The Role of Internet Service Providers in Cyber Security

Size: px
Start display at page:

Download "The Role of Internet Service Providers in Cyber Security"

Transcription

1 The Role of Internet Service Providers in Cyber Security June 2011 Project Leads Brent Rowe, MA, RTI International Dallas Wood, MA, RTI International Douglas Reeves, PhD, North Carolina State University\ Fern Braun, BA, RTI International Statement of Problem Internet insecurity is a worldwide problem that has generated a multitude of costs for businesses, governments, and individuals. Past research (e.g., Frith, 2005; Gallaher, Rowe, Rogozhin, & Link, 2006) suggests that one significant factor in these cyber security problems is the inadequate level of security maintained by home users and small businesses. Attackers compromise the computers of such users, developing networks of zombies or bots (called botnets ) through which they send large amounts of spam and conduct other malicious activity (Markoff, 2007). Unfortunately, home users and small businesses are often unaffected by such activities and thus lack the incentives to invest in a security plan that approaches the socially optimal level of security, thus making all users less secure (Schneier, 2007b). Economists refer to such an issue as a free rider or public goods problem (Anderson & Moore, 2006). A handful of research studies and security experts have suggested that Internet Service Providers (ISPs) may be in a good position to cost-effectively prevent certain types of malicious cyber behavior, such as the operation of botnets on home users and small businesses computers (e.g., Evers, 2005; Huang, Xianjun, and Whinston, 2007; Richards, 1

2 2007; and Schneier, 2007a). Similar to a neighborhood entrance security checkpoint that provides a measure of security to all houses branching off the private roads therein, individual Internet users would be much better protected if their ISP played a larger security role. One study found that just 10 ISPs accounted for 30 percent of IP addresses sending out spam worldwide, meaning that an ISP s actions to protect their network may already be an important factor in cyber security (Van Eeten 2010). The economic literature suggests that ISPs could take advantage of both information asymmetry and economies of scale to provide more security at a lower cost, particularly for individual Internet users and small businesses. The purpose of this brief is to review the existing literature and popular press on actions that ISPs are taking or could take to better secure their customers, economic barriers to such solutions, and incentives needed to increase ISP involvement. Cyber security has become a monumental problem. Franklin and colleagues (2007) and McDaniel (2006) suggest that sophisticated hackers are stealing hundreds of millions of dollars each year, in addition to the inefficiency costs incurred by businesses and individuals. Further, these authors suggest that one well-designed attack could easily destroy a business operations or cripple an industry or the electricity grid for several days or weeks. 1 In many cases today, the vehicles that hackers use to conduct illicit activities are compromised computers (sometimes called bots or botnets), usually owned by home Internet users and small businesses who are unaware that their computers have been recruited. In 2007, Dave DeWalt, CEO of McAfee, stated that he believes bots are the biggest cyber security threat today: the engines that drive everything (Swartz, 2007). And the 2007 National Academies report Toward a Safer and More Secure Cyberspace points to bots as a significant and growing threat to consumers and national security (Goodman & Lin, 2007). According to some estimates, bots could account for as many as 11% of the 650 million computers attached to the Internet, or 71.5 million computers (Markoff, 2007). Bots are used to send large amounts of spam, host phishing websites, and wage distributed denial of service (DDoS) attacks. Recent estimates suggest that between 80% and 95% of spam comes from botnets, and between 80% and 90% of is spam (Hodapp, 2007; Zhuge, Holz, Han, Guo, & Zou, 2007). This spam wastes time, costs money (e.g., through fraud), crashes servers, and serves as a mechanism both to distribute viruses, worms, and adware and to recruit new bots. To solve this problem, many security experts and researchers have suggested that ISPs are ideally suited to mitigate a variety of cyber security issues, including bot activities (Evers, 2005; Huang, Xianjun, & Whinston, 2007; Richards, 2007; Schneier, 2007a). 1 Of note, in early April 2009, it was announced that spies had penetrated the U.S. electricity grid (Gorman, 2009). 2

3 ISP-Based Security Solutions: Alternatives and Trends ISPs observe traffic flowing into and out of their networks. They are in a position to observe traffic spikes that could be associated with excessive malicious traffic (e.g., caused by worms or spam bots) and filter suspicious traffic. For example, ISPs could stop suspicious traffic from entering their network, and if traffic originating from their network looked malicious, they could suspend the network access of customers suspected of being bots or knowingly sending malicious traffic. Alternately, ISPs can force their users to adopt more security on their host computers. Today, many ISPs are offering some security services, but many are not (Schneier, 2007a). In general, ISP-based security solutions can be grouped into three main categories of implementation scenarios aimed at improving their customers security: 1. Fully External: Provide users with security advice (e.g., how to setup a firewall) or free products (e.g., antivirus software). 2. Fully Internal: Implement increased filtering at the ISP level so that suspicious activity is addressed (e.g., a user or group of users is investigated and possibly lose sending privileges temporarily) Partially Internal/Partially External: Impose policies on users that cause them to play a role in preventing unwanted traffic (e.g., an ISP forces customers to approve received from unknown senders before is accepted). Several ISPs today offer their customers fully external products and services. Many ISPs provide antivirus, firewall, or antimalware software to customers either free (i.e., included in the purchase of their Internet plan) or for an additional fee, which is often a lower price than that faced by individuals purchasing directly from companies such as McAfee or Norton. This promotes the use of security programs among customers who might not otherwise purchase the software. However, users are still usually left to install and operate such mechanisms on their own. In other cases, ISPs in the United States and abroad are offering fully internal services to business users. In October 2006, BT began to offer a service that involved robust scanning (Mellor, 2006). ISPs such as Comcast have also tried imposing penalties on their customers who allow zombies to operate on their network; however, users have responded very negatively to perceived filtering of their Internet communications (e.g., Roberts, 2004; Cassavoy, 2007; Mitchell, 2007). Additionally, business users have been wary of outsourcing their network security (Gallaher et al., 2006; Rowe, 2007). In economic terms, they seem to be responding to the principal agent problem (Jensen & Meckling, 1976) firms are concerned 2 It is very unlikely that ISPs will be able to provide fully secure Internet communications. In their argument for more ISP security liability, Lichtman and Posner (2004) acknowledge a negative effect of more ISP based security: users might decide to spend less on host level security. The authors suggest that robust ISP level and host level security would be ideal. 3

4 that the incentives motivating an ISP or managed security service provider (MSSP) 3 to provide the best security at the lowest cost are not fully aligned with their security desires. Further, the U.S. government has solicited secure Internet connections from ISPs through the Trusted Internet Connections Initiative (Nagest, 2009); this would provide fully internal security services to U.S. government agencies. AT&T was the first provider of such services. Several ISPs also offer partially internal and partially external services to home users and small business users. Earthlink forces customers to approve all new incoming message senders before messages can be accessed. This is not error-proof, however; a spammer could send from a known address, and it would get through. In the U.S., the Federal Communications Commission (FCC) and the legal system have recently begun to play a large role in the debate over what ISPs can and should be able to do in terms of treating customers differently and managing their network, including securityrelated activities. In 2008, Comcast began slowing user access to a file-sharing site. The FCC attempted to enforce net neutrality generally defined to mean not discriminating against Internet traffic based on the content by ordering that Comcast cease such activities. Comcast appealed the sanction, and in 2010 the U.S. Court of Appeals ruled unanimously in favor of Comcast, stating that the FCC does not have the power to halt this practice (NY Times, 2010). The Comcast case demonstrated that the legal restrictions on ISPs are not currently well defined. It is unclear how the FCC will be able to regulate the Internet in the future. Broadband may become a highly regulated utility like the telephone service industry or, if the current state of policy stands, the FCC may be unable to enforce its net neutrality policy. In terms of ISPs role in providing security to home Internet users, the FCC has so far only provided guidance to ISPs. A working group in FCC s Communications Security, Reliability and Interoperability Council released a network protection best practices document for ISPs in December 2010 (CSRIC 2010). The paper includes 24 best practices, divided into the categories of prevention, detection, notification, mitigation, and privacy considerations, and emphasizes the importance of timely detection and notification, security software provision, and improved end-user education. The group recommends that ISPs quarantine infected customers only after multiple contact attempts, except in extreme cases. In other countries, including Australia, the Netherlands, Germany, and Japan, governments are taking steps toward developing public-private partnerships to improve cyber security through ISPs. In 2010, Australia created a voluntary code of practice for ISPs, asking that they maintain a system for notifying infected computers, keep up-to-date threat information, provide resources for end users, and use a reporting mechanism to inform the government about severe threats (Internet Industry Association 2010). Japan has already 3 MSSPs are service companies that provide outsourced security services to businesses. 4

5 seen positive impacts from their Cyber Clean Center, a collection of over 70 ISPs dedicated to improving cyber security (OECD 2010). Overall, the market trend appears to be moving toward ISPs providing more security to their customers; a variety of barriers exist, however, and more information is needed (e.g., on customers willingness to pay for security) to motivate faster and more widespread ISP security provisioning. Economic Barriers to ISP-Provided Security Currently, the information necessary (e.g., costs, pricing models) to develop a convincing business model for ISPs to provide security to their customers does not exist in the public domain. Huang, Xianjun, and Whinston (2007) analyzed the issue and concluded that ISPs will continue to have trouble finding a return on their investment because of the significant costs involved in providing additional security filtering. ISPs concerns are varied, but they focus on the many costs of providing security services. Two such costs are described by an editorial response to the Australian government s ISP security mandate (Winterford & Hill, 2008): Technical costs: The primary technical costs are two fold identifying bots and stopping them; both are very complex tasks. Any solutions will require a variety of fixed and variable costs, including capital and labor required to identify potential botnets and to remediate the infection. Further, hackers continue to adapt their techniques to evade detection, making future service costs more uncertain. Customer service costs: One of the biggest costs to ISPs are the costs associated with successful notification of customers. might be perceived as spam, letters sent by mail may look like marketing material, and phone calls are costly. Further, identifying the person / computer that has been infected may be difficult if more than one computer exists at a given address. The costs for this activity can be significant. Legal issues: Customer contracts often specifically prevent an ISP from filtering traffic, and international connections multiply the potential legal complexities. ISPs also worry that providing more security would implicitly increase their liability (i.e., if an ISP states that they provide security and a customer is negatively affected by a security breach, the ISP could be held fully or partially liable). In a recent study by the authors of this research brief, the average cost of security for consumers purchasing security services from the top 23 ISPs, either as part of the price of the Internet plan or as a separate fee, was approximately $5 per month (Rowe et al, 2011). However, the cost for ISPs to providing these services is unknown. A study by Clayton (2010) analyzed the cost of a government-subsidized PC infection remediation scheme; the author estimated the cost of cleaning up an infected PC at $70. The 5

6 author s scenario assumed that an ISP would report a security problem to a customer, who would then choose to either pay some fee for the clean-up service, with the remainder of the cost covered by the government, or solve the problem themselves. Despite the insufficient information, ISP security provisioning could benefit from network effects. Economic theory suggests that ISP costs per unit of security provided should decrease as the number of ISPs implementing security measures increases because learning curve lessons are internalized by the market and a higher level of security results more quickly. User Demand for Security Proper incentive mechanisms are essential to gaining the participation of ISPs in providing security services. ISP-based security could offer a new source of revenue (as well as build customer loyalty and reduce customer turnover); however, the commercial success of ISP security offerings will depend largely on customers demand (i.e., willingness to pay) for additional security. Individuals and small businesses investments in cyber security are often neither socially nor privately optimal. Anecdotally, users interest in security products and services seems inconsistent, and their decision processes often differ greatly. 4 However, the overall lack of optimal investments can be explained in terms of two common economic concepts: (1) Incomplete information: Users inaccurately calculate the total private cost of security products and associated labor, as well as the impact of breaches (Gallaher et al., 2006). (2) Negative externalities: Users are apathetic regarding external costs that are imposed on other organizations and individual Internet users as a result of inadequate security at the investing organization. Several studies have tried to estimated demand for cyber security services. A 2004 study of consumers in the United Kingdom found that 58% would be willing to pay $3 or more per month for more protection. In the same study, 66% of consumers said they would switch ISPs to one that offered clean Internet service (StreamShield Networks, 2004). Gallaher and colleagues (2006) also interviewed a small sample of home Internet users and found that more than 50% spend more than $20 per year on security products or subscription services. More than half also indicated a willingness to pay their ISP 10% more for additional security. Most recently, in 2011 study by Rowe et al, stated preference analysis was used to assess users willingness to pay for security services. The results showed that the average respondent was willing to pay up to $7.24 per month (in addition to the current Internet access bill) if no time was required and his or her Internet could not be limited in any way. In particular, 4 Qualitative studies (e.g., Walsh 2008) have found that differing ways of conceptualizing security may make it difficult for ISPs to market and sell security products and services in a uniform fashion. 6

7 survey data suggested that such a plan would need to offer a greatly reduced risk of identity theft, less computer slow down or crashing, and greatly reduced risk to others (in order of the value placed by survey respondents) in order to increase willingness to pay. New Incentives for ISPs If sufficient user demand exists in excess of the costs involved, ISPs should be providing more security. Assuming most ISPs would investigate such options where additional revenue could be generated, it is likely that offering security services has never been an easily justified investment determination. As such, alternate strategies may be needed to motivate ISPs to become more involved in providing security, particularly to home users and small businesses, who have the least resources and information available with which to make security decisions and who, as a group, have the potential to aid attackers who abuse their insecurity. After concluding that ISPs should provide more security, Huang, Xianjun, & Whinston (2007) suggest that new incentive frameworks will be required. In particular, the authors suggest a new price-sharing scheme in which various Internet stakeholders share the costs by setting service prices inclusive of the positive and negative externalities inherent in decisions being made. Chen, Longstaff, and Carley (2004) developed a model to empirically analyze the incentive framework that would allow ISPs to provide additional security in the form of new DDoS filtering services to business customers. This paper is based on a more robust analysis than the Huang, Xianjun, and Whinston paper (2007), but the model discussed therein relies on relatively weak assumptions (e.g., a small number of ISP solutions should be considered, users willingness to pay should be averaged, and network effects should not be considered in ISPs cost functions). In general, both of these papers, which represent the best known papers on this topic, fail to provide empirical data with which to estimate the costs and benefits to ISPs and various Internet users. Absent identifiable market-based incentives for ISPs to be more diligent providers of security, government could take action. McCullagh (2005) and others have suggested that the government pass regulation to force ISPs to provide some level of security to customers, and Lichtman and Posner (2004) propose that courts encourage ISPs to offer more security by holding them accountable for failing to act. 5 Alternately, a 2007 paper by Parameswaran and colleagues advocates for a certifying authority to approve ISPs that provide higher security, thereby encouraging ISPs to prevent outbound malicious traffic. Government subsidies or other public support could also be considered if the private benefit-cost trade-off cannot motivate cost-effective private sector action and if neither government regulations nor liability are tenable solutions. 6 5 In 2006 a Belgian court ordered an ISP to block all peer-to-peer network traffic sent and received by its customers (Thomson, 2007). 6 Of note, several U.S. government initiatives have aimed to combat botnets. Through Operation Bot Roast, the Federal 7

8 Conclusion Research described in this brief suggests that ISPs are providing some security services to their customers today; however, many experts believe they should provide more. Barriers preventing ISPs from becoming more involved include a variety of technical costs and legal issues, as well as uncertainty regarding who would pay these costs. To overcome such barriers, several papers have suggested that government regulations or liability would provide the appropriate motivation to ISPs. Others suggest that users would pay enough to cover these ISP costs. Research by Rowe et al provides the first economic data to support the development of new product offerings and marketing tactics by ISPs as well as providing data to estimate the potential benefits that citizens if the government helped to subsidize ISP-based security. Looking forward, additional research is needed to assess the specific ways in which ISPs would bear costs to provide security. Identification, notification, and remediation costs need to be assessed separately to determine whether some of these costs (e.g., notification and/or remediation) could be shared through, for example, and public private partnership. Although ISPs do not view security as a central role, they are in an optimal position to provide security to home internet users. As such, more research and policy work should be conducted to test how ISPs could be incentivized e.g., through developing improved marketing messages to customers or by receiving government subsidies to provide increased security for their networks, potentially reducing cyber attacks and increasing the reliability of the entire Internet infrastructure. By shifting some of the burden of security from end users to ISPs, who have more information and are more technically capable, everyone could benefit ISPs, individual users, and businesses responsible for providing and operating (and profiting from) secure networks. Contact Information Brent Rowe 114 Sansome St., Suite 500, San Francisco, CA (415) Bureau of Investigation (FBI) contacted over a million PC owners whose computers were turned into bots (FBI, 2007). The Federal Trade Commission (FTC) also organized a campaign called Operation Spam Zombies, involving more than a dozen government agencies that aimed to identify and remove botnets by working with ISPs and consumers (FTC, 2005). No information was available on the success of either program. 8

9 This research brief was prepared by Mr. Brent Rowe, Mr. Dallas Wood, Dr. Douglas Reeves, and Ms. Fern Braun. Brent Rowe, MA, is a Senior Economist at RTI International. He has significant experience in studying security related issues and recently co-authored a book entitled Cyber Security: Economic Strategies and Public Policy Alternatives. Dallas Wood, MA is an Economist at RTI International. He has externsive research experience collected new data and conducting robust analyses for economic studies of new technologies as well as studies of environmental issues. Douglas Reeves, PhD, is a Professor of Computer Science and Electrical and Computer Engineering at N.C. State University. His research focuses on network security and peer-topeer computing, with current funding from the National Science Foundation (NSF). Fern Braun, BA, is an Associate Economist at RTI International. Her research has included providing data collection and analysis support for studies on new technologies and environmental policies. References Anderson, R., & Moore, T. (2006, October). The economics of information security. Science, 314, Australian Government, Department of Broadband Communications and the Digital Economy. (2009). Internet service provider (ISP) filtering. Retrieved May 1, 2009, from and support/c ybersafety_plan/internet_service_provider_isp_filtering. Cassavoy, L. (2007, April 24). Cable users get cut off. PC World Magazine. Retrieved April 24, 2009, at Chen, L., Longstaff, T., & Carley, K. (2004). The economic incentives of providing network security services on the Internet infrastructure. Journal of Information Technology Management 15(3-4):1 13. Clayton, Richard. (2010). Might Governments Clean-up Malware? Available at The Communications Security, Reliability and Interoperability Council (CSRIC). (2010). Internet Service Provider (ISP) network protection. Available at CTION_ pdf. Evers, J. (2005, July 19). ISPs versus the zombies. Cnet News.com. Retrieved April 24, 2009, at 9

10 Federal Bureau of Investigation (FBI). (2007). Bot-herders charged as part of initiative. Retrieved April 24, 2009, at Federal Trade Commission (FTC). (2005). FTC, partners launch campaign against spam zombies. Press release. Retrieved April 24, 2009, at Franklin, J., Paxson, V., Perrig, A., & Savage, S. (2007). An inquiry into the nature and causes of the wealth of Internet miscreants. Proceedings of the ACM Conference on Computer and Communications Security, Washington, DC, October 29-November 5, Frith, H. (2005, July 4). Home Internet users biggest threat to business. The Times Online. Retrieved April 24, 2009, at Gallaher, M., Rowe, B., Rogozhin, A., & Link, A. (2006, April). Economic analysis of cyber security and private sector investment decisions. Report prepared for the U.S. Department of Homeland Security. Research Triangle Park, NC: RTI International. Goodman, S. E., & Lin, H. S. (Eds). (2007). Toward a safer and more secure cyberspace. Committee on Improving Cybersecurity Research in the United States, National Research Council. Retrieved April 24, 2009, at Gorman, S. (2009, April 8). Electricity grid in U.S. penetrated by spies. The Wall Street Journal. Retrieved April 24, 2009, at Hodapp, L. (2007). Evolving methods for sending spam and malware. Presented at the Federal Trade Commission Spam Summit, July 11-12, Retrieved April 24, 2009, at Huang, Y., Xianjun, G., & Whinston, A. (2007). Defeating DDoS attacks by fixing the incentive chain. ACM Transactions on Internet Technology, 7(1), article 5, 1-5. Retrieved April 30, 2009, from Internet Industry Association. (2010). Internet Service Providers Voluntary Code of Practice. Retrived April 11, 2011, from Jensen, M. C., & Meckling, W. H. (1976). Theory of the firm: Managerial behavior, agency costs and ownership structure. Journal of Financial Econometrics, 3(4), Lichtman, D., and Posner, E. (2004). Holding Internet service providers accountable. University of Chicago John M. Olin Law and Economist Working Paper No Markoff, J. (2007, January 7). Attack of the zombie computers is growing threat. New York Times. Retrieved April 24, 2009, at 10

11 McCullagh, D., (2005, May 23). Feds to fight the zombies. Cnet News.com. Retrieved April 24, 2009, at McDaniel, P. (2006, December 6). Physical and digital convergence: Where the Internet is the enemy. Eighth International Conference on Information and Communications Security. Retrieved April 24, 2009, at Mellor, C. (2006, October 13). British ISP fires back at spammers. Computerworld Magazine. Retrieved April 24, 2009, at 4. Mitchell, D. (2007, April 14). Say good night, bandwidth hog. New York Times Magazine. Retrieved April 24, 2009, at ex= &en=1cdd9e38888ad6b6&ei=5088&partner=rssnyt&emc=rss. Nagest, G. (2009, March 16). GSA awards two more contracts for secure Internet service. Nextgov. Retrieved April 24, 2009, at NY Times. (2010). U.S. court curbs F.C.C. authority on web traffic. Available at OECD The Role of Internet Intermediaries in Advancing Public Policy Objectives. Retrieved April 11, 2011 at Parameswaran, M., Zhao, X., Whinston, A., & Fang, F. (2007). Reengineering the Internet for better security. IEEE Computer Magazine, 40(1), Richards, J. (2007, May 22). Make firms bear the cost to improve information security, says Schneier. Computer Weekly. Retrieved April 24, 2009, at Articles/2007/05/22/223959/make-firms-bear-the-cost-toimprove-information-security says-schneier.htm. Roberts, P. (2004, March 9). Comcast cuts off spam zombies. PC World Magazine. Retrieved April 24, 2009, at Rowe, B. (2007). Will outsourcing IT security lead to a higher social level of security? 2007 Workshop on the Economics of Information Security. Retrieved April 24, 2009, at Rowe, B., Wood, D., Reeves, D. & Braun, F. (2011, June). Economic Analysis of ISP Provided Cyber Security Solutions. Report prepared for the Institute for Homeland Security Solutions. Research Triangle Park, NC: RTI International. Schneier, B. (2007a). Do we really need a security industry? Schneier on Security blog entry written on May 3, Retrieved April 24, 2009, at 11

12 Schneier, B. (2007b). Home users: A public health problem? Schneier on Security blog entry written on September 14, Retrieved April 24, 2009, at StreamShield Networks. (2004, December 2). Consumers prepared to pay extra for clean and safe Internet service. Press release. Retrieved April 24, 2009, at Swartz, J. (2007, July 23). Cybersecurity CEO keeps watch over threat. USA Today, page 6B. Thomson, I. (2007, July 9). ISP told to block illegal P2P traffic. itnews. Retrieved April 24, 2009, at Walsh, R. (2008). Mental models of home computer security. Presented at Symposium on Usable Privacy and Security (SOUPS), July 23-25, 2008, Pittsburgh, PA. Winterford, B., & Hill, J. (2008). ISP-level content filtering won t work. ZDNet Australia, October 30, Retrieved April 24, 2009, at Van Eeten, M., Bauer, J., Asghari, H., Tabatabaie, S., Rand, D. (2010). The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Based on Spam Data. Available at Zhuge, J., Holz, T., Han, X., Guo, J., & Zou, W. (2007). Characterizing the IRC-based botnet phenomenon. Technical Report (TR ), Department for Mathematics and Computer Science, University of Mannheim, Germany. Retrieved April 24, 2009, at 12

Economic Analysis of ISP Provided Cyber Security Solutions

Economic Analysis of ISP Provided Cyber Security Solutions Economic Analysis of ISP Provided Cyber Security Solutions June 2011 Authors Brent Rowe, RTI International Dallas Wood, RTI International Doug Reeves, North Carolina State University Fern Braun, RTI International

More information

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

More information

FREQUENTLY ASKED QUESTIONS on C Y B E R S E C U R I T Y. By IEEE USA s Committee on Communications Policy

FREQUENTLY ASKED QUESTIONS on C Y B E R S E C U R I T Y. By IEEE USA s Committee on Communications Policy FREQUENTLY ASKED QUESTIONS on C Y B E R S E C U R I T Y By IEEE USA s Committee on Communications Policy December 2011 This Frequently Asked Questions (FAQs) was prepared by IEEE-USA s Committee on Communications

More information

Email Security: A Holistic Approach for SMB. 041: Email Security. Insight White Paper

Email Security: A Holistic Approach for SMB. 041: Email Security. Insight White Paper Implementing the latest anti-virus software and security protection systems can prevent many internal and external threats. But these security solutions have to be updated regularly to keep up with new

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team The Internet is in the midst of a global network pandemic. Millions of computers

More information

Network Security and the Small Business

Network Security and the Small Business Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,

More information

www.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach

www.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach 100% Malware-Free E-mail: A Guaranteed Approach 2 100% Malware-Free E-mail: A Guaranteed Approach Panda Security's Mail Filtering Managed Service Guarantees Clean E-mail Table of Contents Table of Contents...

More information

Software Engineering 4C03 SPAM

Software Engineering 4C03 SPAM Software Engineering 4C03 SPAM Introduction As the commercialization of the Internet continues, unsolicited bulk email has reached epidemic proportions as more and more marketers turn to bulk email as

More information

Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats

Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats 1 of 2 November, 2004 Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle

More information

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

More information

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your

More information

The Growing Problem of Outbound Spam

The Growing Problem of Outbound Spam y The Growing Problem of Outbound Spam An Osterman Research Survey Report Published June 2010 SPONSORED BY! #$!#%&'()*(!!!!"#$!#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058

More information

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012 Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives Initiation date: January 2012 Completion date: June 2012 Nomination submitted by: Samuel A. Nixon

More information

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT Rok Bojanc ZZI d.o.o. rok.bojanc@zzi.si Abstract: The paper presents a mathematical model to improve our knowledge of information security and

More information

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Internet Safety and Security: Strategies for Building an Internet Safety Wall Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet

More information

Outsourced Security Trends in Messaging April 2005

Outsourced Security Trends in Messaging April 2005 April 2005 205 Hudson Street, Floor 7 New York, NY 10013 212.620.2845 P 212.219.1660 F www.omnipod.com 2005 All Rights Reserved. Enterprises need a reliable, efficient way to secure their messaging infrastructure

More information

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall

GFI Product Comparison. GFI MailEssentials vs Barracuda Spam Firewall GFI Product Comparison GFI MailEssentials vs Barracuda Spam Firewall GFI MailEssentials Barracuda Spam Firewall Integrates closely with Microsoft Exchange Server 2003/2007/2010 Integrates closely with

More information

Advantages of Managed Security Services

Advantages of Managed Security Services Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network

More information

Anti-Phishing Best Practices for ISPs and Mailbox Providers

Anti-Phishing Best Practices for ISPs and Mailbox Providers Anti-Phishing Best Practices for ISPs and Mailbox Providers Version 2.01, June 2015 A document jointly produced by the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG) and the Anti-Phishing

More information

Will Outsourcing IT Security Lead to a Higher Social Level of Security?

Will Outsourcing IT Security Lead to a Higher Social Level of Security? Will Outsourcing IT Security Lead to a Higher Social Level of Security? Brent R. Rowe RTI International 3040 Cornwallis Rd., Research Triangle Park, NC browe@rti.org ABSTRACT More firms outsource information

More information

Cyber Security Solutions:

Cyber Security Solutions: ThisIsCable for Business Report Series Cyber Security Solutions: A Sampling of Cyber Security Solutions Designed for the Small Business Community Comparison Report Produced by BizTechReports.com Editorial

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

Cyber Security: Exploring the Human Element

Cyber Security: Exploring the Human Element Cyber Security: Exploring the Human Element Summary of Proceedings Cyber Security: Exploring the Human Element Institute of Homeland Security Solutions March 8, 2011 National Press Club Introduction A

More information

Spyware: Securing gateway and endpoint against data theft

Spyware: Securing gateway and endpoint against data theft Spyware: Securing gateway and endpoint against data theft The explosion in spyware has presented businesses with increasing concerns about security issues, from data theft and network damage to reputation

More information

Cyber-Security Risk in the Global Organization:

Cyber-Security Risk in the Global Organization: Cyber-Security Risk in the Global Organization: Trends, Challenges and Strategies for Effective Management David Childers, CCEP, CIPP CEO, Compli Todd Carroll Assistant Special Agent in Charge, FBI Three

More information

Let the Pirates Patch? An Economic Analysis of Network Software Security Patch Restrictions

Let the Pirates Patch? An Economic Analysis of Network Software Security Patch Restrictions Let the Pirates Patch? An Economic Analysis of Network Software Security Patch Restrictions Terrence August and Tunay I. Tunca Graduate School of Business, Stanford University Stanford, CA, 94305 Extended

More information

Trend Micro Hosted Email Security Stop Spam. Save Time.

Trend Micro Hosted Email Security Stop Spam. Save Time. Trend Micro Hosted Email Security Stop Spam. Save Time. How it Works: Trend Micro Hosted Email Security A Trend Micro White Paper l March 2010 Table of Contents Introduction...3 Solution Overview...4 Industry-Leading

More information

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc. Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

More information

Ipswitch IMail Server with Integrated Technology

Ipswitch IMail Server with Integrated Technology Ipswitch IMail Server with Integrated Technology As spammers grow in their cleverness, their means of inundating your life with spam continues to grow very ingeniously. The majority of spam messages these

More information

CYBEROAM UTM s. Outbound Spam Protection Subscription for Service Providers. Securing You. Our Products. www.cyberoam.com

CYBEROAM UTM s. Outbound Spam Protection Subscription for Service Providers. Securing You. Our Products. www.cyberoam.com CYBEROAM UTM s Outbound Spam Protection Subscription for Service Providers Our Products Unified Threat Management Agenda of Presentation What is Outbound Spam? Consequences of Outbound Spam Why current

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

LADIES AND GENTLEMEN,

LADIES AND GENTLEMEN, SIMPLY GOOD NEWS LADIES AND GENTLEMEN, Phishing Virus Clean Mail DoS Attack Trojan Horse Malware 02 Thank you for considering antispameurope. And we got good news for you. Because if you choose one of

More information

Before the Department of Commerce Washington, D.C. 20230

Before the Department of Commerce Washington, D.C. 20230 Before the Department of Commerce Washington, D.C. 20230 In the Matter of ) ) Models to Advance Voluntary Corporate ) Notification to Consumers Regarding ) Docket No: 110829543-1541-01 the Illicit Use

More information

Emerging Trends in Fighting Spam

Emerging Trends in Fighting Spam An Osterman Research White Paper sponsored by Published June 2007 SPONSORED BY sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Phone: +1 253 630 5839 Fax: +1 866

More information

FIRST WORKING DRAFT FOR PUBLIC COMMENT. StopBadware s Best Practices for Web Hosting Providers: Responding to Malware Reports.

FIRST WORKING DRAFT FOR PUBLIC COMMENT. StopBadware s Best Practices for Web Hosting Providers: Responding to Malware Reports. StopBadware s Best Practices for Web Hosting Providers: Responding to Malware Reports Introduction Malware poses a serious threat to the open Internet; a large and growing share of malware is distributed

More information

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015 Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

TUSKEGEE CYBER SECURITY PATH FORWARD

TUSKEGEE CYBER SECURITY PATH FORWARD TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,

More information

The effect of cybercrime on a Bank's finances

The effect of cybercrime on a Bank's finances ISSN: 2347-3215 Volume-2 Number 2 (February-2014) pp.173-178 www.ijcrar.com The effect of cybercrime on a Bank's finances A.R. Raghavan 1 and Latha Parthiban 2* 1 Flat no 20, Door no 9, Prashanth Manor,

More information

ABSTRACT. ROWE, BRENT R. Will Outsourcing IT Security Lead to a Higher Social Level of Security? (under the supervision of Dr. Stephen E.

ABSTRACT. ROWE, BRENT R. Will Outsourcing IT Security Lead to a Higher Social Level of Security? (under the supervision of Dr. Stephen E. ABSTRACT ROWE, BRENT R. Will Outsourcing IT Security Lead to a Higher Social Level of Security? (under the supervision of Dr. Stephen E. Margolis) More firms outsource information technology (IT) security

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

Data Center Security in a World Without Perimeters

Data Center Security in a World Without Perimeters www.iss.net Data Center Security in a World Without Perimeters September 19, 2006 Dave McGinnis Director of MSS Architecture Agenda Securing the Data Center What threats are we facing? What are the risks?

More information

Who s Doing the Hacking?

Who s Doing the Hacking? Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from

More information

TLP WHITE. Denial of service attacks: what you need to know

TLP WHITE. Denial of service attacks: what you need to know Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...

More information

October Is National Cyber Security Awareness Month!

October Is National Cyber Security Awareness Month! (0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life

More information

Information Security Summit 2005

Information Security Summit 2005 Information Security Summit 2005 Forensically Sound Information Security Management in a Risk Compliance Era Keynote Opening Address by Mr. Howard C Dickson Government Chief Information Officer Government

More information

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1 Threats and Attacks Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to:

More information

Stop Spam. Save Time.

Stop Spam. Save Time. Stop Spam. Save Time. A Trend Micro White Paper I January 2015 Stop Spam. Save Time. Hosted Email Security: How It Works» A Trend Micro White Paper January 2015 TABLE OF CONTENTS Introduction 3 Solution

More information

2012 NORTON CYBERCRIME REPORT

2012 NORTON CYBERCRIME REPORT 2012 NORTON CYBERCRIME REPORT 2012 NORTON CYBERCRIME REPORT 24 COUNTRIES AUSTRALIA, BRAZIL, CANADA, CHINA, COLOMBIA, DENMARK, FRANCE, GERMANY, INDIA, ITALY, JAPAN, MEXICO, NETHERLANDS, NEW ZEALAND, POLAND,

More information

Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks

Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks Farnam Jahanian University of Michigan and Arbor Networks IFIP Working Group 10.4 June 29-30, 2006 What s the

More information

Promoting Network Security (A Service Provider Perspective)

Promoting Network Security (A Service Provider Perspective) Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL hsgupta@bsnl.co.in DNW, BSNL 1 Agenda Importance of Network Security

More information

Recurrent Patterns Detection Technology. White Paper

Recurrent Patterns Detection Technology. White Paper SeCure your Network Recurrent Patterns Detection Technology White Paper January, 2007 Powered by RPD Technology Network Based Protection against Email-Borne Threats Spam, Phishing and email-borne Malware

More information

Create Extraordinary Online Consumer Experiences. Your Journey Begins with Nominum

Create Extraordinary Online Consumer Experiences. Your Journey Begins with Nominum Create Extraordinary Online Consumer Experiences Your Journey Begins with Nominum What does it mean to do business with the world s DNS innovation leader? Your Internet services are built on bedrock. Nominum.

More information

Office of Inspector General

Office of Inspector General Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit

More information

Attachment spam the latest trend

Attachment spam the latest trend the latest trend Spammers using common file formats as attachments for pumpand-dump scams This white paper explains what makes spam such an unbearable problem and how spamming tactics are evolving daily

More information

Safety in numbers? The effect of network competition on cybersecurity

Safety in numbers? The effect of network competition on cybersecurity Safety in numbers? The effect of network competition on cybersecurity Carolyn Gideon Fletcher School, Tufts University Christiaan Hogendorn Wesleyan University 2014 TPRC 42 nd Research Conference on Communication,

More information

Voice Over IP Technology. Zlatko Jovanovic. International Academy of Design and Technology

Voice Over IP Technology. Zlatko Jovanovic. International Academy of Design and Technology Voice Over IP Technology Zlatko Jovanovic International Academy of Design and Technology Abstract New technologies often give us new, different way of doing things, than we are used to. One of the new

More information

5 Simple Ways To Avoid Getting An Avalanche of Spam

5 Simple Ways To Avoid Getting An Avalanche of Spam Customer Education Series 5 Simple Ways To Avoid Getting An Avalanche of Spam A Business Owners Guide To Eliminating The 10-15 Most Unproductive Minutes Of Each Employee s Day 5 Easy Ways to Avoid Getting

More information

White Paper. April 2006. Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks

White Paper. April 2006. Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks White Paper April 2006 Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks According to a recent Harris Interactive survey, the country s leading business executives consider

More information

Title: Designing User Incentives for Cybersecurity

Title: Designing User Incentives for Cybersecurity Title: Designing User Incentives for Cybersecurity Authors: Terrence August 1, Robert August 2, Hyoduk Shin 3 ACM, (2014). This is the author's version of the work. It is posted here by permission of ACM

More information

Cyber-safety for Senior Australians. Inquiry Submission

Cyber-safety for Senior Australians. Inquiry Submission SUBMISSION NO. 32 Cyber-safety for Senior Australians Inquiry Submission The AISA Response to the Parliament s Joint Select Committee s call for submissions Date 23 March 2012 Page 1 Executive Summary:

More information

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C. Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.

More information

Managing Security Risks in Modern IT Networks

Managing Security Risks in Modern IT Networks Managing Security Risks in Modern IT Networks White Paper Table of Contents Executive summary... 3 Introduction: networks under siege... 3 How great is the problem?... 3 Spyware: a growing issue... 3 Feeling

More information

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014 A Small Business Approach to Big Business Cyber Security Brent Bettis, CISSP 23 September, 2014 1 First, a Video http://www.youtube.com/watch?v=cj8wakqwlna 2 3 Agenda Threat Landscape Strategic Initiatives

More information

Botnets: The dark side of cloud computing

Botnets: The dark side of cloud computing Botnets: The dark side of cloud computing By Angelo Comazzetto, Senior Product Manager Botnets pose a serious threat to your network, your business, your partners and customers. Botnets rival the power

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

Commtouch RPD Technology. Network Based Protection Against Email-Borne Threats

Commtouch RPD Technology. Network Based Protection Against Email-Borne Threats Network Based Protection Against Email-Borne Threats Fighting Spam, Phishing and Malware Spam, phishing and email-borne malware such as viruses and worms are most often released in large quantities in

More information

Emerging risks for internet users

Emerging risks for internet users Sabeena Oberoi Assistant Secretary, Cyber Security and Asia Pacific Branch Department of Broadband, Communications and the Digital Economy Government s role - DBCDE The new Australian Government Cyber

More information

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial

More information

Countermeasures against Bots

Countermeasures against Bots Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer

More information

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy House Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure

More information

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have

More information

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS Software Engineering 4C03 Class Project Computer Networks and Computer Security COMBATING HACKERS Done By: Ratinder Ricky Gill Student Number: 0048973 E-Mail: gillrr@mcmaster.ca Due: Tuesday April 5, 2005

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title

More information

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers How to Protect Your from Hackers Web attacks are the greatest threat facing organizations today. In the last year, Web attacks have brought down businesses of all sizes and resulted in massive-scale data

More information

Emerging Security Technological Threats

Emerging Security Technological Threats Emerging Security Technological Threats Jamie Gillespie Training and Education Team Leader, AusCERT About AusCERT Australia s national CERT Collect, monitor, advise on threats and vulnerabilities Incident

More information

Evaluating DMARC Effectiveness for the Financial Services Industry

Evaluating DMARC Effectiveness for the Financial Services Industry Evaluating DMARC Effectiveness for the Financial Services Industry by Robert Holmes General Manager, Email Fraud Protection Return Path Executive Summary Email spoofing steadily increases annually. DMARC

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

IBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure

IBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure IBM Global Small and Medium Business Keep Your IT Infrastructure and Assets Secure Contents 2 Executive overview 4 Monitor IT infrastructure to prevent malicious threats 5 Protect IT assets and information

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent

More information

Network attack and defense

Network attack and defense Network attack and defense CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration 2007, 2008 Robert H. Sloan 1 Outline 1. Overview

More information

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling White Paper As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection

More information

U. S. Attorney Office Northern District of Texas March 2013

U. S. Attorney Office Northern District of Texas March 2013 U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate

More information

Global Corporate IT Security Risks: 2013

Global Corporate IT Security Risks: 2013 Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs

More information

Websense: Worldwide Leader in Web Filtering Expands into Web Security

Websense: Worldwide Leader in Web Filtering Expands into Web Security Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com VENDOR PROFILE Websense: Worldwide Leader in Web Filtering Expands into Web Security Brian E. Burke

More information

HOW TO PREVENT SPAM AND MALWARE IN MAIL MOST EFFECTIVELY Index 1. Battling the increase in malware 2 2. Addressing the surplus of spam 3 3. The mail server A critical vulnerability 4 3.1 Denial of Service

More information

Stopping zombies, botnets and other email- and web-borne threats

Stopping zombies, botnets and other email- and web-borne threats Stopping zombies, botnets and other email- and web-borne threats Hijacked computers, or zombies, hide inside networks where they send spam, steal company secrets, and enable other serious crimes. This

More information

A Review on IRC Botnet Detection and Defence

A Review on IRC Botnet Detection and Defence A Review on IRC Botnet Detection and Defence Bernhard Waldecker St. Poelten University of Applied Sciences, Austria Bachelor programme: IT-Security 1 Introduction Nowadays botnets pose an enormous security

More information

OIG Fraud Alert Phishing

OIG Fraud Alert Phishing U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION Washington, D.C. 20507 Office of Inspector General Aletha L. Brown Inspector General July 22, 2005 OIG Fraud Alert Phishing What is Phishing? Phishing is a

More information

SAAS VS. ON-PREMISE SECURITY. Why Software-as-a-Service Is a Better Choice for Email and Web Threat Management

SAAS VS. ON-PREMISE SECURITY. Why Software-as-a-Service Is a Better Choice for Email and Web Threat Management SAAS VS. ON-PREMISE SECURITY Why Software-as-a-Service Is a Better Choice for Email and Web Threat Management How SaaS Solves the Problems of On-Premise Security Businesses traditionally invest in security

More information

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security

More information

FBI: Taking down Botnets - Testimony

FBI: Taking down Botnets - Testimony FBI: Taking down Botnets - Testimony Joseph Demarest Assistant Director, Cyber Division Federal Bureau of Investigation Statement Before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

4 Messaging Technology

4 Messaging Technology 4 Messaging Technology Previously this was published as the Email Technical Report. From this volume we have changed the name to Messaging Technology. Messaging Technology 4.1 Introduction Messaging Technology

More information