STE WILLIAMS

As is becoming the new normal, it is the second Tuesday of the month and there are a bumper crop of security updates. Today we saw announcements from Microsoft, Adobe and Google.

We will start with Microsoft which fixed three critical vulnerabilities and five important flaws.

MS13-088 is probably the most important. It fixes 10 vulnerabilities in Internet Explorer versions 6, 7, 8, 9, 10 and 11. That’s right, all currently supported versions.

As is so often the case, these fixes include remote code execution (What’s this mean? Listen to find out.) and are already in use by criminals. Waste no time applying this one.

The next one, MS13-089, addresses a flaw in the Microsoft Windows GDI that could result in remote code execution from opening a malicious document.

The vulnerability is triggered by opening a malformed .WRI (Yes, that’s Microsoft Write) file. Supporting legacy file formats often leads to security issues as we see in another one of the important vulnerabilities this month, this time WordPerfect.

The final critical flaw was disclosed by FireEye last week, but Microsoft was already aware and had created and tested the fix. This one is known to have been used in small-scale attacks in the wild against Internet Explorer users.

The remaining five fixes are all rated important and they really are. Users of Windows Server Core take note as well, you are impacted by this month’s fixes as Duck pointed out in his pre-announcement.

Adobe released updates for Flash Player, Air and ColdFusion today.

The Flash Player update fixes two critical vulnerabilities, while the ColdFusion fixes one.

Google released Chrome 31 today as well addressing seven vulnerabilities. While it is nice to see Chrome continue to improve, versions don’t mean much for a browser that keeps itself patched, but it may be worth a check to be sure that mechanism is working.

Follow @chetwisniewski

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/PBJuoiEfioQ/

5 ways to reduce advertising network latency

Oops: according to a malware study from ThreatTrack Security, “visiting a pornographic Website” is one of the top four reasons that companies’ “senior leadership team” members cop malware infections.

The study talked not to the victim companies, but to 200 malware analysts that had worked for infected companies. They found that in spite of their customers complaining about a lack of security resources, executives were still happy to behave like complete berks when it comes to security, with the following common sources of infection:

• Clicking on a malicious link in a phishing email (56 per cent)
• Attached an infected device to a PC (47 per cent)
• Allowing a family member to use a company-owned device (45 per cent)
• Visiting a pornographic website (40 per cent)
• Installing a malicious mobile app (33 per cent).

If that sounds like the C-suite’s been fishing in the shallow end of the gene pool, it gets worse. In spite of data disclosure laws in America, the study found that “more than half of the malware analysts surveyed said they have investigated or addressed a data breach that the company did not disclose to customers, partners or other stakeholders”.

Let’s just check that again: executives do dumb things that compromise network security, and resist disclosing that they did dumb things that compromised network security…

Most companies – more than 86 per cent – responding to the study have an incident response team, which is a good thing considering the varied and stupid ways the net-sec bods have to defend against their executives’ stupidity.

While the analysts are either confident or boastful about their capabilities, with 45 per cent saying they could analyse a malware sample in between one and two hours, two-thirds of the respondents also put the “complexity of attacks” as one of their two greatest challenges (alongside the volume of attacks). ®

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/13/executives_watching_smut_at_work_big_security_problem/

5 ways to reduce advertising network latency

Bitcoin’s again in the spotlight after another repository for the crypto-currency was burgled, then shuttered.

Czech site bitcash.cz/, once home to over 4,000 Bitcoin wallets, is now offering nothing more than the following text:

“Server Bitcash.cz was attacked by hackers. On 11.11. in the evening was broken by server security and thefts Bitcoin wallet. Unfortunately, the nightmare became reality. Addresses the attack, security and what we can take away. We will keep you informed.”

The site’s Facebook page doesn’t offer much more than that, other than an exhortation that users should take any emails they receive about the issue with big chunks of salt.

The incident is the third high-profile Bitcoin burglary in recent days. First Australian Bitcoin trader “Trade Fortress” reported a million-dollar heist. Yesterday news emerged that Chinese Bitcoin exchnage GBL had disappeared, taking with it several million dollars worth of Bitcoin.

One might think that money evaporating into the ether would be bad for bitcoin, but exchange MtGox’s exchange rate between the US dollar and the crypto-currency has actually improved in Bitcoin’s favour over the last week. ®

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/13/bitcashcz_burgled_and_closed/

5 ways to reduce advertising network latency

Facebook has scanned millions of email address and password pairs hackers dumped online from Adobe’s user account database – so that it can force its social networkers to change their passwords if they used the same logins details for both websites.

In early October, Adobe warned of “sophisticated attacks” on its network in which miscreants swiped between 38 and 150 million names, encrypted credit or debit card numbers, poorly secured passwords, expiration dates, and information relating to customer orders. In addition, the company said, the cyber-crooks had managed to abscond with source code for “numerous Adobe products.”

Knowing full well that people too often use the same password for different website accounts, Facebook has pored over the leaked records, and identified who has matching addresses and passphrases for both Adobe.com and their Facebook accounts.

Engineers at the social network confirmed to investigative journo Brian Krebs that they have alerted users who now at risk of account hijacking because the dumped database is in the wild, and thus anyone can try to login as someone using the leaked data.

Thus, the move allows Facebook to force users off passwords that could otherwise have been guessed by attackers who possess the Adobe lists. Such leaks have in the past been used to hijack accounts on third-party services.

Adobe gave word of its stunning security breach after it discovered that a flaw in its ColdFusion platform had left customer databases wide open.

While the use of a single password across multiple services is a complete no-no, the practice remains common as folks prefer to stick to one easy-to-remember login credential rather than juggle banks of separate passwords.

And many of the lifted Adobe passphrases were found to be trivial, anyway.

Experts have long recommended that users keep a different password for each service and employ memory tricks such as mnemonics, as well as mixed case and alphanumeric combinations. Such methods can typically foil brute-force techniques used by hackers (unless the site screws up its database security or uses Adobe ColdFusion, of course.)

Even better, users can add an additional layer of security beyond their password by enabling Facebook’s two-factor authentication system which requires a single-use code to be entered at login. ®

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/12/facebook_forces_adobe_users_to_change_their_horrible_passwords/

Social media postings between 1 a.m. and 3 a.m. mostly come from rogue accounts, and social spam is growing 100 percent faster than legitimate posts and comments, according to new data gleaned from corporate social media content.

And in case you think Facebook and Twitter get hit with the most malicious content, think again: YouTube has five times more bad content than those two social networks, Google+, and other social networks, according to new data gathered by Nexgate, a cloud provider of brand protection and compliance for enterprise social media accounts.

The data was culled from Nexgate’s scan of more than 100 million pieces of social media content, mostly from what it monitors for its global financial services, pharmaceutical, Internet security, manufacturing, media, and retailer customers. The data came from some 10,000 branded social media accounts supporting 25 million users.

About 12 percent of all questionable social media content includes malware, spam, and criminal activity, and 80 percent of social media postings in the wee hours of 1 a.m. to 3 a.m. are from rogue accounts.

“Roughly 90 percent of the bad stuff on branded social media accounts is content that violates acceptable use policy — things like adult content, hate speech, pornography, as well as controversial topics like politics and religion,” says Harold Nguyen, lead data scientist at Nexgate.

Nexgate also found a nearly 400 percent increase in the volume of security and compliance risks in brands’ social media accounts. “This increase isn’t just from everyday consumers. Increasingly, it’s from automated bots and fake accounts, which the bad guys have created as an efficient source for getting revenue from unprotected organizations and their unsuspecting consumers,” he says.

Corporate brands have an average of six apps connected to their social media accounts, and they have an average of more than 300 social media accounts.

Spam is a big problem in social media: About 5 percent of social apps are spam-related, according to Nexgate’s data, and one in 200 social media messages contain spam. During the period of January through July 2013, social media spam jumped by a whopping 355 percent, the data shows.

Another fun fact: Spammers typically send spam to a minimum of 23 different social media accounts.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/vulnerability/report-social-media-gets-abused/240163833

Willie Sutton, the infamous bank robber, had a talent for wry understatement.

Asked why he robbed banks, he purportedly replied, “Because that’s where the money is.”*

If Willie had been born in the 1980s instead of in 1901, he would have been a cybercriminal looking to steal data. Why? Because that’s where the money is.

Intellectual property, trade secrets, sensitive customer information, user credentials, patient information — all of these are forms of data that are as valuable as money in the bank. And the risks associated with losing or failing to protect that data are far greater than those associated with cash. And just like cash, data is at risk when it’s at rest, in motion, or in use.

Here are some tips for approaching data protection with the three states as a guide.

Data At Rest
Data is at rest when it is not being accessed, such as when it is stored on a physical or logical medium. Examples include files sitting on a flash drive or on archived magnetic tapes in the corporate warehouse.

Despite recent sensational headlines, encryption still works well to protect data at rest. Encryption applications, such as full disk encryption, provide very strong data protection when coupled with strong random number generation, the right encryption algorithms with robust keys, and intelligent acceleration, such as Intel Advanced Encryption Standard New Instructions (Intel AES-NI) to make the encryption unobtrusive to the user.

Application owners and IT administrators are often concerned about an “encryption tax” — a lag in application performance caused by CPU cycles consumed in complex cryptographic processing. If that performance tax is too great, user productivity and application efficiency suffers, making encryption an unattractive option. With intelligent acceleration of some cryptographic operations, this tax can be dramatically decreased so that encryption can be more widely deployed.

Data In Motion
Data is in motion when it is moving between applications, traversing a network, or moving between networks.

Data in motion can be protected by protocols, such as TLS, SSL, and IPsec, which encrypt data packets for secure transportation and decryption by intended parties. Like a really thick security envelope for an important letter, these protocols provide a wrapper that helps prevent unauthorized access to your data as it’s in motion. Use of Intel instruction enhancements, such as Intel AES-NI and Intel Advanced Vector Extensions (Intel AVX), can help these protocols be more efficient, which can, in turn, help your data centers run more cost effectively. You can and should complement these protocols with data loss prevention software or appliances that monitor network traffic to help prevent unauthorized transmission of sensitive data.

Data In Use
Data is in use when it is being actively read or written by an application, and this is its most vulnerable state. When in use, data sheds its protective layers so it can be used and changed.

When living in an apartment building with other tenants, your apartment and its contents are secure only if the building manager keeps unauthorized people out and if the windows and doors are secure. If someone leaves a door or window unlocked (as with an application vulnerability), or if the building manager hires a cleaning crew who are actually crooks (like malware that’s injected into a system service DLL), then you might as well leave your apartment door unlocked. Data in use can be just as unprotected and just as exposed to risk.

You can establish an environment in which only trusted applications can access your data. This trusted execution environment is like a safe inside your apartment, to which you have the only key. In addition, like checking your apartment for items out of place or missing, a trusted execution environment can be measured and known to be secure, such as with Intel Trusted Execution Technology (Intel TXT), so you can be confident that your data is protected even when in use.

Which Data Should You Protect?
You now have more freedom to answer this question because of the rapid pace of technological innovation. One important innovation is the acceleration of encryption technologies.

The performance hit associated with encryption used to be so high that enterprises sometimes did not encrypt data that needed protection. However, today’s encryption acceleration technologies let you base data-protection decisions on risk assessment rather than fears about performance because accelerated encryption essentially removes encryption overhead from the equation. This means you can deploy encryption where it’s needed — up to and including encrypting all of your data.

While this greater freedom is a boon to data protection, your organization still must define policies that place data on a sensitivity continuum from highly restricted to public data. Then you can enforce those policies with processes and tools. This is an important topic that I’ll address in a future post.

Data Protection Starts With Encryption
The days when you might protect your data by locking up paperwork in a filing cabinet are long gone. That’s because our connected business depends on keeping data both safe and available to business partners. Encryption remains a valuable data-protection tool. When you apply it systematically to data throughout its life cycle, you’ll be on a path to foiling our modern-day Willie Suttons.

* Thanks to Wikipedia, which also reports that this exchange is probably apocryphal. Oh, well. It still makes a good story.

Follow me on Twitter: @tomquillin

Article source: http://www.darkreading.com/applications/lock-three-doors-to-protect-your-data/240163834

BURLINGTON, Mass.–(BUSINESS WIRE)–Arbor Networks Inc., a leading provider of DDoS and advanced threat protection solutions for enterprise and service provider networks, announced today the introduction of its Arbor CloudSM DDoS Protection solution for service provider and enterprise network operators.

“Arbor Cloud for DDoS is designed to meet the demand for DDoS protection in both markets we serve, the service provider and enterprise markets”

For service providers, Arbor is offering a turnkey, white-label platform that enables them to meet market demand by launching, extending and enhancing cloud-based DDoS managed services. For the enterprise, Arbor now offers an integrated on-premise and cloud-based DDoS protection solution, delivering best practices defense against a wide spectrum of attacks. Arbor’s technology, products, and ATLAS research infrastructure power these new services, supported by a 24×7 Security Operations Center staffed by Arbor DDoS and security experts. Arbor’s channel partners will play a critical role in bringing both the service provider and enterprise solutions to market globally.

“Arbor is leveraging their unmatched service provider footprint, experience, and relationships to deliver innovative DDoS mitigation solutions. They are enabling providers an opportunity to grow revenue by efficiently launching or scaling cloud-based DDoS services while simultaneously offering enterprises a solution that integrates on-premise and cloud-based DDoS protection. They’ve been the market leader for a decade and innovative moves like this will help them keep the lead,” said Jeff Wilson, principal analyst with Infonetics Research.

Arbor Cloud DDoS Protection for Service Providers

Arbor is pervasively deployed in many of the world’s service provider networks, with more than sixty providers offering managed security services powered by Arbor’s Peakflow SP platform. Arbor has worked closely with these customers to help them launch and support these services. The Arbor Cloud solution will enable them to quickly scale existing, or in some cases launch new, cloud-based DDoS security services. Arbor is responding to customers and enabling them to meet end user demand in an efficient and affordable way, without significant capital expenditures in network infrastructure or people. Arbor security experts will be on call 24×7 to support customers under attack and will handle all aspects of the service.

“Verizon has utilized Arbor Networks hardware for a number of years in the provision of Verizon’s DOS Defense service, protecting Verizon IP customers globally. Arbor Networks’ expansion with Arbor Cloud DDoS Protection Service, will permit customers to retain their best-practice dual-carrier environments while leveraging tried and tested technology for both Verizon and their alternate carrier Internet circuits,” said Bart Vansevenant Executive Director, Security Solutions with Verizon Enterprise Solutions.

Arbor Cloud DDoS Protection for Enterprises

DDoS has become the primary threat to the availability of enterprise networks. DDoS was once a basic high-volume attack that flooded the pipes of its targets. The modern DDoS threat is a complex series of attacks that target not just connection bandwidth, but multiple devices that make up existing security infrastructure, such as firewall/IPS devices, as well as a wide variety of applications that the business relies on, like HTTP, HTTPS, VoIP, DNS and SMTP. These infrastructure and application-layer attacks are low volume and they are designed to evade traditional perimeter defenses, and often target them. Best practice defense recommends a combination of cloud-based protection against high-volume attacks, and on-premise protection against application and infrastructure attacks.

With Arbor Cloud DDoS Protection, enterprises can now deploy best-practices defense in a single solution, with integrated mitigation from the premise to the cloud. Arbor Cloud helps protect enterprises against a wide spectrum of DDoS attacks, including volumetric, application-layer, state-exhaustion (e.g. targeting firewall/IPS), blended and multi-vector DDoS attacks. The ease of use of the on-premise PravailAvailability Protection System (Pravail APS) enables existing enterprise IT staff to maintain control of the mitigation, and gives them the ability to quickly alert the cloud when attacks reach a certain size that cannot be handled on premise. Arbor Cloud is integrated protection from the cloud to the premise, from the world’s leading provider of DDoS detection and mitigation solutions, according to Infonetics Research.

“Arbor Cloud for DDoS is designed to meet the demand for DDoS protection in both markets we serve, the service provider and enterprise markets,” said Arbor Networks President Colin Doherty. “We’ve helped many of our service provider customers launch cloud-based DDoS managed protection services, and Arbor Cloud will give them another way to scale and expand these services cost effectively. For the larger enterprise, the story is simple. An integrated on-premise and cloud-based DDoS protection solution is needed for optimal DDoS protection. Our channel partners are excited about this new offering from Arbor because they understand there is a need in the market for best practices DDoS defense.”

Supporting Resources:

Watch the Arbor Cloud video

Download the Arbor Cloud Data Sheet and Solution Briefs here

About Arbor Networks

Arbor Networks, Inc. helps secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world’s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor’s advanced threat solutions deliver comprehensive network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers market-leading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a “force multiplier”, making network and security teams the experts. Our goal is to provide a richer picture into networks and more security context – so customers can solve problems faster and help reduce the risk to their business.

To learn more about Arbor products and services, please visit our website at arbornetworks.com. Arbor’s research, analysis and insight, together with data from the ATLAS global threat intelligence system, can be found at the ATLAS Threat Portal.

Article source: http://www.darkreading.com/management/arbor-announces-new-ddos-protection-serv/240163837

BASKING RIDGE, N.J. – Verizon Enterprise Solutions has named Eddie Schwartz as the head of its security and cyberintelligence practice.

In his new role, Schwartz will help Verizon to advance its leadership position in cybersecurity by accelerating the pace of innovation and the integration of advanced security service delivery across Verizon’s leading cybersecurity solutions. Among the areas Schwartz will oversee are Verizon’s world-class cyberforensics investigative and research team, which is responsible for producing the Verizon Data Breach Investigations Report series; and the company’s advanced cloud and premises-based managed security solutions portfolio.

Schwartz most recently served as chief information security officer at RSA, the security division of EMC.

“Eddie’s more than 25 years of information security leadership and entrepreneurial experience will help distinguish Verizon throughout the industries we serve,” Verizon’s Chief Platform Officer David Small said. “I am confident his extensive experience solving the most challenging cyberproblems for clients in the government and commercial sectors, along with his industry reputation and background of leading global cybersecurity innovation and information risk management teams and programs will be an asset for growing our security solutions business.”

Added Small: “As Verizon’s clients continue to expand their global deployments of cloud, mobility and big data solutions on Verizon platforms, security has emerged as a top priority for business leaders and CIOs alike. This announcement reinforces Verizon’s commitment to world-class management of the advanced security challenges faced by our clients around the world.”

Schwartz’s accomplishments in cybersecurity have prompted industry recognition by Computerworld as a 2013 Premier 100 IT Leader, and his appointment as industry chair of ISACA’s Global Cyber Security Task Force.

Verizon Enterprise Solutions is a leading provider of advanced IT and communications services to enterprise and governments around the world. Visit Verizon Enterprise Solutions for more information.

Verizon Communications Inc. (NYSE, Nasdaq: VZ), headquartered in New York, is a global leader in delivering broadband and other wireless and wireline communications services to consumer, business, government and wholesale customers. Verizon Wireless operates America’s most reliable wireless network, with more than 101 million retail connections nationwide. Verizon also provides converged communications, information and entertainment services over America’s most advanced fiber-optic network, and delivers integrated business solutions to customers in more than 150 countries. A Dow 30 company with nearly $116 billion in 2012 revenues, Verizon employs a diverse workforce of 178,300. For more information, visit www.verizon.com.

Article source: http://www.darkreading.com/management/eddie-schwartz-joins-verizon-as-vice-pre/240163838

FAIRFAX, Va., Nov. 12, 2013 /PRNewswire/ — General Dynamics Information Technology has been awarded a task order to provide modernized base-level network security boundary support to the U.S. Air Force Life Cycle Management Center at all active Air Force and Air National Guard bases worldwide. The task order was awarded under the Network-Centric Solutions (NETCENTS) contract and has a potential value of $25.3 million over two years if all options are exercised.

Under this award, General Dynamics will support the Enclave Non-classified Internet Protocol Router Network Firewall and Automated Security Incident Management Sustainment (ENFAAS) program. This includes network management upgrades at the Air Force Integrated Network Operations and Security Centers and Air Force Computer Emergency Response Team locations. The company also will support Air Force Network (AFNet) security requirements and increase visibility into network traffic across the Air Force Non-classified Internet Protocol Router Network (NIPRNet). Work will be performed at General Dynamics facilities in Needham, Mass., and Oklahoma City, Okla., as well as various Air Force locations worldwide.

“General Dynamics will leverage more than 20 years of experience designing and integrating cyber systems and networks for all components of the Department of Defense to offer the Air Force a cost-effective, reliable approach to meet the needs of this top priority cyber program,” said Charlie Plummer, vice president and general manager of General Dynamics Information Technology’s IT Solutions sector. “We look forward to continuing our trusted partnership with the Air Force and supporting Air Force cyber mission objectives worldwide.”

General Dynamics is the systems integrator for the Air Force NIPRNet Gateway Program, as well as prime contractor for seven Base Information Transport Infrastructure contracts and the Host Based Security System Modernization and Sustainment contract. The company also has implemented multiple Combat Information Transport System projects and supported AFNet modernization efforts for more than 20 years.

The NETCENTS contract is a multiple-award, indefinite delivery, indefinite quantity contract awarded to General Dynamics in September 2004.

For more information about General Dynamics Information Technology, a business unit of General Dynamics (NYSE: GD), please visit www.gdit.com.

More information about General Dynamics is available online at www.generaldynamics.com.

Article source: http://www.darkreading.com/government-vertical/general-dynamics-awarded-25-million-to-m/240163839

HOUSTON, TEXAS– November 12, 2013 — Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today announced the results of research comparing risk-based security management in the industrial sector to that of other industries. The survey data is being shared at the eighth annual American Petroleum Institute Cybersecurity Conference.

The survey, conducted in April 2013 with the Ponemon Institute, evaluates the attitudes of 1,320 respondents from IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management. One hundred eight industrial sector respondents from the U.S. and U.K. participated in the industrial controls portion of the survey

“With the rapid escalation of critical infrastructure cybersecurity threats, industrial control organizations have a lot to do,” said Dwayne Melancon, chief technology officer for Tripwire. “It is encouraging that they are embracing a risk-based view of their operations at a higher than average rate, but this is not enough to protect them against determined attackers. It is imperative for this sector to get a handle on system hardening and configuration management practices to improve security and reliability.”

Key findings included:

51% use formal risk assessments to identify security risks – five percent higher than the survey average.

86% believe minimizing noncompliance with laws and regulations helps meet certain business objectives – five percent higher than the survey average.

43% measure the reduction in unplanned system downtime to assess the effectiveness of cost-containment management efforts, differing from survey average of 38%.

52% listed the “flow of upstream communications” as one of the top three features most critical to the success of a risk-based security management approach – an eight percent increase over the survey average of 46%.

However, the study revealed that the industrial sector is less effective than other industries in deploying risk management controls and communicating effectively about security. Additional findings included:

Only 40% have fully or partially deployed security configuration management, differing from the survey average of 49%.

75% have fully or partially deployed system hardening, five percent lower than the survey average of 80%.

69% said security communications are contained in only one department or line of business, differing from the survey average of 63%.

67% said security communications occur at too low a level, differing from the survey average of 62%.

Only 56% listed an “openness to challenge assumptions” as one of the top three features most critical to the success of a risk-based security management approach. This was six percent lower than the survey average of 62%.

“Even though industrial sector organizations are actively considering security risks, they must also improve their willingness to elevate key risks to the executive level,” Melancon continued. “Security risks must be considered in context with overall business risk or the entire organization’s success will be in jeopardy.”

For more information about this survey, please visit: http://www.tripwire.com/ponemon/2013/#industrial .

About the Ponemon Institute

The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in a variety of industries.

About Tripwire

Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at www.tripwire.com, get security news, trends and insights at http://www.tripwire.com/state-of-security/ or follow us on Twitter @TripwireInc.

Article source: http://www.darkreading.com/management/survey-67-of-industrial-sector-say-secur/240163840