Hackers infiltrated a website operated by the United States Ski and Snowboard Association (USSA) for the National Standard Race (NASTAR) but ultimately did not take any significant adverse actions.
Continue readingTag: cybersecurity
Over the last several years we have seen encryption become more pervasive. Does it now make sense for security teams to invest in network security monitoring solutions?
With the strong push for encryption on everything from websites to hard drives, encryption is becoming a standard practice for most organizations. Reviewing the graph below from Google’s Transparency Report, we see that a majority of web traffic is now HTTPS.
Encryption is permeating other protocols. In September 2018, CloudFlare announced a new protocol that hides the server name during the SSL handshake. RFC 7858 (DNS-over-TLS) and RFC 8484 (DNS-over-HTTPS) both were proposed this decade and are already implemented by some organizations. (Note that DNSSEC doesn’t encrypt dns queries, but ensures they are authenticated.) SMB and SNMP in their third versions also include cryptographic capabilities. Microsoft’s Remote Desktop protocol now incorporates SSL, and SSH has always been encrypted.
It seems that just about all data transmitted over a network is encrypted or is moving in that direction. It is these reasons that some vendors push to move security monitoring to the endpoint where the machine decrypts the information anyways. Is network security monitoring dead in the coming age of encryption? Continue reading
Every organization with an Internet presence is battling for survival. State-sponsored hackers and organized crime groups continue to gather power and are more dangerous than ever before. We have approached the day when organizations must combine forces and reallocate resources to effectively defend against these formidable adversaries.
Continue reading