Security, Mobile & Cloud - Caleb Barlow

Today, IBM made a series of announcements, including the planned acquisition of Resilient Systems, Inc., that will aim to provide organizations with a proactive, comprehensive approach to respond to cyber breaches more quickly and effectively across consulting, services and products. With Resilient Systems, a leader in incident response, IBM will be in a position to provide the industry’s first integrated end-to-end Security Operations and Response Platform offering that spans the entire life cycle of an attack, from protection and detection to response.  Hear more in this podcast from the team behind the effort.

Today, IBM made a series of announcements, including the planned acquisition of Resilient Systems, Inc., that will aim to provide organizations with a proactive, comprehensive approach to respond to cyber breaches more quickly and effectively across consulting, services and products. With Resilient Systems, a leader in incident response, IBM will be in a position to provide the industry’s first integrated end-to-end Security Operations and Response Platform offering that spans the entire life cycle of an attack, from protection and detection to response.  Hear more in this podcast from the team behind the effort.

One of the most dominant trends observed in the cybercrime during 2015 was the spread of organized crime groups to new territories. Using banking Trojans to attack banks in new geographies is a significant step because it is considered to be part of the malware’s evolution. Before they can venture into countries they never targeted before, crime groups have to invest in an adequate preparatory stage that includes reconnaissance of the banking systems in that geography. They also have to build or pay for the major components of amassing a botnet in that area: spam campaigns in the corresponding language using suitable social engineering ploys, web injections to match language and transaction authentication requirements, and local money mules they can rely on for moving the stolen money to the hands of the attackers. In this podcast we will examine some of the most impactful crossings made by malware in 2015, and unsurprisingly learn that all of them were made by major organized cybercrime groups.

One of the most dominant trends observed in the cybercrime during 2015 was the spread of organized crime groups to new territories. Using banking Trojans to attack banks in new geographies is a significant step because it is considered to be part of the malware’s evolution. Before they can venture into countries they never targeted before, crime groups have to invest in an adequate preparatory stage that includes reconnaissance of the banking systems in that geography. They also have to build or pay for the major components of amassing a botnet in that area: spam campaigns in the corresponding language using suitable social engineering ploys, web injections to match language and transaction authentication requirements, and local money mules they can rely on for moving the stolen money to the hands of the attackers. In this podcast we will examine some of the most impactful crossings made by malware in 2015, and unsurprisingly learn that all of them were made by major organized cybercrime groups.

Temp

Self-encrypting hard drives (SEDs) have been dubbed the security industry’s best-kept secret, but is the data inside really secure? With its ability to accelerate the drive-redeployment process, SEDs have been rising in popularity. Tune into this podcast to hear Rick Robinson, IBM Security Product Manager of Data Security, examine the security behind self-encrypting hard drives and some new-found security vulnerabilities that have recently been disclosed with SEDs.

Containerization (like Docker and IBM Containers) takes application portability to a new level. Applications can be packaged with everything they need to run for simplified, high-velocity deployment. By using native separation within the OS (Linux or Windows) organizations get many of the benefits of a VM without the overhead of a hypervisor. So what's the downside? Most security tools weren't designed to "play well" with containers. And many security teams aren't aware of the emerging threat models associated with rapid application development and containerized deployment. In this podcast we'll take a quick high-level look at how containerization and DevOps are transforming the application life cycle, explain what it means to security, and provide recommendations on the three things security teams should be doing about it now.  

Containerization (like Docker and IBM Containers) takes application portability to a new level. Applications can be packaged with everything they need to run for simplified, high-velocity deployment. By using native separation within the OS (Linux or Windows) organizations get many of the benefits of a VM without the overhead of a hypervisor. So what's the downside? Most security tools weren't designed to "play well" with containers. And many security teams aren't aware of the emerging threat models associated with rapid application development and containerized deployment. In this podcast we'll take a quick high-level look at how containerization and DevOps are transforming the application life cycle, explain what it means to security, and provide recommendations on the three things security teams should be doing about it now.  

When researchers discover vulnerabilities in Internet of Things (IoT) devices, the media hypes the consequences as if the movie "Maximum Overdrive" has jumped off the big screen and into reality. Will your connected car refuse to respond to your stabs at the brake pedal? Will soda machines start shooting cans at unsuspecting passers by? When will our robot vacuums rebel, controlled by Skynet? Join Caleb Barlow and Chris Poulin, Research Strategist for IBM's X-Force Security Threat Intelligence Team and IoT and connected car security expert, to separate the real security threats from FUD.

Organizations are constantly faced with evolving mobile technologies as well as finding new ways to secure them. The challenge is determining which mobile security strategy best fits your company's needs now and in the future. In this session, you will discover the key considerations for deploying a mobile security strategy based on your security and business requirements. 

Today every organization faces its cyber security challenges, but to better balance the scales we need to extend access to cyber security and streamline how security practitioners can collaborate on everything from security best practices to advanced threat information and from security incident detection to incident response.

The innovation in the mobile banking space is moving at a blistering pace.  End users require more convenience and flexibility. They want information at their fingertips. They want speed. They want accuracy. And they want…security.  And balancing user experience and cyber crime prevention can be challenging. This podcast featuring Danny Piangerelli, CTO and co-founder Malauzai Software an Austin, TX based mobile and Internet banking company will share insights into the latest mobile banking security and fraud prevention trends and steps community financial institutions can take today to keep on pace with today’s savvy mobile consumers. 

Caleb Barlow, dives further into the recent findings made by IBM Security --  60% of dating apps are easily hackable. Discover the "love connection" between IBM Security solutions and a more secure mobile world.  Additional perspectives provided by Diana Kelley and Michael Montecillo.  Read the full report at http://securityintelligence.com/datingapps/ 

Enhanced levels of data encryption on Smartphones have been applauded by data privacy advocates but law enforcement has expressed concerns about the ability to get access to data on a smart phone while investigating a crime.  But what about the enterprise?  Are these new forms of encryption a good thing or a bad thing for our corporate data?  In this podcast we will leave the politics aside and get underneath the technology - What's different?  How does it work?  What are the implications?  To explore this Caleb will be talking with Rick Robinson one of IBM's experts in cryptography and encryption.

Earlier today a new form of malware was disclosed that is targeting iOS devices.  Our team found this particularly interesting as this highly sophisticated malware reportely can impact devices that are not jailbroken, it leverages rogue variants of popular applications and the malware uses code obfuscation to protect itself while taking advantage of mobile applications that are not obfuscated. We have quickly assembled a team of experts to talk about what we know about this new form of malware and the potential enterprise mobile security implications.

In this podcast, Caleb talks with Jukka Alanen about how mobile apps are under attack, how apps are being exploited by hackers, and what organizations can do safeguard their brands, data, IP, and revenue while developing and releasing new mobile apps. Already 78% of Top 100 iOS and Android apps have been found as hacked, rogue versions, and industry organizations across OWASP, security consultancies, and analysts have started recommending new protection measures. Jukka Alanen is Vice President of Business Development and Corporate Strategy at Arxan Technologies, Inc, a security company that specializes in Application Protection. Recently, IBM and Arxan announced a new preventive security solution that extends the IBM portfolio to app hardening and run-time protection. 

Did you know there are approximately 9 billion devices, assets, and ‘things’currently connected to a network?  Over  the next decade that number is expected to increase significantly with estimates ranging from 50 billion to nearly 1 trillion! It's about engine control units on industrial vehicles, track signaling equipment on railways, water pumps in power generation stations, and the list goes on and on.  It's all about Enterprise Asset and Facility management (EAM, IWMS) solutions which will  enable organizations to reduce operational and capital expenses, manage risk and compliance, and improve the performance of their infrastructure to meet business requirements.   Why does this matter?  Opportunity and Risk.   In a recent study by the McKinsey Global Institute, smarter infrastructure (a.k.a. the internet of things) has the potential to create an economic impact of $2.7 trillion to $6.2 trillion ANNUALLY by 2025.  Conversely, the increasing complexity of assets and things raises operational risk, requires new skills across life cycle, and is impacting existing business processes and cultural norms.    The potential for innovation and optimization is nothing short of spectacular. That's what this podcast is all about.  Pete Karns, a thought leader on Asset Management, will, explore the shifts in the market for asset and facility management, share best practices learned from 1,000's of companies from around the world  and dive into the innovation potential of Cloud, Analytics, and Mobility. 

In this podcast Caleb Barlow speaks with Sandy Bird, CTO of IBM Security Systems, co-founder of Q1 Labs to discuss his recent appointment as an IBM Fellow, part of IBM’s elite "most exceptional" technical professionals. Sandy will explain what makes being an IBM Fellow so rewarding and will shed some light on the types of people that have been honored with this distinction. In addition, Sandy will discuss how his career and the security landscape have both evolved during his during a time that threats have constantly evolved for financial profit. He’ll also explain what it’s like to work in the security industry and why college students should consider a career working in cyber security. 

In this podcast Caleb talks with Diana Kelley and Doug Wilson, two experts in the field of application security to discuss how software testing is rapidly maturing to risk based application security approach.  We will introduce a new framework for application security that covers Test, Assure and Protect (TAP). Let's face it, you cannot scan and remediate everything, but if you aren't scanning the right assets you're putting your corporate assets at risk, so let's talk about a practical approach to managing application security.

Security and Information Event Managers (SIEM) tools rely heavily on perimeter security logs, like those from firewalls, IPS and router NetFlow, The sharing of these logs with SIEMs have been very successful in identifying sophisticated external attacks in very early stages.  Now, for most organizations, the most severe data breaches are coming from privileged insiders or from Advanced Persistent Threats (APT) that imitate the privileged user.  In this podcast Caleb talks with experts from Vormetric to explore if it is possible to use the tried and true SIEM and anomaly detection techniques with file system level log information to detect and identify APT and Insider abuse.