EdgeWave's Mike Walls, a former bomber pilot who led Navy red teams, says penetration testing is useful in analyzing bits and bytes but not the readiness of operations under attack from cyberspace. Red teams, he says, can analyze the impact on operations.
Christophe Birkeland, CTO of malware analysis for Blue Coat Systems, was part of the team that discovered the Russia-targeting Inception campaign, and says the hunt for new APT attacks remains ongoing.
Too few security systems interoperate, which makes it difficult for organizations to block or detect data breaches. But Cisco has an interoperability plan to improve the state of cybersecurity defenses, Chief Security Architect Martin Roesch says.
For Symantec, the investigation into the Duqu 2 began May 29, when Kaspersky Lab shared samples of the espionage malware - which is based on Flame and Stuxnet - and asked the security researchers to help verify its findings.
Organizations are getting increasingly prioritizing incident response capabilities by putting investigation firms on retainer, or creating their own internal teams, says Patrick Morley, president and CEO of Bit9 + Carbon Black.
Attackers today continue to refine their distributed denial-of-service attack capabilities, delivering downtime on demand. The increase in attack effectiveness and volume demands new types of defenses, says Akamai's Richard Meeus.
Two years after the leaks that showed the U.S. National Security Agency spied on America's European allies, the U.S. and Europe still need to rebuild trust so they can collaborate on defending against cyber-attacks, says Carsten Casper of Gartner.
With large swatches of rural India preparing to go online, new Internet users, who are using devices other than PCs, need to be educated about the risks, says cybersecurity analyst Jiten Jain, CEO of the InfoSec Consortium.
Last year, organizations took an average of 205 days to detect a breach. To better combat such attacks and lock down breaches, FireEye's Jason Steer says organizations must lower that to hours or even minutes.
"Show me your dashboard." That's a request security expert Gavin Millard regularly makes to CISOs to demonstrate how today's too-complex dashboards highlight the challenge of gathering and distilling essential security metrics.
While cyberthreat information sharing within the banking sector has improved, the retail sector has failed to keep up. But ISACA's Robert Stroud said pending federal legislation could help change that.
Financial services firms are increasingly applying contextual security tools to help identify fraud more quickly. But a shift to continuous authentication will provide even better security, says Vasco's Jan Valcke.