Jeh Johnson, at his confirmation hearing to be the next Homeland Security secretary, pledges to fix internal cybersecurity problems at DHS before seeking further authority to have the department help other agencies get their IT security houses in order.
Security teams struggling to detect signs of threats hidden in mountains of data are attracted to big data analytics. But experts advise security professionals to take an incremental approach, starting out with smaller projects.
Too many organizations are spending far too much money on gathering big data that they cannot put to good use, such as for fraud prevention, says IDC analyst Jerry Silva, who stresses that investments must have strategic value.
Organizations still have concerns about sharing too much data and threat intelligence to help thwart attacks. But EMC's Kathleen Moriarty says organizations' fears about intellectual property compromises are overblown.
While user education is valuable, needed and helpful, there is one problem with this approach - it only partially works, and partially working is simply not good enough, security expert George Tubin contends.
Today's spear-phishing campaigns are localized, small and can slip through typical spam filters. As a result, detection practices have to evolve, says researcher Gary Warner of the University of Alabama at Birmingham.