10 types of information security threats for IT teams

Copyright TechTarget - All rights reserved https://cyber.law.harvard.edu/rss/rss.html Techtarget Feed Generator en Sat, 07 Mar 2026 16:51:26 GMT https://www.techtarget.com/searchsecurity editor@techtarget.com <p>Cybersecurity teams must be mindful at all times of the current threats their organization faces. While it's impossible to thwart every threat, stopping as many as possible and quickly detecting when they occur are both critical for reducing damage.</p> <p>It is important to note that many cybersecurity incidents involve multiple types of threats. In a nutshell, a <i>security threat</i> is a malicious act that aims to corrupt or steal data or disrupt an organization's systems or the entire organization. A <i>security event</i> refers to an occurrence during which company data or its network might have been exposed. An event that results in a data or network breach is called a <i>security incident</i>.</p> <p>Here are 10 types of threats that cybersecurity teams should focus on.</p> <section class="section main-article-chapter" data-menu-title="1. Supply chain attacks"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. Supply chain attacks</h2> <p>Supply chain attacks are challenging to identify because they usually involve a breach or other cybersecurity compromise affecting a trusted third party, such as a supplier, partner, contractor, vendor or service provider. In this attack, the third party does not realize it has been compromised and therefore spreads the threat to its customers, partners and vendors.</p> <p>For example, a vendor's software might accidentally be infected with malware during manufacturing, or bad actors might add malicious code that steals sensitive data from organizations using a service provider's offering. Another form of supply chain attack involves counterfeit products and legitimate products that have been tampered with after manufacturing and packaging.</p> <h3>How to prevent supply chain attacks</h3> <p>To prevent supply chain attacks, only work with trusted third-party vendors, service providers, partners and contractors. Perform <a href="https://www.techtarget.com/searchsecurity/tip/How-to-build-an-effective-third-party-risk-assessment-framework">third-party risk assessments</a>, conduct continuous vendor monitoring and keep an accurate inventory of all third parties and their dependencies.</p> <p>In addition, only purchase technology products and services from reputable manufacturers and vendors. Examine any physical technology purchases for anything suspicious, especially on product packaging or the product surface itself.</p> </section> <section class="section main-article-chapter" data-menu-title="2. Distributed denial-of-service attacks"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Distributed denial-of-service attacks</h2> <p><a href="https://www.techtarget.com/searchsecurity/definition/distributed-denial-of-service-attack">DDoS</a> attacks occur when thousands or millions of compromised devices simultaneously overwhelm a server, network or other target. The compromised devices are typically part of a botnet, enabling attackers to easily coordinate all devices in performing DDoS attacks. The goal of a DDoS attack is to disrupt the target's operations, preventing legitimate use of resources.</p> <h3>How to prevent DDoS attacks</h3> <p>Preventing DDoS attacks is a unique challenge. No matter how much capacity enterprise systems and networks have, a large DDoS attack can still clog them.</p> <p>Options for mitigating DDoS attacks include the following:</p> <ul type="disc" class="default-list"> <li>Partner with an MSP or other third party that specializes in DDoS attack monitoring and mitigation.</li> <li>Deploy and configure network security devices in front of systems and networks to <a href="https://www.techtarget.com/searchsecurity/feature/Implement-API-rate-limiting-to-reduce-attack-surfaces">enforce rate limiting</a> and stop traffic from known botnets.</li> <li>Design the organization's important applications with resilience in mind, such as duplicating key resources on other networks so that a DDoS attack against one network will not completely disrupt applications.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="3. Social engineering and phishing attacks"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. Social engineering and phishing attacks</h2> <p>Social engineering comes in many forms, from someone pretending to be a delivery person in order to access a secure area to someone sending phishing emails, texts or other forms of messaging to deceive the recipient.</p> <p>The goal of phishing, the most popular form of social engineering, is to get the recipient to divulge credentials, bank information or other sensitive data, or to install malware on the recipient's device.</p> <h3>How to prevent social engineering and phishing attacks</h3> <p>Some social engineering and phishing attacks can be stopped only by the intended victims. This requires that individual users be trained on <a href="https://www.techtarget.com/searchsecurity/feature/How-to-avoid-phishing-hooks-A-checklist-for-your-end-users">how to identify attacks</a> and what to do if an attack occurs. For example, they'll need to scrutinize links and email attachments for anything suspicious.</p> <p>Many phishing attacks can be stopped through automated means, such as antispam and antimalware technologies, that are frequently updated with the latest threat intelligence. Some phishing attacks exploit software vulnerabilities, so keep all devices' software patched and up to date.</p> </section> <section class="section main-article-chapter" data-menu-title="4. Attacks through look-alike content"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. Attacks through look-alike content</h2> <p>Attackers often craft websites, social media accounts, advertisements and other online content to look just like the real thing. When visited, that content <a href="https://www.techtarget.com/searchsecurity/tip/10-common-types-of-malware-attacks-and-how-to-prevent-them">installs malware on users' computers</a>. Known as <i>drive-by download attacks</i>, users have no idea that anything bad has happened.</p> <h3>How to prevent attacks through look-alike content</h3> <p>Educate users on how to verify that URLs, social media accounts and other content are legitimate to prevent these attacks. Tell users not to click on advertisements from work devices.</p> <p>To stay on top of the latest threats, consider subscribing to near-real-time <a href="https://www.techtarget.com/searchsecurity/tip/Top-open-source-and-commercial-threat-intelligence-feeds">threat intelligence feeds</a>. These can be consumed by an organization's cybersecurity technologies to quickly stop access to look-alike content once others detect and report it. Organizations should also keep software patched and up to date to minimize the risk of malicious content exploiting vulnerabilities.</p> </section> <section class="section main-article-chapter" data-menu-title="5. Misinformation and disinformation"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5. Misinformation and disinformation</h2> <p>Misinformation is incorrect information, while disinformation is intentional misinformation designed to trick people -- another form of social engineering. Whether information is accidentally or intentionally wrong, the effect is the same: it convinces people that false statements are true and often triggers them to act on those false statements.</p> <p>Misinformation and disinformation come in many forms. AI technologies are <a href="https://www.techtarget.com/searchsecurity/tip/Real-world-AI-voice-cloning-attack-A-red-teaming-case-study">now widely used to create deepfake audio and video</a> that often can't be distinguished from the real thing. Websites, emails and other content might also provide false instructions to users on how to improve security or functionality on their work computers. Rumors about the organization itself could also surface inside or outside the business.</p> <h3>How to prevent misinformation and disinformation</h3> <p>Misinformation and disinformation are often difficult to detect through automated means. Instead, rely on regularly scheduled <a href="https://www.techtarget.com/searchsecurity/definition/security-awareness-training">security awareness training</a> to teach employees how to spot misinformation and disinformation. Educate them on how to verify information pertaining to both internal and external matters. Also, provide a website where members of the public can verify the legitimacy of communications they receive from the organization, and provide a mechanism for the public to report misinformation and disinformation involving the organization.</p> </section> <section class="section main-article-chapter" data-menu-title="6. Credential compromise and account takeover"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6. Credential compromise and account takeover</h2> <p>Passwords, ID badges and other credentials are obvious targets for attackers. Passwords can be acquired in many ways, including social engineering and phishing, watching someone enter a password on their phone, guessing a password -- known as <i>brute-force attacking</i> -- or reusing a previously compromised password that the person used for multiple accounts.</p> <p>Possessing a password enables an attacker, in many cases, to access and control the user account. This is known as an <i>account takeover</i>.</p> <h3>How to prevent credential compromise and account takeover</h3> <p>Avoid relying only on passwords for user authentication. Requiring MFA and switching from passwords to <a href="https://www.techtarget.com/searchsecurity/definition/passwordless-authentication">passwordless authentication</a> are two effective alternatives. If passwords are required, teach employees <a href="https://www.techtarget.com/searchsecurity/tip/How-to-create-a-strong-passphrase-with-examples">how to create strong passphrases</a>, which are a more secure alternative to passwords.</p> <p>In addition, train users on how to safeguard their credentials and what to do if they think one of their credentials has been compromised. Another helpful measure is to use cybersecurity technologies that monitor authentication attempts. Use these tools to identify anomalies, such as the same user connecting to email from different geographic locations at the same time, which could indicate someone masquerading as the user.</p> </section> <section class="section main-article-chapter" data-menu-title="7. Ransomware"> <h2 class="section-title"><i class="icon" data-icon="1"></i>7. Ransomware</h2> <p>Ransomware uses encryption to make computers or files inaccessible or extortion to get victims to pay a ransom to get their stolen data back. While most ransomware attacks result from phishing or other forms of social engineering, some ransomware campaigns target exploitable software vulnerabilities.</p> <h3>How to prevent ransomware</h3> <p>Train users to avoid social engineering attacks, and teach them <a href="https://www.techtarget.com/searchsecurity/tip/How-to-effectively-respond-to-a-ransomware-attack">what to do if a ransomware infection occurs</a>. Seconds can make a difference between a single computer being infected and an infection spreading throughout an organization.</p> <p>To minimize vulnerabilities that ransomware can exploit, organizations should keep all software current with the latest patches and updates. It's also critical to use antimalware technologies that detect and stop ransomware, along with cyberthreat intelligence feeds that provide near-real-time updates on the latest ransomware threats.</p> </section> <section class="section main-article-chapter" data-menu-title="8. Persistence threats"> <h2 class="section-title"><i class="icon" data-icon="1"></i>8. Persistence threats</h2> <p>Persistence refers to an attacker's ability to gain and then maintain access to a system without being detected. Known as <i>advanced persistent threats</i> (<a href="https://www.techtarget.com/searchsecurity/definition/advanced-persistent-threat-APT">APTs</a>), attackers can persist unnoticed in compromised systems for days, weeks or months. During this time, they could access and exfiltrate sensitive data, compromise additional systems and monitor conditions until they are ready to launch a more devastating attack.</p> <h3>How to prevent persistence</h3> <p>Use firewalls and other network security tools, along with threat intelligence feeds, to block access to and from known malicious domains, IP addresses and websites. This denies APTs by disrupting the command-and-control channels they rely upon.</p> <p>Monitor network traffic to look for signs of unauthorized access to internal systems. Use antimalware and antiphishing technologies to detect and stop attacks in transit. Also, scan the organization's devices regularly for signs of bots, exploit kits and other attack tools. Act swiftly whenever any such unauthorized tools are detected.</p> </section> <section class="section main-article-chapter" data-menu-title="9. Insider threats"> <h2 class="section-title"><i class="icon" data-icon="1"></i>9. Insider threats</h2> <p>An insider threat is when an employee, contractor or other person within an organization misuses their technology privileges in ways that violate and harm the organization's cybersecurity. For example, an employee emailing sensitive data to external email addresses for the purposes of selling the data. A more complex example is two employees in different roles colluding to steal from the organization.</p> <h3>How to prevent insider threats</h3> <p>Follow the <a href="https://www.techtarget.com/searchsecurity/definition/principle-of-least-privilege-POLP">principle of least privilege</a> to ensure each user has the minimal access needed to do their job. Train all users, including contractors and vendors, on acceptable use policies and the potential consequences of violating them. Monitor all user activity for signs of suspicious behavior. Promptly investigate potentially malicious behavior.</p> </section> <section class="section main-article-chapter" data-menu-title="10. Accidental data leaks"> <h2 class="section-title"><i class="icon" data-icon="1"></i>10. Accidental data leaks</h2> <p>Accidental data leaks occur when an organization's sensitive data is inadvertently made available to unauthorized parties or systems. Examples include choosing the wrong recipient for an email, uploading the wrong file to a website or shared storage, or posting data for public access that has not yet been approved for release.</p> <p>Data leaks can also occur when old or broken technologies are disposed of without first sanitizing or physically destroying their data storage. Printouts are also mechanisms for data leaks.</p> <h3>How to prevent accidental data leaks</h3> <p>Teach users to double-check recipients, attachments and other components of emails and other messages before sending them. Use <a href="https://www.techtarget.com/searchsecurity/tip/Top-7-data-loss-prevention-tools">data loss prevention technologies</a> to examine outbound emails and other applications for potential signs of data leaks. Carefully control physical access to printed sensitive data so that printouts are not left unattended and are shredded when no longer needed.</p> <p><i>Karen Kent is the co-founder of Trusted Cyber Annex. She provides cybersecurity research and publication services to organizations and was formerly a senior computer scientist for NIST.</i></p> <p> </p> </section> Know thine enemy -- and the common security threats that can bring an unprepared organization to its knees. Learn what these threats are and how to prevent them. https://cdn.ttgtmedia.com/rms/onlineimages/security_a303249453.jpg https://www.techtarget.com/searchsecurity/feature/Top-10-types-of-information-security-threats-for-IT-teams Thu, 05 Feb 2026 09:00:00 GMT 10 types of information security threats for IT teams <p>Intrusion detection systems help enterprise cybersecurity teams monitor systems and workloads for suspicious activity. However, attackers can still penetrate networks and remain undetected for long periods using evasion techniques.</p> <p>For more than two decades, <a href="https://www.techtarget.com/searchsecurity/definition/intrusion-detection-system">IDSes</a> have been a security must-have, helping identify anomalous activity and alerting admins of potential issues. Their later advancements, including automated actions, such as blocking suspicious network traffic, stopping malicious packets, and sending alerts and data to a SIEM or similar centralized platform, fortified their place in the security arsenal.</p> <p>Yet malicious hackers have devised numerous ways to elude IDSes. Let's examine seven common IDS evasion techniques security teams should know about, as well as how to mitigate them.</p> <section class="section main-article-chapter" data-menu-title="1. Compromising trusted applications and infrastructure"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. Compromising trusted applications and infrastructure</h2> <p>End users tend to implicitly trust the applications they use and the infrastructure those applications run on. Attackers have developed techniques, such as <a href="https://www.techtarget.com/searchsecurity/answer/How-can-I-detect-fileless-malware-attacks">fileless malware</a>, to masquerade as trusted apps and services. Fileless malware lacks executable files, which makes it hard to detect. It is designed to take over and control trusted apps and services without the user noticing. The malware then installs keyloggers or Trojans and tries to steal login credentials. Because not all services and apps encrypt communications, attackers can easily insert malicious payloads to steal business-critical data.</p> </section> <section class="section main-article-chapter" data-menu-title="2. Obfuscation"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Obfuscation</h2> <p>Cyberattackers design malware to confuse network security tools and penetrate networks unnoticed. This is known as <a href="https://www.techtarget.com/searchsecurity/definition/obfuscation">obfuscation</a>. For example, organizations use encryption obfuscation to protect data from being read by bad actors. Attackers use obfuscation to render a file's data or signature indecipherable, remove identifying metadata, insert useless code or alter file names. Obfuscated, the malware's code might appear innocuous to an IDS or static analysis tool and be allowed to pass through a scan without being revealed as malicious.</p> <p>The 2019 SolarWinds supply chain attack involved obfuscation. Attackers used it to bypass security measures and insert backdoors into the SolarWinds Orion platform. The obfuscation techniques included faking activity, deleting programs after use and altering audit logs.</p> </section> <section class="section main-article-chapter" data-menu-title="3. IP packet fragmentation"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. IP packet fragmentation</h2> <p>Packet fragmentation involves splitting packets into smaller fragments under the network's maximum size and reassembling them at their destination. While not necessarily a malicious process, attackers use packet fragmentation nefariously. For example, attackers know that IDSes often won't scan every network packet fragment because it expends a lot of computing and processing power. Attackers therefore send a slot of fragmented packets in hopes the IDS will not scan them, allowing the malicious code to bypass the security system altogether.</p> </section> <section class="section main-article-chapter" data-menu-title="4. Source routing"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. Source routing</h2> <p>Source routing enables a sender to specify a packet's route through a network, rather than letting a router determine its path. Attackers use source routing maliciously by providing a specific destination that bypasses the IDS.</p> </section> <section class="section main-article-chapter" data-menu-title="5. Source port manipulation"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5. Source port manipulation</h2> <p>IDSes and firewalls can be tricked into believing a file is going to a specific -- and often benign -- port rather than a legitimate one. Known as source port manipulation, this usually involves a port that is blocked from external traffic. For example, an attacker could make it appear the destination for their malware is port 80 -- primarily used for HTTP -- when the actual target port is normally not open to external traffic.</p> </section> <section class="section main-article-chapter" data-menu-title="6. IP address spoofing"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6. IP address spoofing</h2> <p>IP address spoofing involves attackers altering the headers of their malicious data packets to appear to be from a legitimate host. The target system's IDS and firewall believe the data packets are from a legitimate source and, therefore do not filter the packets containing spoofed IP addresses.</p> </section> <section class="section main-article-chapter" data-menu-title="7. Creating specialized packets"> <h2 class="section-title"><i class="icon" data-icon="1"></i>7. Creating specialized packets</h2> <p>Attackers can use packet crafting tools to create their own customized data packets that evade an IDS. The attackers append data to the payload or use Unicode -- special characters designed to represent various languages. The malware's pattern, disguised to trick a signature-based IDS, looks legitimate, which enables malicious payloads to reach the intended server.</p> </section> <section class="section main-article-chapter" data-menu-title="How to mitigate intrusion detection system evasion"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to mitigate intrusion detection system evasion</h2> <p>Organizations should take the following steps to prevent and detect IDS evasion techniques:</p> <ul class="default-list"> <li>Regular <a href="https://www.techtarget.com/searchenterprisedesktop/definition/patch-management">patch management</a> ensures IDS software and firmware are up to date.</li> <li>A centralized management system enables the IDS to alert security teams of issues in real time, resulting in faster security responses and reduced false positives.</li> <li>A <a href="https://www.techtarget.com/searchsecurity/answer/What-are-the-cybersecurity-benefits-of-zero-trust">zero-trust framework</a> segments a network into different zones, each with its own security controls and mechanisms, such as <a href="https://www.techtarget.com/searchsecurity/definition/multifactor-authentication-MFA">MFA</a>. This multilayer strategy helps reduce vulnerabilities and the attack surface.</li> <li>Advanced technologies, such as next-generation firewalls, enable security teams to create more customized and sophisticated data packet filtering rules.</li> <li>Remain vigilant and <a href="https://www.techtarget.com/searchwindowsserver/tip/Microsoft-Teams-monitoring-tips-for-admins">report suspicious network activity</a>.</li> </ul> <p><i>Ravi Das is a technical engineering writer for an IT services provider. He is also a cybersecurity consultant at his private practice, ML Tech, Inc., and has the Certified in Cybersecurity (CC) certification from ISC2.</i></p> </section> Malicious attackers use various evasion tactics to infiltrate networks without intrusion detection systems noticing. Learn what these techniques are and how to mitigate them. https://cdn.ttgtmedia.com/rms/onlineimages/ransom_g688123960.jpg https://www.techtarget.com/searchsecurity/tip/7-common-intrusion-detection-system-evasion-techniques Tue, 15 Oct 2024 13:12:00 GMT 7 common intrusion detection system evasion techniques <p>Contact center fraud is a reality that organizations must prepare for or else risk considerable losses due to security lapses in <a href="https://www.techtarget.com/searchdatabackup/definition/data-protection">customer data protection</a>. Successful fraud schemes can damage a brand's reputation and result in compliance liability, especially in heavily regulated industries, such as financial services and healthcare.</p> <p>Companies can mitigate their vulnerability to unauthorized access or disclosure of confidential information with the right blend of comprehensive agent training, well-documented authentication and data security processes, and <a href="https://www.techtarget.com/searchcustomerexperience/definition/contact-center">contact center</a> fraud detection technologies.</p> <section class="section main-article-chapter" data-menu-title="What is contact center fraud?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is contact center fraud?</h2> <p>At many businesses, traditional call centers and customer service and support operations have <a href="https://www.techtarget.com/searchcustomerexperience/feature/History-and-evolution-of-contact-centers">evolved into contact centers</a> to handle customer communications across multiple channels, including phone calls, live chats, email, social media, text messaging (SMS), mobile apps and video calls.</p> <p>Cybercriminals target contact centers to gain access to sensitive customer information by exploiting agents and weak authentication processes. These bad actors can then use personally identifiable information (<a href="https://www.techtarget.com/searchsecurity/definition/personally-identifiable-information-PII">PII</a>) and other account data -- Social Security numbers, financial institutions and credit card numbers -- to commit identity theft, set up fake accounts and participate in bank and credit card fraud.</p> </section> <section class="section main-article-chapter" data-menu-title="Why do bad actors target contact centers?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why do bad actors target contact centers?</h2> <p>Contact centers are popular targets for fraud because <a href="https://www.techtarget.com/searchcustomerexperience/tip/Best-practices-for-call-center-agent-training-programs">poorly trained agents are often vulnerable to manipulation</a>. A toll-free number used for customer service and transactions such as purchases can allow criminals to initiate numerous fraud attempts while maintaining anonymity, provided they use caller ID spoofing techniques. Unsuspecting agents, especially in call centers, make excellent attack vectors since they're all that stand between a fraudster and customer accounts.</p> <p>The transition to hybrid work environments after the COVID-19 pandemic has created challenges for contact center fraud detection preparedness. Remote work has made it <a href="https://www.techtarget.com/searchcustomerexperience/tip/How-to-manage-remote-call-center-agents">increasingly difficult for agents to receive proper fraud detection training</a> or guidance from co-workers. As a result, they may struggle with using anti-fraud tools remotely.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f.png 1280w" alt="List of contact center compliance obligations that are critical to fraud detection and prevention." height="266" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>A compliance checklist is an essential part of detecting and preventing contact center fraud. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Common types of contact center fraud"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Common types of contact center fraud</h2> <p>While contact centers encounter many types of fraud, the most common are identity theft, account takeover, stolen credit card information, vishing scams and finagling free merchandise.</p> <p><b>Identity theft.</b> Criminals use stolen personal information of legitimate customers to access accounts for monetary gain. Contact center agents might <a href="https://www.techtarget.com/searchcustomerexperience/answer/Nine-skills-every-call-center-agent-job-requires">struggle to detect identity theft</a> because the bad actors have accurate customer information. Many fraud schemes use personal information found on the dark web after a data breach. Synthetic identity fraud occurs when criminals combine real PII, such as a mobile phone number and email address, with falsified data to create a manipulated or false identity. They then use the information to open accounts and initiate transactions.</p> <p><b>Account takeover.</b> To transfer a customer account to their account, fraudsters might change an email address or login information to reset customer portal passwords. These criminals can use automated tools to create username and password combinations in a technique known as credential stuffing to gain access to customer accounts.</p> <p><b>Use of stolen credit card information.</b> Fraudsters bombard contact centers with attempts to buy goods and services with stolen credit card information. Because contact centers don't require physical cards, criminals can more easily make purchases with stolen information, a tactic known as card-not-present fraud.</p> <p><b>Attempt to receive free replacement items.</b> Criminals act as legitimate customers who purchased goods, then claim to have problems and request replacements. Retailers are the most common victims of this type of fraud, especially those with <a href="https://www.techtarget.com/searchcustomerexperience/tip/Call-center-compliance-checklist-for-hybrid-workforces">loose warranty and replacement policies</a>.</p> <p><b>Phishing and vishing scams. </b>Cybercriminals have long targeted consumers with phishing scams, sending fraudulent emails that contain malicious URLs or hyperlinks to download malware or steal passwords. Another tactic is <i>voice phishing</i>, or <i>vishing</i>, using urgent phone calls that demand victims to update company or personal data supposedly to protect bank accounts and other financial transactions. Similar fraudulent methods are used on contact center agents. A criminal vishing about problems with an account can <a href="https://www.techtarget.com/searchcustomerexperience/answer/5-ways-to-improve-call-center-agent-performance">dupe an unsuspecting agent into sharing sensitive customer data</a><b>. </b>Many contact centers have been hit with ransomware attacks, locking up communications systems until the problem is resolved or the ransom is paid. Distributed denial-of-service attacks have also been used to disrupt communications services.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/SRKWbLNV4bs?si=Y1QV9QX4HFsHjaTB?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="Tips for identifying fraudulent customers"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Tips for identifying fraudulent customers</h2> <p>Criminals use different fraud methods depending on their motivation or the <a href="https://www.techtarget.com/searchcustomerexperience/feature/Types-of-contact-centers-explained">type of contact center</a> they target. Common warning signs of fraud include the following:</p> <ul class="default-list"> <li>Social engineering methods to falsely extract information.</li> <li>Inability to verify recent transactions.</li> <li>Long pauses before answering questions.</li> <li>Communication to evoke an immediate reaction based on urgency, familiarity or authority.</li> <li>Attempts to <a href="https://www.techtarget.com/searchcustomerexperience/tip/Top-7-call-center-agent-performance-metrics-to-track">establish a relationship or rapport with a specific contact center agent</a> or manager.</li> <li>Inconsistency in customer history and documentation.</li> <li>Attempts to bypass regular customer service procedures.</li> <li>Red flags and suspicious activity identified by anti-fraud technologies.</li> <li>Attempts to bypass anti-fraud processes and technologies.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Tools to identify fraud"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Tools to identify fraud</h2> <p>Enterprises that take contact center fraud detection and prevention seriously shouldn't rely solely on agent training. Contact center managers can integrate several technologies into most on-premises, cloud or distributed workforce contact centers to <a href="https://www.techtarget.com/searchcustomerexperience/tip/Best-practices-for-contact-center-quality-assurance">block or flag suspicious activities</a> and enhance fraud detection.</p> <p><b>Identity verification. </b>Technologies like automatic number identification can <a href="https://www.techtarget.com/searchcustomerexperience/tip/How-to-improve-the-contact-center-experience-for-customers">verify a customer's identity</a> based on their phone number ahead of automated or interactive voice response (<a href="https://www.techtarget.com/searchcustomerexperience/definition/Interactive-Voice-Response-IVR">IVR</a>) interactions. Some of these fraud detection technologies track phone numbers based on information like possession (authenticating the mobile number and the device), reputation (risk score) and ownership. If additional verification is needed, layered authentication controls can help prevent fraud by sending one-time verification codes via text or email to a customer's device. In the future, individuals could have additional ways to prove their identity with mobile devices as more states offer digital driver's licenses and government IDs.</p> <p><b>Contact source analytics. </b><a href="https://www.techtarget.com/searchcustomerexperience/How-to-choose-a-contact-center-software-system">Emerging technologies</a> can more accurately confirm a contact's true source as well as the type of device used. These attributes can tip off contact center agents about whether the caller is a real customer or a criminal in a known fraud location or using equipment common among fraudsters, such as caller ID spoofing and IVR probing tools.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/ai_sharpens_contact_center_features_and_actions-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/ai_sharpens_contact_center_features_and_actions-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/ai_sharpens_contact_center_features_and_actions-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/ai_sharpens_contact_center_features_and_actions-f.png 1280w" alt="List of contact center tools benefiting from AI" height="355" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>AI integration plays a prominent role in contact center fraud detection and prevention tools. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p><b>Multilayered authentication.</b> Multifactor authentication, <a href="https://www.techtarget.com/searchcustomerexperience/tip/Top-10-contact-center-platforms">AI and knowledge-based platforms</a> can identify bad actors who impersonate legitimate customers. The technology platform inputs various data points and calculates a fraud risk score to inform the agent about next steps in the fraud prevention process. A one-time pin or passcode sent by text or email to an individual's device can add a dynamic layer of security before a login session or transaction. Based on risk assessments, businesses must find the right balance between frictionless customer experience and layered security measures.</p> <p><b>Voice biometrics.</b> Advanced audio biometrics can analyze a caller's voice, creating a new authentication layer for contact centers and customers. Voice biometric SaaS providers let remote agents access these authentication services regardless of where they work. These technologies will soon have to contend with AI-driven voice cloning and deepfake audio, which might require reevaluation of fraud protection and other security measures.</p> <p><b>Suspicious behavior detection.</b> <a href="https://www.techtarget.com/searchcustomerexperience/feature/Important-contact-center-AI-features-and-their-benefits">AI and machine learning techniques</a> combine with fraud detection analytics tools to detect suspicious behavior such as unusual calling patterns, IVR usage anomalies and other behavior-based indicators. The tool then decides whether the contact is legitimate. Behavioral analytics can also be used to monitor agent behavior for insider threats by flagging multiple account redirects or password resets.</p> <p><b>Editor's note:</b> <i>This article was updated to reflect the latest developments in contact center fraud detection and prevention tools, techniques and practices.</i></p> <p><i>Kathleen Richards is a freelance journalist and industry veteran. She's a former features editor for TechTarget's </i>Information Security <i>magazine.</i></p> <p><i>Andrew Froehlich is founder of InfraMomentum, an enterprise IT research and analyst firm, and president of West Gate Networks, an IT consulting company. He has been involved in enterprise IT for more than 20 years.</i></p> </section> Contact centers can be sitting ducks for fraudsters, but comprehensive agent training, authentication techniques and advanced technologies can protect businesses and customers. https://cdn.ttgtmedia.com/rms/onlineimages/customer_service02.jpg https://www.techtarget.com/searchcustomerexperience/tip/How-to-train-agents-on-call-center-fraud-detection Fri, 04 Oct 2024 11:02:00 GMT Contact center fraud: How to detect and prevent it <p>DC Health Link's data breach was caused by a misconfigured server, according to a prepared statement by an executive for the health insurance exchange at a House Oversight Committee hearing on Wednesday.</p> <p>DC Health Link, a health insurance exchange program based in Washington, D.C., <a href="https://www.techtarget.com/searchsecurity/news/365532552/DC-Health-Link-confirms-breach-but-questions-remain">confirmed it suffered</a> a data breach last month after a user on dark web hacking forum BreachForums offered to sell stolen data representing 170,000 individuals.</p> <p>The user who originally posted the data, "IntelBroker," was permanently banned from BreachForums following the listing. However, on March 13, another user in apparent possession of the data under the alias "Denfur" claimed to be friends with IntelBroker and said the origin of the breach was an "open, exposed database."</p> <p>On March 15, BreachForums' alleged founder <a href="https://www.techtarget.com/searchsecurity/news/365532545/FBI-arrests-suspected-BreachForums-owner-in-New-York">was arrested</a> in New York, and the forum was voluntarily shuttered days after due to law enforcement concerns. No definitive connection to DC Health Link was established.</p> <p>Mila Kofman, executive director of the District of Columbia Health Benefit Exchange Authority, which operates the exchange, participated in a <a href="https://www.youtube.com/watch?v=Ihw5wBp55Ug" target="_blank" rel="noopener">hearing on Wednesday</a>. The hearing was held by the U.S. House Oversight and Accountability Subcommittee on Cybersecurity, Information Technology, and Government Innovation as well as the Committee on House Administration's Subcommittee on Oversight.</p> <p>During her <a href="https://oversight.house.gov/wp-content/uploads/2023/04/Mila-Kofman-Written-Testimony-April-19-2023.pdf" target="_blank" rel="noopener">opening statements</a>, Kofman confirmed DC Health Link detected the breach on March 6 and that the cause of the breach was a misconfigured server.</p> <p>"Let me be clear at the outset: The cause of this breach was human mistake," Kofman said. "With respect to the 'root cause' -- the problem here related to the configurations on a server used for generating and storing automated jobs and weekly reports. The server was misconfigured to allow access to the reports on the server without proper authentication. Based on our investigation to date, we believe the misconfiguration was not intentional but human mistake."</p> <p>As part of the breach, the threat actor stole two "reports" representing sensitive data belonging to "56,415 current and past customers, including members of Congress, their families and staff," Kofman said. Among the victims were 17 House members, 43 of their dependents, 585 House staff members and 231 of their dependents. Personal information included names, dates of birth and social security numbers.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/mila_kofman_dc_health_benefit_exchange_authority-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/mila_kofman_dc_health_benefit_exchange_authority-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/mila_kofman_dc_health_benefit_exchange_authority-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/mila_kofman_dc_health_benefit_exchange_authority-f.jpg 1280w" alt="Mila Kofman, executive director of the District of Columbia Health Benefit Exchange Authority, speaks at a House Oversight Committee meeting Wednesday." data-credit="YouTube" height="315" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Mila Kofman, executive director of the District of Columbia Health Benefit Exchange Authority, apologized to members of Congress Wednesday for the </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>According to the exchange's <a href="https://hbx.dc.gov/page/about-dc-health-benefit-exchange-authority-hbx" target="_blank" rel="noopener">website</a>, approximately 100,000 individuals have private health insurance through the public-private exchange, including D.C.-area residents and "approximately 11,000 designated Congressional staff and members of Congress."</p> <p>TechTarget Editorial asked DC Health Link about the discrepancy between the alleged 170,000-person listing and Kofman's 56,415 figure, but a spokesperson for the exchange declined to elaborate.</p> <p>Kofman apologized directly to the committees during her opening remarks.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Let me be clear at the outset: The cause of this breach was human mistake. </figure> <figcaption> <strong>Mila Kofman</strong>Executive director, District of Columbia Health Benefit Exchange Authority </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>"In addition to saying how sorry I am that we failed to prevent the theft of two reports which had sensitive personal information of our customers, I want you to know that we have not and will not fail in our response. And we are working hard to make sure this never happens again," she said.</p> <p>DC Health Link engaged incident response firm and Google subsidiary Mandiant as part of its investigation. Kofman added that the Health Benefit Exchange Authority also engaged the FBI Cyber Security Task Force shortly after the breach. It further briefed law enforcement, CISA, both the U.S. Senate and House of Representatives, and more.</p> <p>"We asked law enforcement for help immediately and shared information as we uncovered it," she said. "Mandiant quickly worked alongside our team to identify the root cause of the breach, which we immediately eliminated. In addition to addressing this issue, we initiated a comprehensive review of our entire system and security, and we will be making enhancements across the board and can keep you updated on that progress."</p> <p><i>Alexander Culafi is a writer, journalist and podcaster based in Boston.</i></p> Mila Kofman, executive director of the District of Columbia Health Benefit Exchange Authority, blames "human error" for the DC Health Link breach. https://cdn.ttgtmedia.com/rms/onlineimages/ransom_g1249114648.jpg https://www.techtarget.com/searchsecurity/news/365535577/DC-Health-Link-breach-caused-by-misconfigured-server Thu, 20 Apr 2023 10:02:00 GMT DC Health Link breach caused by misconfigured server <h3>What is quantum supremacy?</h3> <p>Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classical computers by performing calculations previously impossible at unmatched speeds. To confirm that quantum supremacy has been achieved, computer scientists must be able to show that a classical computer could never have solved the problem while also proving that the quantum computer can perform the calculation quickly.</p> <p>Computer scientists believe <a href="https://www.techtarget.com/searchitoperations/opinion/Quantum-supremacy-and-the-path-to-encryption-chaos">quantum supremacy will lead to the cracking</a> of Shor's algorithm -- a currently impossible calculation that is the basis of most modern cryptography -- as well as offer advantages in drug development, weather forecasts, stock trades and material designs.</p> <p>Quantum computing is consistently evolving. Quantum computers have not yet reached a point where they can show their supremacy over classical computers. This is mostly due to the huge amount of quantum <a href="https://www.techtarget.com/whatis/definition/bit-binary-digit">bits</a>, or <i>qubits</i>, required to perform meaningful operations on quantum computers. As the amount of necessary logic gates and number of qubits increases, so does the error rate. If the error rate gets too high, the quantum computer loses any advantage it had over the classical computer.</p> <p>To successfully perform useful calculations -- such as determining the chemical properties of a substance -- a few million qubits would be necessary. Currently, the largest quantum computer design is IBM's quantum computer, named Osprey, which <a href="https://newsroom.ibm.com/2022-11-09-IBM-Unveils-400-Qubit-Plus-Quantum-Processor-and-Next-Generation-IBM-Quantum-System-Two" target="_blank" rel="noopener">features 433 qubits</a>.</p> <h3>Quantum computers vs. classical computers</h3> <p>The primary difference between quantum and classical computers is in how they work. Classical computers process information as bits, with all computations performed in a <a href="https://www.techtarget.com/whatis/definition/binary">binary</a> language of 1s and 0s. The current in classical computers is either flowing through the transistor or not; there is no in between.</p> <p>Conversely, quantum computers use <a href="https://www.techtarget.com/whatis/definition/quantum-theory">quantum theory</a> as the basis of their systems. Quantum theory focuses on the extraordinary interactions between particles on an invisible scale -- such as atoms, electrons and photons. Therefore, the binary states used in classical computers can no longer be applied to quantum computers.</p> <p>Qubits can theoretically outperform the computation scale of binary bits by magnitudes. This is mostly due to quantum <a href="https://www.techtarget.com/whatis/definition/superposition">superposition</a> -- the ability for a subatomic particle to exist in two states at once. Superposition enables qubits to run specific computations on various possibilities simultaneously.</p> <p>Trapped <a href="https://www.techtarget.com/whatis/definition/ion">ions</a>, photons and <a href="https://www.techtarget.com/whatis/definition/superconductivity">superconductors</a> give quantum computers the ability to perform calculations at exceptionally fast speeds and take in massive amounts of data. The real value that quantum computers could provide, however, is the ability to solve problems that are too complex for classical computers to address or that would take classical computers billions of years to answer. Quantum computers should be able to create a series of samples from a random quantum circuit that follow a specific, correct distribution.</p> <p>While these advantages could lead to quantum supremacy, processors have not yet been built with all the capabilities. Classical computers continue to surprise computer scientists with computational power and their ability to solve certain types of problems. Until a quantum computer is built that solves a problem it has been proven a classical computer cannot solve, it continues to be possible that a better classical algorithm exists and quantum supremacy will not be achieved.</p> <h3>Applications of quantum supremacy</h3> <p>Some people believe a quantum computer that achieves quantum supremacy could be the most disruptive new technology since the Intel 4004 microprocessor was invented in 1971. Certain professions and areas of business will be significantly impacted by quantum supremacy. Examples include:</p> <ul class="default-list"> <li>The ability to perform more complex <a href="https://www.techtarget.com/whatis/definition/modeling-and-simulation-MS">simulations</a> on a larger scale will provide companies with improved efficiency, deeper insight and better forecasting, thus improving optimization processes.</li> <li>Enhanced simulations that model complex quantum systems, such as biological molecules, would be possible.</li> <li>Combining quantum computing with <a href="https://www.techtarget.com/searchenterpriseai/definition/AI-Artificial-Intelligence">artificial intelligence</a> could make AI immensely smarter than it is now.</li> <li>New customized drugs, chemicals and materials can be designed, modeled and modified to help cultivate new pharmaceutical, commercial or business products.</li> <li>The ability to factor extremely large numbers could break current, long-standing forms of <a href="https://www.techtarget.com/searchsecurity/definition/encryption">encryption</a>.</li> </ul> <p>While most of these applications appear to provide benefits, quantum supremacy can also destabilize the math that underlies most current data encryption. Once quantum supremacy is achieved, computer scientists will have to completely reevaluate computer security and how to protect information and data. This will become extremely difficult with the high speeds and large amounts of data that the quantum computers will be working with.</p> <h3>Examples of quantum supremacy</h3> <p>While the problem that first exemplifies quantum supremacy could be whatever computer scientists want, it is expected that they will use a problem known as <a href="https://quantumcomputing.stackexchange.com/questions/4005/what-exactly-is-random-circuit-sampling" target="_blank" rel="noopener">random circuit sampling</a>.</p> <p>This problem requires a computer to correctly sample from the possible outputs of a random quantum circuit -- similar to a series of actions that can be performed on a set of qubits. Classical computers do not possess any fast algorithms to generate these samples. As the array of possible samples increases, classical computers become overwhelmed. If a quantum computer can efficiently pull samples in this instance, it will prove quantum supremacy.</p> <h3>Importance of quantum supremacy</h3> <p>The first quantum <a href="https://www.techtarget.com/whatis/definition/algorithm">algorithms</a> were solved in the 1990s. While the problems themselves were useless, the process provided the computer scientists who designed them with knowledge and insights they could use to develop more meaningful algorithms -- like Shor's algorithm -- which could potentially have large practical consequences.</p> <p>Computer scientists hope that quantum supremacy will repeat this process and drive inventors to create a quantum computer capable of outperforming a classical computer -- even if it only solves a simple, useless problem -- because this work could be the key to building a beneficial and supreme quantum computer.</p> <p>Some people also believe <a href="https://www.britannica.com/technology/Moores-law" target="_blank" rel="noopener">Moore's law</a> is ending soon. This would inhibit AI research because smarter applications, such as fully <a href="https://www.techtarget.com/searchenterpriseai/definition/driverless-car">autonomous cars</a>, require huge amounts of processing power. Once quantum supremacy is reached, quantum computing should be able to resolve this problem, as well as revolutionize machine learning (<a href="https://www.techtarget.com/searchenterpriseai/definition/machine-learning-ML">ML</a>).</p> <p>Quantum supremacy would greatly affect the field of theoretical computer science. For decades, scientists in this field have believed in the extended Church-Turing thesis, which states that classical computers can efficiently complete any problem that any other type of computer can accomplish. Quantum supremacy violates that assumption. Scientists would be forced to consider a whole new world of computer science.</p> <h3>The future of quantum supremacy</h3> <p>The ultimate goal for quantum computing is to create a fully functional, universal fault-tolerant gate computer. Before this machine can be built, computer scientists need to develop:</p> <ul class="default-list"> <li>Refined error correction that doesn't require huge amounts of hardware.</li> <li>Advanced algorithms that can support the uniquely complex problems.</li> <li>Enhanced <a href="https://www.techtarget.com/whatis/definition/noise">noise</a>.</li> <li>Qubits with less noise sensitivity, longer coherence times and increased reliability.</li> <li>Quantum processors that possess thousands of qubits.</li> </ul> <p>The U.S. and China have been the most focused on investing in quantum projects, along with organizations and businesses such as Google, Microsoft, IBM, Lockheed Martin and Alibaba.</p> <h3>Advantages and disadvantages of quantum supremacy</h3> <p>Once quantum supremacy is displayed, quantum computers will provide superior use for crunching large data sets, such as those used in cancer research, drug design, genetic engineering particle physics and weather forecasting. Due to superposition, programmers working on developing tools to code quantum computers are unable to view the paths that their data takes from input to output, making the debugging process highly complicated.</p> <p>While quantum supremacy can be extremely beneficial to various industries, the breakthrough could also lead to rogue states or actors using quantum computers for destructive purposes, such as breaking current encryption models.</p> <p><i>This article was originally written by Kate Brush. TechTarget editors updated the article in 2023 to improve the reader experience.</i></p> Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classical computers by performing calculations previously impossible at unmatched speeds. https://cdn.ttgtmedia.com/visuals/digdeeper/1.jpg https://www.techtarget.com/searchsecurity/definition/quantum-supremacy Wed, 15 Mar 2023 14:18:00 GMT quantum supremacy <p>The surge in remote working resulting from the new coronavirus pandemic has sparked a flurry of cybercriminal activity. Evaluator Group's recent study, "Enterprise IT Responds to COVID-19," found that security, data protection and disaster recovery are the IT areas most likely to get a boost as a result of the pandemic over the next six months.</p> <p>In the words of one IT professional, "We're in the open. Hackers and bad actors are in the dark, always trying something new. Our job is to defeat them every time."</p> <p>One way to do that is with solid backups. Especially in the <a href="https://www.techtarget.com/searchdisasterrecovery/The-impact-of-coronavirus-on-business-continuity-planning">middle of a crisis</a>, the need to protect backup data becomes a critical mission.</p> <h3>Coronavirus-related cyberattacks on the rise</h3> <p>The pandemic has provided bad actors with a global climate of fear to prey on. Phishing has risen, particularly in the form of email content that appears to come from a respectable source and allegedly claims to have information pertinent to COVID-19. The phishers hope to <a href="https://www.techtarget.com/searchsecurity/news/252481832/Ransomware-attacks-see-148-surge-amid-COVID-19">install ransomware</a> or other malicious software, or steal credentials to gain access to corporate databases or data stores.</p> <p>Bad actors also deploy fake VPNs and have made efforts to exploit vulnerabilities in VPNs and other tools for remote connectivity. Hackers enact advanced persistent threats and target mobile devices as well. For example, certain Android applications claim to monitor COVID-19 symptoms or occurrences but contain spyware or other malware in disguise.</p> <p>Extortion of healthcare, medical research and manufacturing organizations has been reported, as have numerous other scams and cybercriminal activities. Attacks change constantly, so it is important to maintain vigilance and continue to <a href="https://www.evaluatorgroup.com/enterprise-it-responds-covid-19-study/" target="_blank" rel="noopener">educate yourself</a>.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/data_backup-it_initiatives_affected_over_6months-f.png"> <img data-src="https://www.techtarget.com/rms/onlineImages/data_backup-it_initiatives_affected_over_6months-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/data_backup-it_initiatives_affected_over_6months-f_mobile.png 960w,https://www.techtarget.com/rms/onlineImages/data_backup-it_initiatives_affected_over_6months-f.png 1280w" alt="Chart of IT initiatives" height="403" width="560"> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>Best practices to protect backup</h3> <p>Coronavirus-related cybercrime doesn't necessarily create new backup requirements, but it does highlight the <a href="https://www.techtarget.com/searchdatabackup/feature/The-7-critical-backup-strategy-best-practices-to-keep-data-safe">importance of best practices</a>. Immutability -- including write-once, read-many backup -- helps to preserve data integrity because immutable data cannot be erased or overwritten.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Backup recoverability improves data safety for all businesses. In the current climate, it's not a question of if an organization could face an attack, but when. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Creating and enforcing retention policies helps to ensure that no one can maliciously erase files, while <a href="https://www.techtarget.com/whatis/definition/air-gapping">air-gapping</a> can prevent hackers from accessing retention data. You should also encrypt data both at rest and in flight, as well as use data management best practices, including encryption key rotation and support for the Key Management Interoperability Protocol.</p> <p>IT professionals can help <a href="https://www.techtarget.com/searchsecurity/tip/Five-ways-to-prevent-a-ransomware-infection-through-network-security">protect backup environments from ransomware</a> by using tools that monitor for anomalies. You should also run diagnostics on your backup environment and regularly test it to ensure confidence in recoverability and to determine the last-known good backup copy.</p> <h3>Why is it important to protect backup?</h3> <p>Protecting backup data is critical for two major reasons. A healthy backup environment determines the available recovery point objectives for the production environment. And so-called "sleeper" ransomware -- an attack designed to slowly <a href="https://www.techtarget.com/searchdatabackup/feature/How-ransomware-variants-are-neutralizing-data-backups">infiltrate the backup environment</a> -- causes long-term problems for organizations.</p> <p>Backup recoverability improves data safety for all businesses. In the current climate, it's not a question of "if" an organization could face an attack, but "when."</p> <p><em>In part two of this two-part series, learn how the cloud can be a good choice for your <a href="https://www.techtarget.com/searchdatabackup/tip/How-cloud-backup-can-help-remote-workers">remote backup</a>. </em></p> Be aware of innovative cyberattacks connected to the new coronavirus. Improve data safety with these backup best practices that can serve as a foundation of response preparation. https://cdn.ttgtmedia.com/visuals/searchExchange/exchange_server_security/exchange_article_020.jpg https://www.techtarget.com/searchdatabackup/tip/Use-and-protect-backup-against-COVID-19-related-cybercrime Thu, 23 Apr 2020 10:58:00 GMT Use and protect backup against COVID-19-related cybercrime <p>Zoom faced <a href="https://www.techtarget.com/searchunifiedcommunications/news/252480965/Zoom-privacy-Vendor-faces-lawsuit-over-Facebook-data-sharing">privacy concerns</a> after the disclosure of a vulnerability that could allow threat actors to use the video conferencing software to spy on users.</p> <p>The Zoom vulnerability, originally reported to only affect the Mac version of <a href="https://www.techtarget.com/searchunifiedcommunications/news/252465965/Verizon-to-resell-Zoom-video-conferencing-to-businesses">the software</a>, has been found to partially affect Windows and Linux as well. Jonathan Leitschuh, software engineer at open source project Gradle, disclosed the <a href="https://www.techtarget.com/searchunifiedcommunications/news/252474709/Cisco-cries-foul-over-security-flaw-in-Zoom-Connector">Zoom vulnerability</a> in a <a href="https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5">blog post</a> earlier this week and said it "allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission."</p> <p>On top of this, this vulnerability would have allowed any webpage to DOS (<a href="https://www.techtarget.com/searchsecurity/definition/denial-of-service">Denial of Service</a>) a Mac by repeatedly joining a user to an invalid call," Leitschuh added. "Additionally, if you've ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage."</p> <p>According to Leitschuh, it took Zoom 10 days to confirm the vulnerability and in a meeting on June 11, he told Zoom there was a way to bypass the planned fix, but Zoom did not address these concerns when Zoom reported the vulnerability fixed close to two weeks later. The Zoom vulnerability resurfaced on July 7, Leitschuh disclosed on July 8 and Zoom patched the Mac client on July 9. Zoom also <a href="https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/" target="_blank" rel="noopener">worked with Apple</a> on a silent background update for Mac users, released July 10, which removed the Zoom localhost from systems.</p> <p>"Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner," Leitschuh wrote. "An organization of this profile and with such a large user base should have been more proactive in protecting their users from attack." </p> <p>Zoom -- whose <a href="https://www.techtarget.com/searchunifiedcommunications/news/252462636/Unify-Square-adds-Slack-Zoom-FB-to-IT-management-software">video conferencing software</a> is used by more than 4 million users in approximately 750,000 companies around the world -- downplayed the severity of the issue and refuted Leitschuh's characterization of the company.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> This trust tradeoff, between making it easy and making it secure, is something that every consumer should consider. </figure> <figcaption> <strong>Tom Patterson</strong>Chief trust officer, Unisys </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>"Once the issue was brought to our Security team's attention, we responded within ten minutes, gathering additional details, and proceeded to perform a risk assessment," Richard Farley, CISO at Zoom, wrote in the company's response. "Our determination was that both the DOS issue and meeting join with camera on concern were both low risk because, in the case of DOS, no user information was at risk, and in the case of meeting join, users have the ability to choose their camera settings."</p> <p>"To be clear, the host or any other participant cannot override a user's video and audio settings to, for example, turn their camera on," Farley added. </p> <p>Both the disclosure and response from Zoom portrayed the issue as only affecting the Mac client, but Alex Willmer, Python developer for CGI, <a href="https://twitter.com/moreati/status/1148548799813640193" target="_blank" rel="noopener">wrote on Twitter</a> that the Zoom vulnerability affected Windows and Linux as well.</p> <p>"In particular, if zoommtg:// is registered as a protocol handler with Firefox then [Zoom] joins me to the call without any clicks," Willmer tweeted. "To be clear, a colleague and I saw the auto-join/auto-webcam/auto-microphone behavior with Firefox, and Chromium/Chrome; on Linux, and Windows. We did not find any webserver on port 19421 on Linux. We didn't check Windows for the webserver."</p> <p>Leitschuh confirmed Willmer's discovery, but it is unclear if Zoom is working to fix these platform clients. Leitschuh also noted in his disclosure that the issue affects a whitehite label version of Zoom licensed to VoIP provider RingCentral. It is unclear if RingCentral has been patched.</p> <p>Leitschuh told SearchSecurity via Twitter DM that "Zoom believes the Windows/Linux vulnerabilities are the browser vendors' to fix," but he disagrees.</p> <p>Zoom did not respond to requests for comment at the time of this post.</p> <p>Tom Patterson, chief trust officer at Unisys, said the tradeoff between security and ease of use is "not always a fair trade."</p> <p>"The fact that uninstalling any app doesn't completely uninstall all components runs counter to engendering trust. In this case, it's an architectural decision made by the manufacturers which appears to be designed to make operations much easier for users," Patterson told SearchSecurity. "This trust tradeoff, between making it easy and making it secure, is something that every consumer should consider."</p> Companies and users around the world were impacted by a Zoom conferencing software flaw that could allow threat actors to forcibly join a video call without interaction. https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/surveillance-spy-big-brother-fotolia.jpg https://www.techtarget.com/searchsecurity/news/252466678/Zoom-vulnerability-reveals-privacy-issues-for-users Fri, 12 Jul 2019 13:16:00 GMT Zoom vulnerability reveals privacy issues for users <p>Google last week announced a new <a href="https://www.techtarget.com/searchsecurity/answer/Can-Googles-Chrome-extension-policy-improve-Web-security">Chrome extension policy</a> amid growing security concerns about potential threats from third-party add-ons.</p> <p>The company <a href="http://blog.chromium.org/2015/05/continuing-to-protect-chrome-users-from.html">changed its Chrome extension policy</a> to require all Windows and Mac users -- including developers -- to install extensions only from the Chrome Web Store. Previously, the company introduced the Chrome Web Store-only policy for Windows users a year ago, but Google still allowed developers and Mac users to install extensions from any source.</p> <p>However, following the spread of malicious extensions to the developer channel, Google decided to enforce this policy universally. Extensions from outside the Chrome store are not subject to the same rigorous testing that Chrome Web Store extensions are, Google said. As a result, third-party extensions from outside the outside the Chrome Web Store could install spyware or other malware accidentally or intentionally as add-ons for seemingly harmless products.</p> <p>"We originally did not enforce this policy on the Windows developer channel in order to allow developers to opt out," Jake Leichtling, extensions platform product manager for Chrome, said in a <a href="https://blog.chromium.org/2015/05/continuing-to-protect-chrome-users-from.html" target="_blank">blog post</a>. "Unfortunately, we've since observed malicious software forcing users into the developer channel in order to install unwanted off-store extensions."</p> <p>Although extensions in the Chrome Web Store will be subjected to more meticulous security scanning, some problematic extensions have been able to slip by the company. Last month, a third-party Chrome extension called Webpage Screenshot was pulled from the Chrome Web Store due to security concerns; a report from researchers at Heimdal Security showed the extension used a delayed installation process to fool security scans and later installed spyware.</p> <p>"Malware can change how browsers work by silently installing extensions on your machine that do things like inject ads or track your browsing activity," Chrome engineering director Erik Kay said in a <a href="http://chrome.blogspot.com/2014/05/protecting-chrome-users-from-malicious.html" target="_blank">blog post in 2014</a>. "Since the bad guys continue to come up with new ways to <a href="https://productforums.google.com/forum/#!category-topic/chrome/report-a-problem-and-get-troubleshooting-help/IkbJXYMH4Ds%5B1-25-false%5D">cause our users headaches</a>, we are always taking additional measures."</p> <p>Chrome will continue supporting local extension installs during development and installs that follow Chrome for Work and Education's <a href="https://support.google.com/chrome/a/answer/188453">enterprise policy</a>.</p> Google's new Chrome extension policy mandates that all users and developers must install web browser extensions from the Chrome Web Store. https://cdn.ttgtmedia.com/visuals/digdeeper/6.jpg https://www.techtarget.com/searchsecurity/news/4500246699/Google-changes-Chrome-extension-policy-amid-security-concerns Wed, 20 May 2015 15:15:45 GMT Google changes Chrome extension policy amid security concerns <p>Secure Sockets Layer (SSL) virtual private network (VPN) products, or <a href="https://www.techtarget.com/searchnetworking/definition/virtual-private-network">SSL VPNs</a>, provide encrypted tunnels that protect the network traffic that passes through them. SSL VPNs support the confidentiality and integrity of communications. They are most often used to enable secure remote access for end user devices, including desktops, laptops, smartphones and tablets. Secure remote access to selected organization resources can be a critical need for a wide variety of users, including the organization's employees (using either organization-issued or personally owned devices, <a href="https://www.techtarget.com/whatis/definition/BYOD-bring-your-own-device">bring your own device (BYOD)</a>), contractors, business partners and vendors.</p> <p>There are several ways to procure SSL VPN products. An organization can purchase a standalone appliance that functions solely for SSL VPN, or a bundled device -- such as a <a href="https://www.techtarget.com/searchsecurity/definition/next-generation-firewall-NGFW">next-generation firewall (NGFW)</a> or <a href="https://www.techtarget.com/searchsecurity/definition/unified-threat-management-UTM">unified threat management (UTM)</a> product -- that performs many functions, with an <a href="https://www.techtarget.com/searchsecurity/answer/What-VPN-alternatives-should-enterprises-consider-using">SSL VPN capability</a> being just one of them. Yet another option for some organizations is to purchase their SSL VPN as a virtual appliance. Regardless of the form the SSL VPN capability comes in, its functionality and other major characteristics are basically the same.</p> <p>This article focuses on evaluating dedicated SSL VPN products: standalone appliances and virtual appliances. This is not meant to imply that these are superior to bundled products. Each product, regardless of its form, needs to be evaluated on its own merits. It would be foolish for an organization to simply ignore an existing bundled SSL VPN capability just for the sake of having a dedicated SSL VPN product, without sufficient justification for making this decision. That being said, the dedicated SSL VPN products are often the same ones found bundled with others, so the evaluations presented in this article may also be relevant to organizations seeking bundled products.</p> <p>This article covers the following commercial SSL VPN products: <a href="https://www.barracuda.com/products/sslvpn">Barracuda SSL VPN</a>, <a href="http://www.checkpoint.com/products/mobile-access-software-blade/">Check Point Mobile Access Software Blade</a>, <a href="https://www.cisco.com/c/en/us/products/security/ios-sslvpn/index.html">Cisco IOS SSL VPN</a>, <a href="http://www.sonicwall.com/us/en/products/SSL-VPN-Platforms.html">Dell SonicWall Secure Remote Access (SRA)</a>, Juniper Networks SA Series (now Pulse Connect Secure), and <a href="https://openvpn.net/index.php/access-server/overview.html">OpenVPN Access Server</a>.</p> <p>Each of these has been evaluated against a set of four criteria: VPN client software options; operating system (OS) support; simultaneous users support and network access control. Organizations considering the acquisition of an SSL VPN product should use these criteria as one part of their overall product evaluation process. That's because each organization has unique characteristics that need to be taken into account, so the findings of this article should not be considered comprehensive or exhaustive -- they comprise one piece of a larger puzzle.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Some commercial SSL VPN products only support a flat number of users, while other products have the hardware capacity to support a larger number of users but allow organizations to purchase a smaller number of simultaneous user licenses. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <section class="section main-article-chapter" data-menu-title="Criterion #1: VPN client software options"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Criterion #1: VPN client software options</h2> <p>There are four approaches to SSL VPN client software:</p> <ol class="default-list"> <li>Clientless (relies solely on the web browser, no software installation)</li> <li>Browser plug-in (Java applet, ActiveX control run within browser)</li> <li>Standalone executable for desktop and laptop OSs</li> <li>Mobile app for smartphones and tablets</li> </ol> <p>The table below shows the major differences between these four approaches in terms of relative client deployment effort, resource access, client device support and <a href="https://www.techtarget.com/searchnetworking/definition/network-access-control">network access control</a> support. These indicate that there is no "best" client approach; in fact, there are significant tradeoffs with each. For example, a clientless approach involves no deployment effort, but it also gives access to the fewest resources. For another, the browser plug-in and standalone executable approaches won't work for mobile devices. And not all of the approaches offer network access control capabilities.</p> <p><b>Table 1: Four approaches to SSL VPN client software</b></p> <table border="1" cellspacing="0" cellpadding="5"> <tbody> <tr> <td width="128" valign="top"> </td> <td width="128" valign="top"><b>Clientless</b></td> <td width="128" valign="top"><b>Browser plug-in</b></td> <td width="128" valign="top"><b>Standalone executable</b></td> <td width="128" valign="top"><b>Mobile app</b></td> </tr> <tr> <td width="128" valign="top"><b>Client deployment effort</b></td> <td width="128" valign="top">None</td> <td width="128" valign="top">Minor</td> <td width="128" valign="top">Major</td> <td width="128" valign="top">Major</td> </tr> <tr> <td width="128" valign="top"><b>Resource access</b></td> <td width="128" valign="top">Websites and web-based applications</td> <td width="128" valign="top">Virtually all</td> <td width="128" valign="top">Virtually all</td> <td width="128" valign="top">Virtually all</td> </tr> <tr> <td width="128" valign="top"><b>Client device support</b></td> <td width="128" valign="top">All</td> <td width="128" valign="top">Most desktops and laptops (needs supported browser)</td> <td width="128" valign="top">Major desktop and laptop OSs</td> <td width="128" valign="top">Major mobile OSs</td> </tr> <tr> <td width="128" valign="top"><b>Network access control</b></td> <td width="128" valign="top">No</td> <td width="128" valign="top">Yes (may be limited)</td> <td width="128" valign="top">Yes</td> <td width="128" valign="top">Yes</td> </tr> </tbody> </table> <p> </p> <p>So in the end, what most organizations should be looking for is the approach or combination of approaches that meets its full set of requirements. All products support multiple approaches, as shown in the table below; however, note that it is unlikely that a single organization will require support for all four approaches.</p> <p><b>Table 2:  The client approaches supported by the top SSL VPN products</b></p> <table border="1" cellspacing="0" cellpadding="5"> <tbody> <tr> <td width="128" valign="top"> </td> <td width="128" valign="top"><b>Clientless</b></td> <td width="128" valign="top"><b>Browser plug-in</b></td> <td width="128" valign="top"><b>Standalone executable</b></td> <td width="128" valign="top"><b>Mobile app</b></td> </tr> <tr> <td width="128" valign="top"><b>Barracuda SSL VPN</b></td> <td width="128" valign="top">Yes</td> <td width="128" valign="top">Yes</td> <td width="128" valign="top">No</td> <td width="128" valign="top">No</td> </tr> <tr> <td width="128" valign="top"><b>Check Point Mobile Access Software Blade</b></td> <td width="128" valign="top">Yes</td> <td width="128" valign="top">Yes</td> <td width="128" valign="top">No</td> <td width="128" valign="top">Yes</td> </tr> <tr> <td width="128" valign="top"><b>Cisco IOS SSL VPN</b></td> <td width="128" valign="top">No</td> <td width="128" valign="top">Yes</td> <td width="128" valign="top">Yes</td> <td width="128" valign="top">No</td> </tr> <tr> <td width="128" valign="top"><b>Dell SonicWall Secure Remote Access (SRA)</b></td> <td width="128" valign="top">Yes</td> <td width="128" valign="top">Yes</td> <td width="128" valign="top">Yes</td> <td width="128" valign="top">Yes</td> </tr> <tr> <td width="128" valign="top"><b>Jupiter Networks SA Series</b></td> <td width="128" valign="top">Yes</td> <td width="128" valign="top">Yes</td> <td width="128" valign="top">No</td> <td width="128" valign="top">No</td> </tr> <tr> <td width="128" valign="top"><b>OpenVPN Access Server</b></td> <td width="128" valign="top">No</td> <td width="128" valign="top">No</td> <td width="128" valign="top">Yes</td> <td width="128" valign="top">Yes</td> </tr> </tbody> </table> <p> </p> </section> <section class="section main-article-chapter" data-menu-title="Criterion #2: VPN client OS support"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Criterion #2: VPN client OS support</h2> <p>The third and fourth SSL VPN client approaches discussed above  -- the standalone executable and the mobile app -- can be referred to as "heavy" because they require installation of full-fledged software (as opposed to a lightweight browser plug-in). This software is necessarily OS specific, so organizations need to carefully consider which OSs they need the SSL VPN clients to support. Remember that clientless and browser plug-in based approaches will work regardless of OS. With the exception of the open source OpenVPN Access Server, each product covered in this article supports the clientless or the browser plug-in approach.</p> <p>So, when evaluating SSL VPN products, don't just automatically look at the specific OS that its client software may support. There may be "light" options (clientless or browser plug-in) available that truly do support virtually any OS. However, these light products may also offer reduced access to resources -- particularly clientless products -- and some lack network access control, increasing the likelihood of misconfigured, compromised or otherwise undesirable devices being able to connect to the organization's resources.</p> <p>Assuming that an organization wants to use a "heavy" client-based approach, the first and obvious step in evaluation is cataloging which desktop/laptop OSs and mobile OSs need to be supported. This may prove difficult, especially if the organization allows the use of BYOD or if the organization allows contractors, business partners, vendors and others outside the organization to use remote access.</p> <p>The table below shows OS support provided by the heavy clients. Of the products supporting heavy clients, the Dell SonicWall SRA and OpenVPN Access Server products support the greatest variety of OSs. Ultimately, however, the heavy clients provided by any product are not going to be able to support every version of every OS that might be used. So carefully consider using a heavy client for the most common versions and a light client for less common OSs.</p> <p><b>Table 3: OS support by the top SSL VPN's "heavy" clients</b></p> <table border="1" cellspacing="0" cellpadding="5"> <tbody> <tr> <td width="128" valign="top"> </td> <td width="240" valign="top"><b>Standalone executable</b></td> <td width="252" valign="top"><b>Mobile app</b></td> </tr> <tr> <td width="128" valign="top"><b>Barracuda SSL VPN</b></td> <td width="240" valign="top">N/A</td> <td width="252" valign="top">N/A</td> </tr> <tr> <td width="128" valign="top"><b>Check Point Mobile Access Software Blade</b></td> <td width="240" valign="top">N/A</td> <td width="252" valign="top">iOS, Android</td> </tr> <tr> <td width="128" valign="top"><b>Cisco IOS SSL VPN</b></td> <td width="240" valign="top">Windows</td> <td width="252" valign="top">N/A</td> </tr> <tr> <td width="128" valign="top"><b>Dell SonicWall Secure Remote Access (SRA)</b></td> <td width="240" valign="top">Windows, Mac OS X, Linux</td> <td width="252" valign="top">iOS, Android, Windows 8.1, Kindle Fire</td> </tr> <tr> <td width="128" valign="top"><b>Jupiter Networks SA Series</b></td> <td width="240" valign="top">N/A</td> <td width="252" valign="top">N/A</td> </tr> <tr> <td width="128" valign="top"><b>OpenVPN Access Server</b></td> <td width="240" valign="top">Windows, Mac OS X, Linux</td> <td width="252" valign="top">iOS, Android</td> </tr> </tbody> </table> </section> <section class="section main-article-chapter" data-menu-title="Criterion #3: Support for simultaneous users"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Criterion #3: Support for simultaneous users</h2> <p>Licensing for commercial SSL VPN products is typically based on the number of simultaneous users of the VPN. There are exceptions to this, such as virtual appliances that may offer unlimited scalability, but generally it is true. Some commercial products only support a flat number of users, while others have the hardware capacity to support a larger number of users but allow organizations to purchase a smaller number of simultaneous user licenses. </p> <p>Some vendors offer several models of SSL VPN appliances. For example, the Barracuda SSL VPN is available in six hardware appliance models supporting between 15 and 1000 simultaneous users, and four virtual appliance models supporting between 15 and 500 simultaneous users. Similarly, the Cisco IOS SSL VPN, which is geared toward small organizations, provides support for 10 to 200 simultaneous users on a variety of hardware platforms.</p> <p>For midsize to large organizations, the Juniper Network SA Series (which was spun off to Pulse Secure and renamed as <a href="https://www.pulsesecure.net/products/connect-secure/" title="Pulse Connect Secure">Pulse Connect Secure</a>) offers three models of appliances handling up to 10,000 concurrent users, as well as a virtual appliance that can support an unlimited number. The Dell SonicWall SRA has three hardware appliance models that support between 25 and 20,000 concurrent users, and a virtual appliance that can support up to 5,000.</p> <p>In addition to these licensing schemes, some products, such as Juniper Networks SA Series, offer surge licensing, meaning that the number of simultaneous users can be increased temporarily under emergency conditions; for example, for a week during a natural disaster. Surge licensing can also be normally purchased and provisioned immediately, which makes it an ideal aid for disaster recovery and contingency planning -- assuming that the SSL VPN hardware is robust enough to support that many simultaneous users.</p> <p>The OpenVPN Access Server follows a significantly different licensing model than the other products in this article. There is no hardware appliance available; all OpenVPN Access Server servers are <i>virtual</i>. This virtual server component can be downloaded for free, but organizations with a minimum of 10 users must pay an annual licensing fee for each simultaneous user. As of this writing, it's possible to purchase a 10-user concurrent license for under $100 per year. On the other hand, there does not appear to be a maximum limit to concurrent users, although -- obviously -- the hardware the server is deployed to will effectively limit simultaneous usage at some point.</p> <p>In general, there is no right answer as to which of these licensing models is best for specific organizations. Smaller ones may be interested in nearly any of the offerings, while larger organizations would likely tend toward products that support massive enterprises, such as Dell SonicWall SRA, Juniper Network SA Seriesm and OpenVPN Access Server.</p> </section> <section class="section main-article-chapter" data-menu-title="Criterion #4: Network access control"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Criterion #4: Network access control</h2> <p>A final criterion for SSL VPN product evaluation is support for network access control. This refers to a wide variety of features that involve checking the characteristics of the client device to confirm compliance with the organization's security policies. Examples include verifying the presence of current <a href="https://www.techtarget.com/searchsecurity/definition/antivirus-software">antivirus software</a> and authenticating a client-side digital certificate.</p> <p>Most products -- even those with only light clients, such as Barracuda SSL VPN -- do provide at least some support for network access control. Vendors are generally reticent to detail exactly how their network access control products work; many of which are likely to operate significantly differently on various OSs. So it is recommended as part of any evaluation to first identify the relevant desktop/laptop and mobile OS versions, then consult with the vendor to see which network access control features -- system health checks -- the products support on each platform.</p> <p>An example of robust network access control support involves the Dell SonicWall SRA product. It can verify whether mobile devices have been <a href="https://www.techtarget.com/whatis/definition/jailbreaking">jailbroken</a> or rooted; check if various security controls have been installed and configured properly, and examine client certificates and identifiers to ensure that the device itself is authorized for enterprise remote access use. Other products that advertise network access control support include Cisco IOS SSL VPN and Juniper Networks SA Series.</p> </section> <section class="section main-article-chapter" data-menu-title="Conclusion"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Conclusion</h2> <p>There is no clear frontrunner among the SSL VPNs covered in this article.  So much is dependent on an individual entity's needs in terms of client software support and OS support, simultaneous user licensing, and network access control.</p> <p>For example, an enterprise that allows BYOD may determine that it absolutely needs <a href="https://www.techtarget.com/searchsecurity/feature/Introduction-to-network-access-control-products-in-the-enterprise">network access control</a> to assure some degree of security among its remote access clients. In that case, it might favor products such as Dell SonicWall SRA and Juniper Networks SA Series that offer particularly rigorous network access control. Meanwhile, an organization that does not allow BYOD may find network access control superfluous for these devices.</p> <p>For smaller companies, all of these products offer some sort of acceptable solution. The Cisco IOS SSL VPN is best suited for organizations that already have another security product in place for their mobile devices; for example, a <a href="https://www.techtarget.com/searchsecurity/feature/Introduction-to-mobile-device-management-products">mobile device management system</a>. The Check Point Mobile Access Software Blade is appropriate for those already having Check Point security products deployed. Other products are well suited for a wider variety of small and medium sized organizations because of the resource access they grant, the range of client devices they support and their ability to provide network access features.</p> <p>For larger entities (thousands of concurrent users), definitely consider the Dell SonicWall SRA and the Juniper Networks SA Series, with the Check Point Mobile Access Software Blade and the OpenVPN Access Server following close behind. </p> <p> </p> </section> Expert Karen Scarfone examines the top SSL VPN products available today to help enterprises determine which option is the best fit for them. https://cdn.ttgtmedia.com/visuals/digdeeper/6.jpg https://www.techtarget.com/searchsecurity/feature/Comparing-the-top-SSL-VPN-products Tue, 28 Apr 2015 15:37:00 GMT Comparing the top SSL VPN products <p><b>It's pretty well known that just because logs of an attack show a source IP address from a particular country, it does not necessarily mean it's possible to assign attribution to that country. Is there a more effective way to identify where an attack is coming from?</b></p> <p>Unless you are working with law enforcement or have a specific reason, it's probably not worth the effort to determine where an attack is coming from. In any event, being able to locate an IP address location gives minimal information as to how to stop the attack other than by blocking the source IP or source network. If the attacking systems are using DHCP, proxies, compromised systems, VPNs, Amazon EC2 or any number of other methods that can allow for a change of source IP, however, blocking the source IP will be ineffective. Also, blocking based on IP or subnets requires some maintenance overtime, as IP blocks slowly change.</p> <p>It may be easier to define where connections are allowed to come from -- i.e., whitelist connections -- rather than where they are not allowed to come from. This may not be possible for Web servers or services that must be available to the public, but, for internal systems that need to be Internet accessible to a limited population, defining the sources might be possible and more secure. This is not to say you shouldn’t block IPs used in attacks for the duration of an attack, but you should understand the value of blacklisting and whitelisting IPs.</p> <p>If you really need to assign attribution to a country, you could look at decompiled binaries used in an attack to see if there are any clues to the language in use in comments, status messages reported by the software, logs of communications, keyboard mapping, OS version if it includes language configurations, or the time zone settings. These settings can give some information about the attacker.</p> What's the best way to determine the origin of a cyberattack? Expert Nick Lewis weighs in. https://cdn.ttgtmedia.com/visuals/digdeeper/2.jpg https://www.techtarget.com/searchsecurity/answer/Locate-IP-address-location-How-to-confirm-the-origin-of-a-cyberattack Thu, 25 Aug 2011 12:34:45 GMT Locate IP address location: How to confirm the origin of a cyberattack Search Security Resources and Information from TechTarget 60 webmaster@techtarget.com