How much does a data breach cost your company? That's one of the toughest questions an IT security professional can be asked. The effects of a data breach are potentially catastrophic for a company, but it's a difficult task to quantify the risk.
That's why IBM has sponsored the Ponemon Institute's 2014 Study on the Cost of Data Breaches. This far reaching study is based on 1690 interviews across 10 countries and 16 sectors and is based on actual experiences of companies instead of could-have-happened theoretical discussions.
The Ponemon Institute has released both a global report and 10 country specific reports:
One of the most eye-popping charts in the report analyzes the reported data to show the clear relationship between the size of the breach and its cost: Keep in mind that this is not some hypothetical computer model. This is a regression based on the actual interviews and their reported data.
The 2014 Ponemon Cost Of Data Breach study is must reading for anyone needing to build a business case for protecting against data breaches.
We've just posted an new article on developerWorks, "IBM
Comment (1) Visits (5921)
Arxan Technologies has post
You might also be interested in....
Defending against malware: A holistic approach to one of today’s biggest IT risks
This white paper will examine the changing strategies that malware has employed in recent years, explain the typical sequence of events that occurs during an attack, and describe how an integrated defense can help keep the enterprise safe from these advanced persistent threats.
If you want see a concise history of the past three years of IT Security incidents, you need to download the IBM
As you can tell by the change in colors as you scan the graphic from left to right, the industry is starting to get a handle on DDoS atacks and SQL injection attacks, while attack types based on physical access to machines and distribution of malware are becoming more common. As noted in the report:
"The declines in vulnerabilities demonstrated at the end of 2013 in both XSS and SQL injection could indicate that developers are doing a better job at writing secure web applications, or possibly that traditional targets like content management systems (CMSs) and plug-ins are maturing as older vulnerabilities have been patched. As noted, XSS and SQL injection exploitation continue to be observed in high numbers, indicating there are still legacy systems or other unpatched web applications that remain vulnerable. This is expected, considering there are many thousands of blogs and other websites run by individuals who may not have the skills or awareness to update to later versions of their platform or framework."
The other thing to note in the graphic is that the overall number of incidents overall impact of IT security incidents aren't exactly going down, so it seems there is still plenty of job security in the IT security arena in 2013.
To add some context to the 2013
The following infographic outlines the pressures of having to deliver transformation with limited resources and the threat landscape and how best to address this landscape; it also threads these issues through the rapidly changing role of information security leaders, connecting enterprise priorities with IT security practices.
Take a look at the graphic, then go read the blog entry: Thanks to the IBM
Tolly Enterprises recently published their eval
Tolly engineers evaluated the AMP 5100's effectiveness in blocking the most common threats as defined by OWASP. Tolly found the AMP5100 to be 100% effective in blocking in-line preventable attacks.
Tolly specifically validated the AMP5100is able to prevent all forms of SQL injection attacks, XSS, and broken authentication attacks. The Tolly evaluation goes into more details about the AMP510's ease of use and performance characteristics.
You can download and read
The 2013 IBM Cyber Security Intelligence Index (download it) is an excellent tool that details the global threat landscape (and complements the IBM X-Force Report). The Index encompasses 3,700 clients in 130 countries and will be updated on a regular basis so it will continue to be a valuable tool that provides insights into the reach of cybersecurity attacks (thanks to IBM Managed Security Services), details on attack rates and incidents by category, and knowledge on which industries experience the most (and least) attacks.
The following infographic colorfully illustrates just some of the attack statistics you'll find collected and analyzed in the report -- some of the findings are surprising:
Take a look at the graphic to learn more, then go get the report for more insights.
I'm proud to announce we've just published "Fig
More and more people are walking around with iPads these days. Even corporate executives are carrying them around like hipsters. As a result, more and more people are wanting to "bring their own device" to work and the are expecting to be able to access all their corporate apps and corporate intranets from those fancy iPads. How does an enterprise allow these devices to access corporate sites and apps while accounting for the increased risk that comes from using these devices?
In this video demo, you'll see how these iPad challenges are addressed with IBM Security Access Manager for Enterprise Single Sign-On. You can learn more about protecting mobile devices in IBM's white paper "Bey
BIO-key International's fing
You can learn more about ISAM and BIO-key products and technologies. at the BIO-key International community on developerWorks.
There was lots going on in the hallways at Pulse this year. One of my favorite moments of hallway chatter was Sand
Visit the Arxan Technologies blog to watch Sandy's interview. She needs a talk show of her own!
You might also be interested in....
IBM has published a new white paper to explore how to provide secure access for mobile users, block unauthorized users and prevent fraud with IBM Security Access Manager for Mobile. Download "Pro
Comments (3) Visits (4209)
See below for an announcement from Kathryn Zeidenstein about some new video tutorials on InfoSphere Guardium policies
Hi community members
Back in 2011 or so the lab services team had done a LotusLive education session on policies that was very well received. I have taken the first of these presentations and broken it into 4 modules that are now hosted on the InfoSphere Guardium YouTube channel.
You can find links to all 4 of the modules on this new page on the InfoSphere Guardium community wiki. http
Here are the direct links:
Break out the popcorn!!
Have a great weekend.
In this new how-to guide from Ricardo Gutierrez Cabanillas, you will learn to configure the IBM Security Access Manager for Web 8.0 appliance as a front-end load balancer and cluster of reverse proxy servers to build a highly available, fault-tolerant, secure web environment.
The front-end load balancing function automatically assigns client requests to the appropriate reverse proxy server based on the specified scheduling algorithm. Moreover, the front-end load balancer provides stickiness or persistence for existing sessions, allowing incoming requests from the same client to be forwarded to the same server. A typical setup is two front-end load balancer servers and multiple reverse proxy servers.
You might also be interested in.....
Tolly evaluated the IBM Security Access Manager Web Gateway Appliance (AMP 5100) for its web protection effectiveness, performance, and ease of use. Read this report to see the details of the AMP 5100's ability to block 100% of the inline-preventable OWASP Top 10 Web threats from 2010-2013.
Short URL for this post: http
IBM provides advance notification of End Of Support (EOS) dates allowing customers reasonable time to complete software upgrades or to refresh appliance products. To view upcoming EOS dates by product segment, click a link in the list below.
Important EOS Announcement: Effective July 31, 2016 IPS firmware versions prior to 4.6.1 will reach End of Support.
View all IBM Software EOS announcements for 2016 and 2017.
Q: What are the major Support Lifecycle milestones?
A: The major Support Lifecycle milestones are:
Q: How do you determine if your installed software is still supported?
A: Search by product name or keyword using the Supp
Q: What happens when EOS is announced?
A: Often, there is a newer version of the software available for download. In most cases, you’ll have sufficient time to plan for and install the latest version. For more information on the lifecycle stages, including EOS, view this short YouTube video on the IBM
Q: What is the standard version format for IBM Software products?
A: The full product version is expressed by a four-digit code known as the IBM Version, Release, Modification and Fix Level structure, or VRMF. View this Technote for additional information and description of each element. You may also find this Glossary of product support and maintenance terms helpful.
Q: Where can you view additional details on product updates or replacement information?
A: Using the Support Lifecycle Search, search for your product, select View for details and click the EOS announcement link to view Repl
Q: What are your options if you are unable to upgrade or refresh your current products before EOS?
A: You can request a Support Extension. Support Extensions are available for Customers who are unable to migrate to a supported version, release or appliance platform prior to EOS. For more information, visit the IBM
Q: How do you stay connected for future product announcements?
A: There are several ways to receive product announcements:
Q: How can you connect with IBM Security on social media?
Q: Where can you find more information on IBM Support policies?
A: You can view and download the IBM
The IBM Support Lifecycle Policy sets forth the minimum length of time IBM will provide security content and technical support for a product version and release. Click the applicable product segment link below to view the Support Lifecycle Policy.