The first month of 2012 has come to an end, but that doesn’t mean we get to forget all of the lessons we’ve learned over the past year. Here’s a recap of some of the most well received Security Connected posts of 2011, from best practices advice to security conference highlights:
As many of you will remember, earlier this year, McAfee Labs published a whitepaper about Operation Shady RAT. In it is a detailed investigation of targeted intrusions into over 70 global companies, governments, and non-profit organizations over the last five years that appeared to be sourced from a single actor or group. In this post, we took a detailed look at the several solutions across endpoint, network, data security as well as security management that can and should be used in a connected framework to enrich each other and thus mitigate risk, increase ROI, and create greater efficiencies regarding incident detection, prevention, and response.
If you can’t measure it, you can’t manage it. In this post, our Security Connected guest blogger Steven Fox tackles the topic of metrics, and how they map to an IT management framework known as the Balanced Scorecard. By discussing security within this Balanced Scorecard framework, IT professionals can communicate the business value of a given set of solutions. By speaking the language of business, they can also hope to get the attention of those who control the budget.
In early July, the first annual Mobile Computing Summit was held in Burlingame, CA. The event was put on to emphasize the effective use and management of mobile devices ranging from smartphones and tablets to laptops and beyond, and highlight the security issues surrounding their use. McAfee VP of Mobility, David Goldschlag, and I were privileged with the opportunity to weigh in on the issue of security in the mobile space.
Our inaugural Friday Security Highlights post began with a recap from the Black Hat cyber security conference, held in Las Vegas in early August. The conference began with a patriotic call to action from Cofer Black, chief of the CIA’s counterterrorism group during 9/11. He raised concerns during his keynote about what he called an impending “Code War”, pointing to Stuxnet, and its unique ability to impact real-world infrastructure. Black’s word carried particular weight, as they came the same day that McAfee published a detailed report on Operation Shady RAT.
Cloud security is a huge, ever evolving subject that is difficult to cover in a short space, especially with so many different cloud service types and architectures (SaaS, IaaS, PaaS, external, internal, and hybrid). Guest blogger Leon Erlanger provided his take in this post with a few cloud security best practices that just about any organization should apply when working with the cloud.
We hope you’ll take another look at some of these articles and use them to your organization’s advantage in 2012, whether your plans include migrating to the cloud, or integrating more security into your BYOD policy. As always, we welcome your comments here in the blog and on Twitter at @IntelSec_Biz, where we regularly update our followers on McAfee news and events.