Security, Mobile & Cloud - Caleb Barlow

Today, IBM made a series of announcements, including the planned acquisition of Resilient Systems, Inc., that will aim to provide organizations with a proactive, comprehensive approach to respond to cyber breaches more quickly and effectively across consulting, services and products. With Resilient Systems, a leader in incident response, IBM will be in a position to provide the industry’s first integrated end-to-end Security Operations and Response Platform offering that spans the entire life cycle of an attack, from protection and detection to response.  Hear more in this podcast from the team behind the effort.

One of the most dominant trends observed in the cybercrime during 2015 was the spread of organized crime groups to new territories.Using banking Trojans to attack banks in new geographies is a significant step because it is considered to be part of the malware’s evolution. Before they can venture into countries they never targeted before, crime groups have to invest in an adequate preparatory stage that includes reconnaissance of the banking systems in that geography. They also have to build or pay for the major components of amassing a botnet in that area: spam campaigns in the corresponding language using suitable social engineering ploys, web injections to match language and transaction authentication requirements, and local money mules they can rely on for moving the stolen money to the hands of the attackers.In this podcast we will examine some of the most impactful crossings made by malware in 2015, and unsurprisingly learn that all of them were made by major organized cybercrime groups.

Self-encrypting hard drives (SEDs) have been dubbed the security industry’s best-kept secret, but is the data inside really secure?With its ability to accelerate the drive-redeployment process, SEDs have been rising in popularity. Tune into this podcast to hear Rick Robinson, IBM Security Product Manager of Data Security, examine the security behind self-encrypting hard drives and some new-found security vulnerabilities that have recently been disclosed with SEDs.

Containerization (like Docker and IBM Containers) takes application portability to a new level. Applications can be packaged with everything they need to run for simplified, high-velocity deployment. By using native separation within the OS (Linux or Windows) organizations get many of the benefits of a VM without the overhead of a hypervisor. So what's the downside? Most security tools weren't designed to "play well" with containers. And many security teams aren't aware of the emerging threat models associated with rapid application development and containerized deployment. In this podcast we'll take a quick high-level look at how containerization and DevOps are transforming the application life cycle, explain what it means to security, and provide recommendations on the three things security teams should be doing about it now.