Cybercrime. Malware incidents. Data breaches. Compliance legislation. Today’s changing security landscape means you can’t leave anything to chance and new threats have kept us on our toes. What are some more of the unsettling things that need to be addressed? And how do you survive and advance in your career?

SiliconIndia‘s Security Conference 2011 which was held in Mumbai on 9th of April addressed all these questions and the challenges and issues at the forefront of enterprise security.
Web attacks are becoming extremely sophisticated and lethal for corporate environment and attackers end up finding exploitable entries on open surface. It is imperative to understand the associated threats and attack vectors to defend your assets by deploying software security measures, policies and controls across applications. During the conference, Shreeraj Shah, Director, Blueinfy & SecurityExposure said “In last few days we have seen lethal web hacks in the form of Comodo hack, Lizamoon and Zeus/Spyeye on mobile. Applications running on web or mobile are prime target for attackers, worms and hackers. Make no mistake in detecting these vulnerabilities on your applications before going live on Internet. World is getting hostile and these vulnerabilities can be exploited at ease, SQL injection and Cross Site Scripting are critical threat in current landscape. It is time we put security in Software Development Life Cycle and protect our application layer at source.”

Addressing the topic on ‘When Encryption Isn’t Enough’, Kamal Sharma, Technical Sales Consultant - India & SAARC, Trend Micro India said “Protecting proprietary information and intellectual property is vital to the success of any organization. Although security measures have been taken to secure these critical data from the outside world, the fact is that the greatest threat to data security comes from the inside from the very users who have access to corporate data resources. While many enterprises have successfully deployed or are in the process of implementing an encryption solution, protection against both outsiders and insiders requires a solution which is a combination of strong encryption technology and has DLP (Data Loss Prevention) functionality”.

After Encryption being discussed at length the event moved on to how to detect Identity fraud- Its Evolution and Solutions. Speaking on this, Tejas Lagad, Director of Product Management, BFSI, Nexus Technology said “Cyber fraud continues to be the top security risk faced by enterprises, especially in banking and other financial services sector. The recent RSA data breach shows that old technologies like hardware tokens are no longer effective in countering advanced threats. The only definitive way for countering phishing, pharming and man-in-the-middle attacks is to implement software tokens that can be used for both two-factor authentication and signing transactions. Versatile authentication systems help enforce risk-appropriate security that allows you to balance security with usability. Further, to counter modern malware such as banking Trojans an authentication suite must include an endpoint security assessment solution”.

Endpoint security