete timeline of events to date, including what information is still unknown about the attack; 2.) four tips every Target customer should follow to protect themselves in the aftermath; and 3.) a list of six key network security takeaways every retail business should take to heart.
Here is a short portion of the complete blog post, titled "Building Defense Out of Disaster; Learning From the Target Breach":
What can businesses and retailers learn from the attack? Here are some of my key takeaway tips:
- PoS targeted malware is on the rise, prepare for it – Over the past few years, experts in the info security field have noticed the steady increase in malware that specifically targets point-of-sale (PoS) systems. So how do you prepare for it? Patch PoS systems, enforce a separation of duties, educate your cashiers…
- You need to segment your trusted network – As an industry, we have adopted a general trilateral paradigm that includes the external network (Internet), a demilitarized zone (semi-public servers), and our trusted network. The problem is our trusted network should not be flat. It makes it much to easy for attackers to perform lateral movement…
- You need more proactive malware detection – Unfortunately antivirus (AV) technology still relies heavily on reactive, signature-based detection. This means that it can't find and block new malware until after it's first analyzed, which is typically not until after it has infected at least one victim. However, recently newer malware detection controls have surfaced…
- Focus your defense on data – In a presentation I gave at Gartner ITxpo last year, I talked about how most of our preventative security controls are focused on protecting machines and devices, and not necessarily on protecting data directly. We need to spend a bit more time monitoring and protecting data directly…
- Focus more on detection and response – Preventative controls are a must for any organization, and they are probably the best bang for your buck. However, I'm afraid many organizations have focused too singularly on prevention and have forgotten to consider the other very important aspect of network security – detection and response. Cybersecurity is a continuous arms race…
- The U.S. must update its credit and debit card standards – Without going into all the technical details, most of the data stored on magstripe cards are stored in clear text, and you can easily recover or clone the data with cheap readers. EMV cards actually have small microprocessors on them, which use cryptographic standards to authenticate cards. In short, EMV makes it much harder for attackers to clone cards…
To get complete details on the Target attack, as well as in-depth analysis from WatchGuard's security experts, follow this link: http://watchguardsecuritycenter.com/2014/01/28/target-breach-learnings/
About WatchGuard Technologies, Inc.
WatchGuard® Technologies, Inc. is a global leader of integrated, multi-function business security solutions that intelligently combine industry standard hardware, Best-of-Breed security features, and policy-based management tools. WatchGuard provides easy-to-use, but enterprise-powerful protection to hundreds of thousands of businesses worldwide. WatchGuard products are backed by WatchGuard LiveSecurity® Service, an innovative support program. WatchGuard is headquartered in Seattle, Wash. with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.
WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners.
SOURCE WatchGuard Technologies, Inc.
SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
Aug. 29, 2016 07:00 PM EDT Reads: 1,975
Traditional on-premises data centers have long been the domain of modern data platforms like Apache Hadoop, meaning companies who build their business on public cloud were challenged to run Big Data processing and analytics at scale. But recent advancements in Hadoop performance, security, and most importantly cloud-native integrations, are giving organizations the ability to truly gain value from all their data. In his session at 19th Cloud Expo, David Tishgart, Director of Product Marketing ...
Aug. 29, 2016 06:45 PM EDT Reads: 813
StarNet Communications Corp has announced the addition of three Secure Remote Desktop modules to its flagship X-Win32 PC X server. The new modules enable X-Win32 to safely tunnel the remote desktops from Linux and Unix servers to the user’s PC over encrypted SSH. Traditionally, users of PC X servers deploy the XDMCP protocol to display remote desktop environments such as the Gnome and KDE desktops on Linux servers and the CDE environment on Solaris Unix machines. XDMCP is used primarily on comp...
Aug. 29, 2016 06:15 PM EDT Reads: 780
Almost two-thirds of companies either have or soon will have IoT as the backbone of their business in 2016. However, IoT is far more complex than most firms expected. How can you not get trapped in the pitfalls? In his session at @ThingsExpo, Tony Shan, a renowned visionary and thought leader, will introduce a holistic method of IoTification, which is the process of IoTifying the existing technology and business models to adopt and leverage IoT. He will drill down to the components in this fra...
Aug. 29, 2016 06:15 PM EDT Reads: 281
Why do your mobile transformations need to happen today? Mobile is the strategy that enterprise transformation centers on to drive customer engagement. In his general session at @ThingsExpo, Roger Woods, Director, Mobile Product & Strategy – Adobe Marketing Cloud, covered key IoT and mobile trends that are forcing mobile transformation, key components of a solid mobile strategy and explored how brands are effectively driving mobile change throughout the enterprise.
Aug. 29, 2016 05:03 PM EDT Reads: 208
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...
Aug. 29, 2016 04:30 PM EDT Reads: 3,561
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - comp...
Aug. 29, 2016 02:15 PM EDT Reads: 3,739
As the world moves toward more DevOps and Microservices, application deployment to the cloud ought to become a lot simpler. The Microservices architecture, which is the basis of many new age distributed systems such as OpenStack, NetFlix and so on, is at the heart of Cloud Foundry - a complete developer-oriented Platform as a Service (PaaS) that is IaaS agnostic and supports vCloud, OpenStack and AWS. Serverless computing is revolutionizing computing. In his session at 19th Cloud Expo, Raghav...
Aug. 29, 2016 02:00 PM EDT Reads: 988
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
Aug. 29, 2016 02:00 PM EDT Reads: 2,479
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Aug. 29, 2016 12:45 PM EDT Reads: 2,024
There is growing need for data-driven applications and the need for digital platforms to build these apps. In his session at 19th Cloud Expo, Muddu Sudhakar, VP and GM of Security & IoT at Splunk, will cover different PaaS solutions and Big Data platforms that are available to build applications. In addition, AI and machine learning are creating new requirements that developers need in the building of next-gen apps. The next-generation digital platforms have some of the past platform needs a...
Aug. 29, 2016 12:15 PM EDT Reads: 825
Fact: storage performance problems have only gotten more complicated, as applications not only have become largely virtualized, but also have moved to cloud-based infrastructures. Storage performance in virtualized environments isn’t just about IOPS anymore. Instead, you need to guarantee performance for individual VMs, helping applications maintain performance as the number of VMs continues to go up in real time. In his session at Cloud Expo, Dhiraj Sehgal, Product and Marketing at Tintri, wil...
Aug. 29, 2016 12:00 PM EDT Reads: 876
Enterprises have forever faced challenges surrounding the sharing of their intellectual property. Emerging cloud adoption has made it more compelling for enterprises to digitize their content, making them available over a wide variety of devices across the Internet. In his session at 19th Cloud Expo, Santosh Ahuja, Director of Architecture at Impiger Technologies, will introduce various mechanisms provided by cloud service providers today to manage and share digital content in a secure manner....
Aug. 29, 2016 12:00 PM EDT Reads: 828
19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...
Aug. 29, 2016 12:00 PM EDT Reads: 3,194
SYS-CON Events announced today that Hitrons Solutions will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Hitrons Solutions Inc. is distributor in the North American market for unique products and services of small and medium-size businesses, including cloud services and solutions, SEO marketing platforms, and mobile applications.
Aug. 29, 2016 08:15 AM EDT Reads: 741