NEWS: NETWORK WORLD SECURITY
Setup News Ticker
   NEWS: NETWORK WORLD SECURITY
Network World Security
Jan 16, 2020

Why multicloud security is your next big challenge
Companies deploy an average of three to five different cloud services. With an increased emphasis on security and regulatory compliance, the capability to manage these disparate systems is crucial.

Network World Security
Jan 15, 2020

Review: SaltStack brings SecOps to network orchestration and automation
SaltStack Enterprise, and its optional SecOps modules, is one of the only platforms available today that can fully manage complex enterprise environments while also protecting them.

Network World Security
Jan 15, 2020

3 easy ways to make your Windows network harder to hack
Start the new year off by eliminating common paths for attackers to breach your network.

Network World Security
Jan 13, 2020

How to deal with the impact of digital transformation on networks
Digital transformation has increased the importance of the network, particularly the edge, where customers, employees, cloud applications and IoT devices connect to the enterprise. The legacy static and non-differentiated network edge of years past is no longer sufficient for many reasons, so as companies embark on digital-transformation plans, their networks must evolve.

Networking pros should be looking at, among other things, improving security and embracing software-defined networking (SDN) that supports propagating changes quickly across the network in order to accommodate the many challenges digital transformation creates.

To read this article in full, please click here



Network World Security
Jan 08, 2020

How to fix insecure LDAP binds
Prevent Windows admin credentials from being exposed in cleartext with this tip.

Network World Security
Jan 03, 2020

Cisco issues critical security warnings its Data Center Network Manager
Cisco this week issued software to address multiple critical authentication exposures in its Data Center Network Manager (DCNM) software for its Nexus data center switches.

DCNM is a central management dashboard for data-center fabrics based on Cisco Nexus switches and handles a number of core duties such as automation, configuration control, flow policy management and real-time health details for fabric, devices, and network topology.

To read this article in full, please click here



Network World Security
Jan 02, 2020

How to get maximum protection from MFA in Office 365
Follow these steps to ensure your multi-factor authentication for Office 365 is effective.

Network World Security
Dec 30, 2019

Most popular tech stories of 2019
Insider Pro subscribers pick the Top 10 articles published in our debut year.

Network World Security
Dec 26, 2019

Top tech stories of 2019
The new Apple Card, the battle for cryptocurrency dominance, cybersecurity skills shortage - just a few of the stories that made headlines in 2019. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp discuss the top tech stories of the year.

Network World Security
Dec 24, 2019

How to make the most of Microsoft's new Compliance Score Console
This new Microsoft 365 feature can help you stay in compliance with regulations like GDPR and better protect data.

Network World Security
Dec 23, 2019

IDG Contributor Network: Recent VPN hacks reveal transparency issues within the industry and its supply chain
Consumers are no doubt becoming increasingly aware about the safety and security of their online activity after many highly publicized studies have shown an uptick in online data theft. According to the Federal Trade Commission, there were 3 million reports of identity theft alone in 2018.

Even though these threats — and the rash of data breaches — continue to grab headlines, consumers still are connecting to public wifi despite the threats and are joining other unsafe networks while traveling. More cautious or tech-savvy individuals know to turn to virtual private networks (VPNs) as a way to safely connect online, and as VPNs become more mainstream, some project the VPN market can grow to more than $35 billion by 2022. We've even seen some vendors to capitalize by creating flashy TV commercials that insinuate that they are consumers' digital doorman. 

To read this article in full, please click here



Network World Security
Dec 18, 2019

How to protect the enterprise from holiday attacks
Attackers often take advantage of the holidays to launch attacks. Use these Microsoft settings to deter them.

Network World Security
Dec 16, 2019

IoT security: Why it's your biggest nightmare
The internet of things encompasses connected devices on a massive scale, actionable data and innovative business models - and it also brings unprecedented security headaches.

Network World Security
Dec 11, 2019

How to secure your domain name services
Follow these steps to protect your websites at the server and workstation.

Network World Security
Dec 11, 2019

Blockchain/IoT integration accelerates, hits a 'sweet spot'
IoT and blockchain may be a natural fit, but it will still take five to 10 years before kinks are worked out and the two technologies can reach their full potential, according to Gartner.

Network World Security
Dec 11, 2019

Blockchain/IoT integration accelerates, hits a 'sweet spot' for the two technologies
IoT and blockchain may be a natural fit, but it will still take five to 10 years before kinks are worked out and the two technologies can reach their full potential, according to Gartner.

Network World Security
Dec 09, 2019

What's hot for Cisco in 2020
As the industry gets ready to gear up for 2020 things have been a  little disquieting in networking land.

That's because some key players - Arista and Juniper in particular - have been reporting business slowdowns as new deals have been smaller than expected and cloud providers haven't been as free-spending as in the past.

[Get regularly scheduled insights by signing up for Network World newsletters.] Worldwide IT spending has been on the slow side, Gartner said in October that worldwide IT spending is projected to total $3.7 trillion in 2019, an increase of 0.4% from 2018, the lowest growth forecast so far in 2019. The good news: global IT spending is expected to rebound in 2020 with forecast growth of 3.7%, primarily due to enterprise software spending, Gartner stated.

To read this article in full, please click here



Network World Security
Dec 05, 2019

The VPN is dying, long live zero trust
The venerable VPN, which has for decades provided remote workers with a secure tunnel into the enterprise network, is facing extinction as enterprises migrate to a more agile, granular security framework called zero trust, which is better adapted to today's world of digital business.

VPNs are part of a security strategy based on the notion of a network perimeter; trusted employees are on the inside and untrusted employees are on the outside. But that model no longer works in a modern business environment where mobile employees access the network from a variety of inside or outside locations, and where corporate assets reside not behind the walls of an enterprise data center, but in multi-cloud environments.

To read this article in full, please click here



Network World Security
Dec 02, 2019

Welcome to Insider Pro's certifications and training center
Certifications show that you're committed to your job, have specific skills and are willing to up your game. Check out our online training courses and guides to top certifications -- all part of your Insider Pro subscription.

Network World Security
Dec 02, 2019

IT certifications and training center
Certifications show that you're committed to your job, have specific skills and are willing to up your game. Check out our online training courses and guides to top certifications -- all part of your Insider Pro subscription.

Network World Security
Nov 26, 2019

Has the quantum crypto break already happened?
Better quantum algorithms and a strange silence since last year from quantum computing researchers suggest that we are closer to breaking traditional encryption than most people believe.

Network World Security
Nov 20, 2019

IBM aims at hybrid cloud, enterprise security
IBM is taking aim at the challenging concept of securely locking-down company applications and data spread across multiple private and public clouds and on-premises locations.

IBM is addressing this challenge with its Cloud Pak for Security, which features open-source technology for hunting threats, automation capabilities to speed response to cyberattacks, and the ability integrate customers' existing point-product security-system information for better operational safekeeping - all under one roof.

[ Learn how server disaggregation can boost data center efficiency and how Windows Server 2019 embraces hyperconverged data centers . | Get regularly scheduled insights by signing up for Network World newsletters. ] IBM Cloud Paks are bundles of Red Hat's Kubernetes-based OpenShift Container Platform along with Red Hat Linux and a variety of connecting technologies to let enterprise customers deploy and manage containers on their choice of infrastructure, be it private or public clouds, including AWS, Microsoft Azure, Google Cloud Platform, Alibaba and IBM Cloud.

To read this article in full, please click here



Network World Security
Nov 20, 2019

How make a Windows disaster recovery kit
Make your own disaster checklist and recovery toolkit before trouble happens.

Network World Security
Nov 18, 2019

Fortinet CEO: Network and security technologies give rise to security-driven networking
The network and security industries both continue to evolve at a rate never seen before.  Historically, security and network operation teams have worked in parallel with one another, sometimes being at odds with each other's goals.

However, that is changing as businesses rely on their networks to operate. It's fair to say that today, for many companies, the network is the business. As this happens, network and security technologies need to be more closely aligned giving rise to the concept of security-driven networking.

[Get regularly scheduled insights by signing up for Network World newsletters.] In this post, ZK Research had a chance to sit down with the co-founder and CEO of Fortinet Ken Xie to discuss the future of networking and security. 

To read this article in full, please click here



Network World Security
Nov 15, 2019

IoT in 2020: The awkward teenage years
Much of the hyperbole around the Internet of Things isn't really hyperbole anymore - the instrumentation of everything from cars to combine harvesters to factories is just a fact of life these days. IoT's here to stay.

Yet despite the explosive growth - one widely cited prediction from Gartner says that the number of enterprise and automotive IoT endpoints will reach 5.8 billion in 2020 - the IoT market's ability to address its known flaws and complications has progressed at a far more pedestrian pace. That means ongoing security woes and a lack of complete solutions are most of what can be safely predicted for the coming year.

To read this article in full, please click here



Network World Security
Nov 14, 2019

Balancing patient security with healthcare innovation | TECH(talk)
Healthcare organizations are one of the most targeted verticals when it comes to cyberattacks. While those organizations must work to secure patients' sensitive data, it can also be helpful to analyze that data to improve patient outcomes. Jason James, CIO of Net Health, joins Juliet to discuss why attackers target healthcare organizations, Google's Project Nightingale and what it means for a tech giant to have access to the medical data of millions of people.

Network World Security
Nov 13, 2019

Red Hat Responds to Zombieload v2
Three Common Vulnerabilities and Exposures (CVEs) opened yesterday track three flaws in certain Intel processors, which, if exploited, can put sensitive data at risk.

Of the flaws reported, the newly discovered Intel processor flaw is a variant of the Zombieload attack discovered earlier this year and is only known to affect Intel's Cascade Lake chips.

[Get regularly scheduled insights by signing up for Network World newsletters.] Red Hat strongly suggests that all Red Hat systems be updated even if they do not believe their configuration poses a direct threat, and it is providing resources to their customers and to the enterprise IT community.

To read this article in full, please click here



Network World Security
Nov 13, 2019

Get 70% off NordVPN Virtual Private Network Service 3 months free - Deal Alert
Safeguard yourself against snoops, and access blocked content with this no-log VPN service. NordVPN has discounted their popular VPN software 70%, with 3 extra months on top. Use our link and see the discount applied when you click "buy now".

Network World Security
Nov 12, 2019

SASE is more than a buzzword for BioIVT
It seems the latest buzzword coming from those analysts at Gartner is SASE (pronounced "sassy"), which stands for "Secure Access Service Edge." Network World has published several articles recently to explain what SASE is (and perhaps isn't). See Matt Conran's The evolution to Secure Access Service Edge (SASE) is being driven by necessity as well as Zeus Kerravala's article How SD-WAN is evolving into Secure Access Service Edge.

To read this article in full, please click here



Network World Security
Nov 07, 2019

How to harden web browsers against cyberattacks
Use these techniques to limit attackers' ability to compromise systems and websites.

Network World Security
Nov 07, 2019

Printers: The overlooked security threat in your enterprise | TECHtalk
Printers, often a forgotten target in the enterprise, are vulnerable to all the usual cyberattacks. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp and CSO Online's J.M. Porup discuss the threats to these devices, plus how to secure them and protect your network.

Network World Security
Nov 06, 2019

Cisco Meraki ups security with new switch, software
Cisco Meraki has introduced new hardware and software the company says will help customers more effectively support and secure a wide variety of distributed network resources.

The new products, which include a raft of new security features as well a new class of switches and a cellular gateway will help Meraki address customers who perhaps don't have the IT expertise nor staffing to support the increasing number of devices that need to be managed, said Lawrence Huang, vice president of product management at Cisco Meraki.

Network pros react to new Cisco certification curriculum "Threat vectors are evolving and the way customers need to protect themselves need to evolve as well - how customers support applications and IoT devices exemplify the idea its not just one perimeter that needs protecting but a collection of micorperimenters," Huang said.

To read this article in full, please click here



Network World Security
Nov 05, 2019

Boeing's insecure networks threaten security and safety
Aircraft manufacturer Boeing's insecure networks leave the company--and potentially its aircraft--at risk of exploitation. Security researcher Chris Kubecka uncovered these threats in April, and new reporting by CSO's J.M. Porup reveals little has been done to patch these vulnerabilities. They both join Juliet to discuss how Kubecka discovered this information and what it means for national security and passenger safety.

Network World Security
Nov 05, 2019

Boeing's unsecure networks threaten security and safety
Aircraft manufacturer Boeing's unsecure networks leave the company--and potentially its aircraft--at risk of exploitation. Security researcher Chris Kubecka uncovered these threats in April, and new reporting by CSO's J.M. Porup reveals little has been done to patch these vulnerabilities. They both join Juliet to discuss how Kubecka discovered this information and what it means for national security and passenger safety.

Network World Security
Nov 05, 2019

VMware amps security with in-house, Carbon Black technology
VMware is moving quickly to meld its recently purchased Carbon Black technology across its product lines with an eye toward helping users protect their distributed enterprises.

VMware just closed the $2.1 billion buy of cloud-native endpoint-security vendor Carbon Black in October and in the process created a new security business unit that will target cybersecurity and analytics to protect networked enterprise resources.

More about edge networking

To read this article in full, please click here



Network World Security
Nov 04, 2019

A VPN service that gets around the Great Firewall of China legally
The saying goes that China is the world's factory. For many companies around the world, their products or components of their products are produced in mainland China. At the same time, China's population of more than a billion people makes it one of the world's largest consumer markets. Thus, for either production or sales, many companies want to do business in China and have established facilities there.

On the networking front, this means that multinational companies need to extend their wide area network into China to support their large or rapidly growing operations—and that's easier said than done.

[Get regularly scheduled insights by signing up for Network World newsletters.] Many organizations had done this using VPNs, but in early 2018, the Chinese government placed restrictions on IPsec traffic to basically block it from going in and out of the country. The Ministry of Industry and Information Technology (MIIT) said these restrictions are in accordance with the China Cross-border Data Telecommunications Industry Alliance (CDTIA), which was created to regulate cross-border data communication.

To read this article in full, please click here



Network World Security
Nov 04, 2019

An SD-WAN service that gets around the Great Firewall of China legally
The saying goes that China is the world's factory. For many companies around the world, their products or components of their products are produced in mainland China. At the same time, China's population of more than a billion people makes it one of the world's largest consumer markets. Thus, for either production or sales, many companies want to do business in China and have established facilities there.

On the networking front, this means that multinational companies need to extend their wide area network into China to support their large or rapidly growing operations—and that's easier said than done.

[Get regularly scheduled insights by signing up for Network World newsletters.] Many organizations had done this using VPNs, but in early 2018, the Chinese government placed restrictions on IPsec traffic to basically block it from going in and out of the country. The Ministry of Industry and Information Technology (MIIT) said these restrictions are in accordance with the China Cross-border Data Telecommunications Industry Alliance (CDTIA), which was created to regulate cross-border data communication.

To read this article in full, please click here



Network World Security
Oct 30, 2019

IoT roundup: Carriers expand NB-IoT, Congress eyes IoT security …
A powerful IoT networking technology used by the major carriers continues to gain ground, Congress makes noise about training and a prominent researcher warns of security trouble ahead.

Network World Security
Oct 30, 2019

How to and why you should disable LLMNR with Windows Server
Link-Local Multicast Name Resolution could enable a man-in-the-middle attack, so it's best to disable the protocol when setting up Windows Server 2019.

Network World Security
Oct 28, 2019

How SD-WAN is evolving into Secure Access Service Edge
SASE, pronounced "sassy," stands for secure access service edge, and it's being positioned by Gartner as the next big thing in enterprise networking. The technology category, which Gartner and other network experts first introduced earlier this year, converges the WAN edge and network security into a cloud-based, as-a-service delivery model. According to Gartner, the convergence is driven by customer demands for simplicity, scalability, flexibility, low latency, and pervasive security.

SASE brings together security and networking A SASE implementation requires a comprehensive technology portfolio that only a few vendors can currently deliver. The technology is still in its infancy, with less than 1% adoption. There are a handful of existing SD-WAN providers, including Cato Networks, Juniper, Fortinet and Versa, that are expected to compete in the emerging SASE market. There will be other SD-WAN vendors jumping on this wagon, and the industry is likely to see another wave of startups. 

To read this article in full, please click here



Network World Security
Oct 28, 2019

IoT roundup: Carriers expand NB-IoT footprints, Congress eyes security bill, and 'IT asbestos' looms
The major U.S. mobile carriers are eager participants in the rise of IoT, and it's tough to argue that they don't have a major role to play - the ability to connect largely anywhere, coupled with the ability to handle high-throughput applications, means that cellular data can be an attractive option for the connectivity piece of an IoT deployment.

AT&T announced a deal with Vodafone last week to interconnect their respective narrow-band IoT networks across the Atlantic, mating AT&T's U.S. coverage with Vodafone's in western Europe. That means that businesses with NB-IoT deployments in those areas can use that single network to connect their entire implementation. Not to be outdone, Sprint announced that it, too, is rolling out NB-IoT on its Curiosity IoT platform. Sprint shared its plans during a panel discussion at Mobile World Congress in Los Angeles last week.

To read this article in full, please click here



Network World Security
Oct 28, 2019

IoT roundup: VMware, Nokia beef up their IoT
The major U.S. mobile carriers are eager participants in the rise of IoT, and it's tough to argue that they don't have a major role to play - the ability to connect largely anywhere, coupled with the ability to handle high-throughput applications, means that cellular data can be an attractive option for the connectivity piece of an IoT deployment.

AT&T announced a deal with Vodafone last week to interconnect their respective narrow-band IoT networks across the Atlantic, mating AT&T's U.S. coverage with Vodafone's in western Europe. That means that businesses with NB-IoT deployments in those areas can use that single network to connect their entire implementation. Not to be outdone, Sprint announced that it, too, is rolling out NB-IoT on its Curiosity IoT platform. Sprint shared its plans during a panel discussion at Mobile World Congress in Los Angeles last week.

To read this article in full, please click here



Network World Security
Oct 24, 2019

Gartner crystal ball: Looking beyond 2020 at the top IT-changing technologies
ORLANDO -  Forecasting long-range IT technology trends is a little herding cats - things can get a little crazy.

But Gartner analysts have specialized in looking forwardth, boasting an 80 percent  accuracy rate over the years, Daryl Plummer, distinguished vice president and Gartner Fellow told the IT crowd at this year's IT Symposium/XPO.  Some of those successful prediction have included the rise of automation, robotics, AI technology  and other ongoing trends.

Now see how AI can boost data-center availability and efficiency Like some of the other predictions Gartner has made at this event, this year's package of predictions for 2020 and beyond is heavily weighted toward the human side of technology rather than technology itself. 

To read this article in full, please click here



Network World Security
Oct 23, 2019

How to double-check permissions post migration from Windows 7
It pays to make sure all permissions in your Windows environment are correct after migrating from Windows 7 or Server 2008 R2. Here's how to check.

Network World Security
Oct 22, 2019

Cisco issues critical security warning for IOS XE REST API container
Cisco this week said it issued a software update to address a vulnerability in its Cisco REST API virtual service container for Cisco IOS XE software that scored a critical 10 out of 10 on the Common Vulnerability Scoring System (CVSS) system.

With the vulnerability an attacker could submit malicious HTTP requests to the targeted device and if successful, obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device, the company said.

To read this article in full, please click here



Network World Security
Oct 22, 2019

Your best defense against insider threats | TECH(talk)
When employees are your weakest link, companies must have programs in place to prevent them from accidentally or intentionally putting the organization at risk. Watch as TECHtalk hosts Ken Mingis and Juliet Beauchamp discuss various options with CSO's Lucian Constantin.

Network World Security
Oct 21, 2019

Train to be a certified cyber security professional for just $39
Cyber crime is responsible for a staggering amount of damage and chaos around the world. Want to be a part of the solution? Then train for a career in this demanding field with The A to Z Cyber Security and IT Certification Training Bundle.

This e-training bundle is perfect for anyone who has an interest in putting a stop to cyber crime. It includes twelve courses that'll introduce students to ethical hacking methods, show them how to test a network for weaknesses, and identify problems so they can be fixed prior to being exploited. It's fast, flexible, and you can even apply your training in preparation for several certification exams

To read this article in full, please click here



Network World Security
Oct 16, 2019

Microsoft's Windows, Office 365 advice for secure elections
Microsoft has issued guidance and offered resources to help election officials and candidate campaigns to better protect their Windows and Office 365 systems.

Network World Security
Oct 11, 2019

Can microsegmentation help IoT security?
The Internet of Things (IoT) promises some big benefits for organizations, such as greater insights about the performance of corporate assets and finished products, improved manufacturing processes, and better customer services. The nagging security issues related to IoT, unfortunately, remain a huge concern for companies and in some cases might be keeping them from moving forward with initiatives. One possible solution to at least some of the security risks of IoT is microsegmentation, a  concept in networking that experts say could help keep IoT environments under control.

To read this article in full, please click here

(Insider Story)

Network World Security
Oct 10, 2019

VMware builds security unit around Carbon Black tech
VMware has wrapped up its $2.1 billion buy of cloud-native endpoint-security vendor Carbon Black and in the process created a new security business unit that will target cybersecurity and analytics to protect networked enterprise resources.

When VMware announced the acquisition in August, its CEO Pat Gelsinger said he expected Carbon Black technology to be integrated across VMware's product families such as NSX networking software and vSphere, VMware's flagship virtualization platform. "Security is broken and fundamentally customers want a different answer in the security space. We think this move will be an opportunity for major disruption," he said. 

To read this article in full, please click here



Network World Security
Oct 08, 2019

Top enterprise VPN vulnerabilities
Don't assume VPNs are always safe. These popular enterprise VPNs all have known remote code execution vulnerabilities.

Network World Security
Oct 02, 2019

How to safely erase data under Windows
Bitlocker and self-encrypting hard drives can make it easier to erase data so that it cannot be recovered. This is how the "crypto-erase" method works.

Network World Security
Sep 30, 2019

IoT roundup: Security holes abound, GE Digital makes noise and more
This week, we look at IoT security holes -- both usual and unusual -- an IIoT player makes a move, and mergers and partnerships worth noting.

Network World Security
Sep 26, 2019

Cisco: 13 IOS, IOS XE security flaws you should patch now
Cisco this week warned its IOS and IOS XE customers of 13 vulnerabilities in the operating system software they should patch as soon as possible.

All of the vulnerabilities - revealed in the company's semiannual IOS and IOS XE Software Security Advisory Bundle - have a security impact rating (SIR) of "high". Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to, conduct a command injection attack on, or cause a denial of service (DoS) condition on an affected device, Cisco stated. 

"How to determine if Wi-Fi 6 is right for you" Two of the vulnerabilities affect both Cisco IOS Software and Cisco IOS XE Software. Two others affect Cisco IOS Software, and eight of the vulnerabilities affect Cisco IOS XE Software. The final one affects the Cisco IOx application environment. Cisco has confirmed that none of the vulnerabilities affect Cisco IOS XR Software or Cisco NX-OS Software.  Cisco has released software updates that address these problems.

To read this article in full, please click here



Network World Security
Sep 25, 2019

How to move users to the Outlook app with Intune
Microsoft is turning off basic authentication, so it's wise to move mobile users to the Outlook app to better protect them from attackers.

Network World Security
Sep 18, 2019

How to monitor Windows to prevent credential theft attacks
Attackers are now enabling WDigest credential caching to allow them to harvest credentials. Here's how to spot it.

Network World Security
Sep 17, 2019

All about U.S. tech antitrust investigations | TECH(feed)
Four large tech companies -- Apple, Amazon, Google and Facebook are under investigation in the U.S. for allegedly anticompetitive behavior. These antitrust investigations on both the federal and state levels are aimed at uncovering the practices these companies engage in to eliminate competition. In this episode of TECH(feed), Juliet discusses the House investigation into big tech and how Congress plans to investigate potential wrongdoing by these companies.

Network World Security
Sep 17, 2019

Review: Blue Hexagon may make you rethink perimeter security
This fully functional, fully trained cybersecurity tool is ready on day 1 to spot threats on whatever network it's charged with protecting.

Network World Security
Sep 13, 2019

Shining light on dark data, shadow IT and shadow IoT
What's lurking in the shadows of YOUR organization? What you don't know can hurt you. Insider Pro columnist Mike Elgan looks at how your business is at risk and offers six steps to minimize it.

Network World Security
Sep 11, 2019

To secure industrial IoT, use segmentation instead of firewalls
The internet of things (IoT) has been top of mind for network and security professionals for the better part of the past five years. This has been particularly true for the area of industrial IoT (IIoT). Connected industrial devices are nothing new, but most IT people aren't familiar with them because they have been managed by operational technology (OT) teams. More and more, though, business leaders want to bring OT and IT together to drive better insights from the combined data set.

While there are many advantages to merging IT and OT and having IIoT fall under IT ownership, it has a profound impact on the cybersecurity team because it introduces several new security threats. Each connected endpoint, if breached, creates a backdoor into the other systems.

To read this article in full, please click here



Network World Security
Sep 11, 2019

How to set up Microsoft Teams for security and compliance
These are the security and compliance decisions you need to make when deploying Microsoft Teams.

Network World Security
Sep 06, 2019

How the California Consumer Privacy Act (CCPA) will affect you and your business | TECH(talk)
The California Consumer Privacy Act (CCPA) is, in some ways, similar to Europe's GDPR. This rule, which goes into effect in 2020, gives individual users more ownership over their own data. Users can even refuse to allow companies to sell their online data. As the compliance deadline approaches, CSO Online contributor Maria Kolokov and senior editor Michael Nadeau discuss with Juliet how CCPA may shift business models, change online behavior and reveal where exactly our data has been. Some tech companies, like Google, are even trying to exempt themselves from regulation. Failure to adhere to the rule could be an "extinction level" event.

Network World Security
Sep 06, 2019

HPE's vision for the intelligent edge
It's not just speeds and feeds anymore, it's intelligent software, integrated security and automation that will drive the networks of the future.

That about sums up the networking areas that Keerti Melkote, HPE's President, Intelligent Edge, thinks are ripe for innovation in the next few years.He has a broad perspective because his role puts him in charge of the company's networking products, both wired and wireless.

Now see how AI can boost data-center availability and efficiency "On the wired side, we are seeing an evolution in terms of manageability," said Melkote, who founded Aruba, now part of HPE. "I think the last couple of decades of wired networking have been about faster connectivity. How do you go from a 10G to 100G Ethernet inside data centers? That will continue, but the bigger picture that we're beginning to see is really around automation." 

To read this article in full, please click here



Network World Security
Sep 05, 2019

FTC fines YouTube, but do fines really encourage change? | TECH(feed)
The FTC hit yet another tech company with a seemingly massive fine for mishandling user data. This time, YouTube, owned by Google, is forced to pay $170 million for collecting data about children under 13 without parental consent. The Federal Trade Commission slapped Facebook with a $5 billion fine just a few months ago. In this episode of TECH(feed), Juliet asks whether or not these fines are effective in regulating the tech industry.

Network World Security
Sep 05, 2019

Exploit found in Supermicro motherboards could allow for remote hijacking
A security group discovered a vulnerability in three models of Supermicro motherboards that could allow an attacker to remotely commandeer the server. Fortunately, a fix is already available.

Eclypsium, which specializes in firmware security, announced in its blog that it had found a set of flaws in the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11.

[ Also see: What to consider when deploying a next-generation firewall | Get regularly scheduled insights: Sign up for Network World newsletters ] BMCs are designed to permit administrators remote access to the computer so they can do maintenance and other updates, such as firmware and operating system patches. It's meant to be a secure port into the computer while at the same time walled off from the rest of the server.

To read this article in full, please click here



Network World Security
Sep 05, 2019

Flaw found in Supermicro motherboards could allow for remote hijacking
A security group discovered a vulnerability in three models of Supermicro motherboards that could allow an attacker to remotely commandeer the server. Fortunately, a fix is already available.

Eclypsium, which specializes in firmware security, announced in its blog that it had found a set of flaws in the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11.

[ Also see: What to consider when deploying a next-generation firewall | Get regularly scheduled insights: Sign up for Network World newsletters ] BMCs are designed to permit administrators remote access to the computer so they can do maintenance and other updates, such as firmware and operating system patches. It's meant to be a secure port into the computer while at the same time walled off from the rest of the server.

To read this article in full, please click here



Network World Security
Sep 04, 2019

How to disable basic or legacy authentication to set up MFA in Office 365
Microsoft recommends setting up multi-factor authentication in Windows 10 for better security, but you have to disable basic or legacy authentication first.

Network World Security
Sep 03, 2019

IoT security essentials: Physical, network, software
Even in the planning stages of a deployment, IoT security is one of the chief stumbling blocks to successful adoption of the technology.

And while the problem is vastly complicated, there are three key angles to think about when laying out how IoT sensors will be deployed in any given setup: How secure are the device themselves, how many are there and can they receive security patches.

Physical access Physical access is an important but, generally, straightforward consideration for traditional IT security. Data centers can be carefully secured, and routers and switches are often located in places where they're either difficult to fiddle with discreetly or difficult to access in the first place.

To read this article in full, please click here



Network World Security
Aug 29, 2019

3 leading network access control products reviewed
Real IT users evaluate network access control solutions: Cisco Identity Services Engine, Aruba ClearPass and ForeScout CounterACT. (Download the 27-page comparison.)

Network World Security
Aug 28, 2019

What is phishing? Learn how this attack works
Phishing is a method of trying to gather personal information using deceptive e-mails and websites. Here's what you need to know about this increasingly sophisticated form of cyberattack.

Network World Security
Aug 26, 2019

Top 5 IoT networking security mistakes
Even though Brother International is a supplier of many  IT products, from machine tools to head-mounted displays to industrial sewing machines, it's best known for printers. And in today's world, those printers are no longer stand-alone devices, but components of the internet of things.

That's why I was interested in this list from Robert Burnett, Brother's director, B2B product & solution - basically, the company's point man for large customer implementations. Not surprisingly, Burnett focuses on IoT security mistakes related to printers and also shares Brother's recommendations for dealing with the top five.

To read this article in full, please click here



Network World Security
Aug 23, 2019

VMware spends $4.8B to grab Pivotal, Carbon Black to secure, develop integrated cloud world
All things cloud are major topics of conversation at the VMworld user conference next week, ratcheded up a notch by VMware's $4.8 billion plans to acquire cloud development firm Pivotal and security provider Carbon Black.

VMware said during its quarterly financial call this week it would spend about $2.7 billion on Pivotal and its Cloud Foundry hybrid cloud development technology, and about $2.1 billion for the security technology of Carbon Black, which includes its Predictive Security Cloud and other endpoint-security software.  Both amounts represent the enterprise value of the deals the actual purchase prices will vary, experts said.

To read this article in full, please click here



Network World Security
Aug 22, 2019

VMware spends $4.2B to grab Pivotal, Carbon Black to secure, develop integrated cloud world
All things cloud are certain to be major topics next week at the VMworld user conference, but VMware took things up a notch with plans to spend $4.2 billion to acquire cloud-development firm Pivotal, and security provider Carbon Black.

During its quarterly financial call VMware said it would spend about $2.7 billion on Pivotal and its Cloud Foundry hybrid cloud development technology and another $2.1 billion for Carbon Black, which includes its Predictive Security Cloud offering and other endpoint-security software.

[ Check out What is hybrid cloud computing and learn what you need to know about multi-cloud. | Get regularly scheduled insights by signing up for Network World newsletters. ] VMware had deep relationships with both companies. Carbon Black technology is part of VMware's AppDefense end point security product. Pivotal has a deeper relationship in that VMware and Dell, VMware's parent company spun out Pivotal in 2013.

To read this article in full, please click here



Network World Security
Aug 22, 2019

Texas ransomware attacks: to pay or not to pay? | TECH(feed)
Nearly two dozen cities in Texas have been hit by a ransomware attack executed by a single threat actor. These attacks beg the question: Is it ever worth it to pay a cyber attacker's ransom? In this episode of TECH(feed), Juliet discusses the pattern of ransomware attacks on local governments, how municipalities have responded and how to prevent a ransomware attack in the first place.

Network World Security
Aug 22, 2019

Don't worry about shadow IT. Shadow IoT is much worse.
For years, IT departments have been railing about the dangers of shadow IT and bring-your-own-device. The worry is that these unauthorized practices bring risks to corporate systems, introducing new vulnerabilities and increasing the attack surface.

That may be true, but it's not the whole story. As I've long argued, shadow IT may increase risks, but it can also cut costs, boost productivity and speed innovation. That's why users are often so eager to circumvent what they see as slow and conservative IT departments by adopting increasingly powerful and affordable consumer and cloud-based alternatives, with or without the blessing of the powers that be. Just as important, there's plenty of evidence of that enlightened IT departments should work to leverage those new approaches to serve their internal customers in a more agile manner.

To read this article in full, please click here



Network World Security
Aug 21, 2019

Cisco: 6 critical security alarms for UCS software, small-biz routers
Cisco today warned its Unified Computing System (UCS) customers about four critical fixes they need to make to stop nefarious agents from taking over or attacking their systems.The problems all have a severity rating of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS).

The critical bugs are found in the Cisco UCS Director and UCS Director Express for Big Data packages.

To read this article in full, please click here



Network World Security
Aug 21, 2019

How to avoid using RDP in Windows
Several new vulnerability disclosures in Windows Remote Desktop Protocol suggest it's time to stop using it. Here's how.

Network World Security
Aug 16, 2019

Get ready for the convergence of IT and OT networking and security
Most IT networking professionals are so busy with their day-to-day responsibilities that they don't have time to consider taking on more work. But for companies with an industrial component, there's an elephant in the room that is clamoring for attention. I'm talking about the increasingly common convergence of IT and operational technology (OT) networking and security.

Traditionally, IT and OT have had very separate roles in an organization. IT is typically tasked with moving data between computers and humans, whereas OT is tasked with moving data between "things," such as sensors, actuators, smart machines, and other devices to enhance manufacturing and industrial processes. Not only were the roles for IT and OT completely separate, but their technologies and networks were, too.

To read this article in full, please click here



Network World Security
Aug 12, 2019

How SD-Branch addresses today's network security concerns
Secure software-defined WAN (SD-WAN) has become one of the hottest new technologies, with some reports claiming that 85% of companies are actively considering SD-WAN to improve cloud-based application performance, replace expensive and inflexible fixed WAN connections, and increase security.

But now the industry is shifting to software-defined branch (SD-Branch), which is broader than SD-WAN but introduced several new things for organizations to consider, including better security for new digital technologies. To understand what's required in this new solution set, I recently sat down with John Maddison, Fortinet's executive vice president of products and solutions.

To read this article in full, please click here



Network World Security
Aug 07, 2019

How to set up Edge Chromium security options
Edge Chromium can provide more protection for organizations that use older versions of Windows.

Network World Security
Aug 06, 2019

Microsoft finds Russia-backed attacks that exploit IoT devices
The STRONTIUM hacking group, which has been strongly linked by security researchers to Russia's GRU military intelligence agency, was responsible for an IoT-based attack on unnamed Microsoft customers, according to the company. a blog post from the company's security response center issued Monday.

Microsoft said in a blog that the attack, which it discovered in April, targeted three specific IoT devices - a VoIP phone, a video decoder and a printer (the company declined to specify the brands) - and used them to gain access to unspecified corporate networks. Two of the devices were compromised because nobody had changed the manufacturer's default password, and the other one hadn't had the latest security patch applied.

To read this article in full, please click here



Network World Security
Aug 05, 2019

Is your enterprise software committing security malpractice?
Back when this blog was dedicated to all things Microsoft I routinely railed against the spying aspects of Windows 10. Well, apparently that's nothing compared to what enterprise security, analytics, and hardware management tools are doing.

An analytics firm called ExtraHop examined the networks of its customers and found that their security and analytic software was quietly uploading information to servers outside of the customer's network. The company issued a report and warning last week.

ExtraHop deliberately chose not to name names in its four examples of enterprise security tools that were sending out data without warning the customer or user. A spokesperson for the company told me via email, "ExtraHop wants the focus of the report to be the trend, which we have observed on multiple occasions and find alarming. Focusing on a specific group would detract from the broader point that this important issue requires more attention from enterprises."

To read this article in full, please click here



Network World Security
Aug 01, 2019

Black Hat 2019 and DEF CON 27: What to expect at hacker summer camp | TECH(talk)
Every year, thousands of hackers arrive in Las Vegas for three large security conferences -- DEF CON, Black Hat and Bsides Las Vegas -- taking place from Monday through Sunday next week. CSO Online's J.M. Porup chats with Juliet about what to expect at the conferences' sessions and what he's looking forward to.

Network World Security
Aug 01, 2019

Cisco pays $8.6M to settle security-software whistleblower lawsuit
Cisco has agreed to pay $8.6 million to settle claims it sold video security software that had a vulnerability that could have opened federal, state and local government agencies to hackers.

Under terms of the settlement Cisco will pay $2.6 million to the federal government and up to $6 million to 15 states, certain cities and other entities that purchased the product. The states that settled with Cisco are California, Delaware, Florida, Hawaii, Illinois, Indiana, Minnesota, Nevada, New Jersey, New Mexico, New York, North Carolina, Tennessee, Massachusetts and Virginia.

RELATED: A conversation with a white hat hacker According to Cisco, the software, which was sold between 2008 and 2014 was created by Broadware, a company Cisco bought in 2007 for its surveillance video technology and ultimately named it Video Surveillance Manager.

To read this article in full, please click here



Network World Security
Jul 31, 2019

The latest large-scale data breach: Capital One | TECH(feed)
Just a few days after Equifax settled with the FTC over its 2017 data breach, Capital One announced it was the target of a March attack. Identifying information and bank account numbers are among some of the data breached in the attack that affects 100 million people. A software engineer is behind the attack and is awaiting a hearing. In this episode of TECH(feed), Juliet discusses the consequences of the attack and how to find out if you've been affected.

Network World Security
Jul 31, 2019

Remote code execution is possible by exploiting flaws in Vxworks
Eleven zero-day vulnerabilities in WindRiver's VxWorks, a real-time operating system in use across an advertised 2 billion connected devices have been discovered by network security vendor Armis.

Six of the vulnerabilities could enable remote attackers to access unpatched systems without any user interaction, even through a firewall according to Armis.

About IoT:

What is the IoT? How the internet of things works What is edge computing and how it's changing the network Most powerful Internet of Things companies 10 Hot IoT startups to watch The 6 ways to make money in IoT What is digital twin technology? [and why it matters] Blockchain, service-centric networking key to IoT success Getting grounded in IoT networking and security

Network World Security
Jul 31, 2019

How an attacker can target phishing attacks
There are a number of ways attackers can exploit public information about your organization's employees. CSO Online's Susan Bradley walks through how an attacker can gain access to your organization's Office 365 accounts and how you can protect your enterprise from these potential attacks.

Network World Security
Jul 30, 2019

The role of next-gen firewalls in an evolving security architecture
As the commercial enterprise firewall approaches its 30th birthday, it is hard to overstate how dramatically the product has evolved. This 2,700-word research report looks the current state of next-generation firewall technology.

Network World Security
Jul 24, 2019

Reports: As the IoT grows, so do its threats to DNS
The internet of things is shaping up to be a more significant threat to the Domain Name System through larger IoT botnets, unintentional adverse effects of IoT-software updates and the continuing development of bot-herding software.

The Internet Corporation for Assigned Names and Numbers (ICANN) and IBM's X-Force security researchers have recently issued reports outlining the interplay between DNS and IoT that includes warnings about the pressure IoT botnets will put on the availability of DNS systems.

More about DNS:

DNS in the cloud: Why and why not DNS over HTTPS seeks to make internet use more private How to protect your infrastructure from DNS cache poisoning ICANN housecleaning revokes old DNS security key ICANN's Security and Stability Advisory Committee (SSAC) wrote in a report that "a significant number of IoT devices will likely be IP enabled and will use the DNS to locate the remote services they require to perform their functions. As a result, the DNS will continue to play the same crucial role for the IoT that it has for traditional applications that enable human users to interact with services and content," ICANN stated. "The  role of  the  DNS  might  become  even  more  crucial  from  a  security  and  stability perspective with IoT devices interacting with peo

Network World Security
Jul 24, 2019

When it comes to the IoT, Wi-Fi has the best security
When it comes to connecting internet of things (IoT) devices, there is a wide variety of networks to choose from, each with its own set of capabilities, advantages and disadvantages, and ideal use cases. Good ol' Wi-Fi is often seen as a default networking choice, available in many places, but of limited range and not particularly suited for IoT implementations.

According to Aerohive Networks, however, Wi-Fi is "evolving to help IT address security complexities and challenges associated with IoT devices." Aerohive sells cloud-managed networking solutions and was acquired recently by software-defined networking company Extreme Networks for some $272 million. And Aerohive's director of product marketing, Mathew Edwards, told me via email that Wi-Fi brings a number of security advantages compared to other IoT networking choices.

To read this article in full, please click here



Network World Security
Jul 24, 2019

How to set up Azure AD to spot risky users
You have several options to set up alerts in Azure Active Directory to help spot risky user behavior.

Network World Security
Jul 19, 2019

What is the dark web? And what will you find there?
The dark web may sound ominous, but it's really a catch-all term for the part of the internet that isn't indexed by search engines. Stay tuned for a guided tour of the web's less mainstream regions.

Network World Security
Jul 18, 2019

Worst DNS attacks and how to mitigate them
The Domain Name System remains under constant attack, and there seems to be no end in sight as threats grow increasingly sophisticated.

DNS, known as the internet's phonebook, is part of the global internet infrastructure that translates between familiar names and the numbers computers need to access a website or send an email. While DNS has long been the target of assailants looking to steal all manner of corporate and private information, the threats in the past year or so indicate a worsening of the situation.

To read this article in full, please click here



Network World Security
Jul 17, 2019

How to manage Microsoft Windows BitLocker
Use these techniques to inventory your network to determine which devices have BitLocker.

Network World Security
Jul 16, 2019

What the FTC's $5 billion fine really means for Facebook | TECH(feed)
Last week, the Federal Trade Commission hit Facebook with a $5 billion fine for mishandling user data. The fine comes after the FTC's investigation following the Cambridge Analytica scandal. On this episode of TECH(feed), Juliet discusses the implications of this fine -- and how Facebook may (or may not) change its practices.

Network World Security
Jul 11, 2019

How to set up Microsoft Cloud App Security
This new add-on will let you set up alerts about suspicious sign-on activity for Office 365 and other cloud apps.

Network World Security
Jul 01, 2019

Tempered Networks simplifies secure network connectivity and microsegmentation
The TCP/IP protocol is the foundation of the internet and pretty much every single network out there. The protocol was designed 45 years ago and was originally only created for connectivity. There's nothing in the protocol for security, mobility, or trusted authentication.

The fundamental problem with TCP/IP is that the IP address within the protocol represents both the device location and the device identity on a network. This dual functionality of the address lacks the basic mechanisms for security and mobility of devices on a network.

This is one of the reasons networks are so complicated today. To connect to things on a network or over the internet, you need VPNs, firewalls, routers, cell modems, etc. and you have all the configurations that come with ACLs, VLANs, certificates, and so on. The nightmare grows exponentially when you factor in internet of things (IoT) device connectivity and security. It's all unsustainable at scale.

To read this article in full, please click here



Network World Security
Jun 28, 2019

Cisco sounds warning on 3 critical security patches for DNA Center
Cisco issued three "critical" security warnings for its DNA Center users - two having a Common Vulnerability Scoring System rating of 9.8 out of 10.

The two worst problems involve Cisco Data Center Network Manager (DCNM).  Cisco DNA Center controls access through policies using Software-Defined Access, automatically provision through Cisco DNA Automation, virtualize devices through Cisco Network Functions Virtualization (NFV), and lower security risks through segmentation and Encrypted Traffic Analysis.

More about SD-WAN

How to buy SD-WAN technology: Key questions to consider when selecting a supplier How to pick an off-site data-backup method SD-Branch: What it is and why you'll need it What are the options for security SD-WAN? In one advisory Cisco said a vulnerability in the web-based management interface of DCNM could let an attacker obtain a valid session cookie without knowing the administrative user password by sending a specially crafted HTTP request to a specific web servlet that is available on affected devices. The vulnerability is due to improper session management on affected DCNM software.



Network World Security
Jun 26, 2019

How updates to MongoDB work to prevent data breaches | TECH(talk)
CSO senior writer Lucian Constantin and Computerworld Executive Editor Ken Mingis talk database security and how MongoDB's new field-level encryption takes security to the next level.

Network World Security
Jun 26, 2019

Oracle does-in Dyn, resets DNS services to cloud
Some may call it a normal, even boring course of vendor business operations but others find it a pain the rump or worse.

That about sums up the reaction to news this week that Oracle will end its Dyn Domain Name System enterprise services by 2020 and try to get customers to move to DNS services provided through Oracle Cloud.

More about DNS:

DNS in the cloud: Why and why not DNS over HTTPS seeks to make internet use more private How to protect your infrastructure from DNS cache poisoning ICANN housecleaning revokes old DNS security key Oracle said that since its acquisition of Dyn in 2016 and the ensuing acquisition of Zenedge, its engineering teams have been working to integrate Dyn's products and services into the Oracle Cloud Infrastructure platform. "Enterprises can now leverage the best-in-class DNS, web application security, and email delivery services within Oracle Cloud Infrastructure and enhance their applications with a comprehensive platform to build, scale, and operate their cloud infrastructure," according to

  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2020 CEOExpress Company LLC