To secure your enterprise, you must have an integrated view of your data and IT systems at all times. By establishing enterprise security intelligence (ESI) in your organization as a basis for your security strategy, you’ll enable your team—and your fellow executives—to maintain a clear, universal view of the organization’s security and risk management profile.

Achieving Security through Greater Intelligence

As enterprise IT infrastructures continue to morph and grow, taking on new and exciting characteristics such as “cloud computing” and ever increasing mobility, so too does the risk posed by cyber criminals and industrial espionage agents.  It’s 2012 folks, though some of the things I write about sound like they bounced off the pages of a Clancy or Ludlum novel I can assure, they are all too real and implications to brand and risk posture is great.  The greatest threat comes in the form of the human being. 

Yesterday I received an interesting call asking for my opinions on Cloud Computing and Forensics.  I don’t consider myself a ‘Cloud’ guy.  I’m a security guy with a lot of experience in forensics and incident response, among other things, so this call intrigued me. Raf Los

Proactive Approach to an Unprovoked Threat

Japan has thrown down the gauntlet.  A bold move was reported publicly on the wire January 2, 2012 on the part of the Japanese government and their partner, Fujitsu Systems.  The plan was to develop a cyberweapon that has the ability to track, identify and disable sources of online attacks.  Simple right?  Let’s take a closer look. 

The holiday season is upon us.  It’s a time to reflect and consider all that year has brought us; the good, the bad, the happy the sad and be thankful for those things we’re fortunate to share with our family, friends, and neighbors.  It’s also a time for sending carefully crafted notes, letters and cards to those same loved ones providing them with a review of our lives (and those of our families) in addition to season’s greetings.  It’s also a time to be weary.  Weary? That’s an odd choice of word for looks to be a festive blog post isn’t it?  Well yes and no.  I think it’s appropriate and here’s why. 

A little more than a month ago the U.S. Department of Justice announced what has been called the largest botnet takedown in history.  Many people failed to notice the events that were described by the U.S. DoJ however I feel it’s important revisit it.  This botnet was different.  It was roughly twice the size of the Rustock botnet which you may recall was taken down by Microsoft attorneys and U.S. Marshalls.  At its peak, Rustock consisted of approximately 1.6 million compromised hosts with command and control servers being hosted by five different web hosting providers in seven different U.S. cities.  The botnet that was taken down in November has been dubbed the “DNS Changer” botnet and consisted of more than 4 million compromised systems. 

This is a great day!  It’s November 11, 2011, and this marks the first installment y for my new blog here at HP Software, SubZERO: The Cyber Crime and Risk Management Blog.  I’m thrilled to be in the Captain’s chair charting a new course for us to follow as we set off in search of truth, not FUD!