The document discusses the security risks of using older terminal emulation products. It notes that these products often do not conform to current security standards and do not give IT administrators proper control over security. Specifically, it outlines five reasons for this risk: 1) outdated encryption protocols, 2) uncontrolled macros that could capture credentials, 3) unencrypted tracing features, 4) lack of data masking, and 5) lack of a secure development process. It recommends updating to a modern product with strong security controls and protocols.
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningSymantec
What is machine learning and how can it be used to detect unknown threats?
What makes Symantec’s approach to machine learning different?
Defense in depth: Symantec Endpoint Protection 14
Can Symantec reboot its own blockbuster successSymantec
The company has revealed Advanced Threat Prevention, an on-premises appliance designed to offer a more integrated security product that combines network, endpoint and email security.
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningSymantec
What is machine learning and how can it be used to detect unknown threats?
What makes Symantec’s approach to machine learning different?
Defense in depth: Symantec Endpoint Protection 14
Can Symantec reboot its own blockbuster successSymantec
The company has revealed Advanced Threat Prevention, an on-premises appliance designed to offer a more integrated security product that combines network, endpoint and email security.
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...Symantec
Who should read this paper:
IT, security managers, and executives who use legacy on-premise two factor authentication solutions and are considering a switch to another provider’s solution for two-factor authentication should read this document. This solution brief offers advice about gauging the security of a new solution, understanding the ease of deployment and management, choosing the right strategy for migration, and measuring the total cost effectiveness of a new solution.
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
The recently disclosed Meltdown and Spectre vulnerabilities negatively impact the security of virtually every computer in the world today. These vulnerabilities allow an attacker to gain control of a computer’s processor and steal data located on that computer. Organizations that store data in the cloud are particularly susceptible.
During this webcast, Jimmy Graham, Director of Product Management for Qualys Threat Protection and Asset Inventory, showcased solutions that can help you determine the impact of Spectre and Meltdown across your global IT environments.
Understand how:
• To quickly and easily visualize Spectre and Meltdown vulnerabilities within your environment
• To track remediation progress as you patch against Spectre and Meltdown
• The Qualys Asset Inventory and Threat Protection apps will help you automate detection and track remediation progress
Watch the on-demand webcast: https://goo.gl/6FQ6uJ
Businesses are rapidly expanding beyond their traditional data center boundaries into the cloud, with hybrid cloud architectures becoming the new norm. As business-critical workloads and data get increasingly run on diverse platforms across multiple data centers, private and public clouds, it is imperative for IT business continuity solutions to keep pace with the transformation and to continue meeting business Service Level Agreements (SLAs).
Veritas Resiliency Platform makes it simple for organizations to innovate without compromising on critical business SLAs. Organizations can confidently adopt hybrid cloud architectures and predictably meet critical SLAs in spite of growing IT complexity. With a unified approach to IT Service Continuity, Resiliency Platform enables IT operations to deliver predictable service levels to the business while ensuring location independence, platform choice, and operational simplicity.
Beveiligingsdag SLBdiesten: 26 juni 2015
Presentatie McAfee: Leer hoe op een (kosten)efficiënte manier gebruik kunt maken van nieuwe, geïntegreerde McAfee-technologieën voor de bescherming tegen geavanceerde malware. Door Wim van Campen, Regional Vice President North & East Europe, Intel Security.
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
Need a crash course on SIEM? No problem. Our security gurus will explain what SIEM is (and isn’t) and how to get up and running with it quickly and painlessly.
You'll learn everything you need to know about:
* Critical information stored in your logs and how to leverage it for better security
*Requirements to effectively perform log collection, log management, and log correlation
*How to integrate multiple data sources
*What features to look for in a SIEM solution
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Qualys
Learn to effectively navigate the security risks, new regulations, and new technologies on your journey to a secure and compliant digital transformation with this Qualys webcast series.
In this webcast, Tim White, Director of Product Management at Qualys, explained how Qualys helps customers worldwide comply with the European Union General Data Protection Regulation (GDPR).
You will learn how Qualys’ security and compliance apps enable GDPR compliance by:
• Tracking and classifying the IT assets which contain EU customers’ personal data
• Providing ongoing protection of personal data across global IT environments and third parties
• Maintaining continuous visibility of your organization’s GDPR compliance state
Watch the on-demand recording: https://goo.gl/DkNq52
So You Got That SIEM. NOW What Do You Do? by Dr. Anton ChuvakinAnton Chuvakin
So You Got That SIEM. Now What Do You Do? Anton Chuvakin, Principal, Security Warrior Consulting (@anton_chuvakin)
Many organization that acquired Security Information and Event Management (SIEM) tools and even simpler log management tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use" and "totally intuitive."
So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful?
At this presentation, you will learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made. And laugh at some hilarious stories of "SIEM FAIL" of course! As a bonus track, how to revive a FAILED SIEM deployment you inherited at your new job will be discussed.
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
Trends like the increased use of cloud computing by businesses and their vendors introduce new complexities in reducing risk and assessing security across the supply chain. Demonstrating continuous risk reduction and compliance with internal policies and external regulations, fixing violations and configuration drift, centrally managing exceptions, and documenting progress are all common challenges.
The Center for Internet Security’s (CIS) Critical Security Controls (CSCs) were selected and prioritized by leading security experts to stop today’s most common and serious cyber threats. By implementing these controls, organizations can improve their security posture and reduce the risk of threats to critical assets, data, and network infrastructure.
In this webcast SANS Senior Analyst John Pescatore and Tim White, Director of Product Management for Qualys Policy Compliance (PC), discuss how you can achieve continuous security and compliance, and leverage Qualys solutions to address all 20 CSCs.
The presentation encompasses:
• An overview of the CIS Critical Security Controls, including ongoing updates
• Success patterns organizations have demonstrated for using the controls to their advantage
• How an automation can reduce the staffing load to determine whether controls are in place and effective
• How to prioritize remediation efforts
• Real-world examples of recent attacks that leveraged misconfigured systems
Watch the on-demand webcast: https://goo.gl/j6Posx
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
In this presentation from her webinar, renowned cybersecurity expert Paula Januszkiewicz delves into what a truly holistic vulnerability management program should look like. When all parts are correctly established and working together, organizations can dramatically dial down their risk exposure. This presentation covers:
- The key phases and activities of the vulnerability management lifecycle
- The tools you need for an effective vulnerability management program
- How to prioritize your VM needs
- How an effective VM program can help you measurably reduce risk and meet compliance objectives
You can watch the full webinar here: https://www.beyondtrust.com/resources/webinar/tips-remediate-vulnerability-management-program
Open Source IDS Tools: A Beginner's GuideAlienVault
This SlideShare provides an overview of the various Open Source IDS tools available today. Whether you need to monitor hosts or the networks connecting them to identify the latest threats, these are some great open source intrusion detection (IDS) tools available to you.
Security Vulnerabilities in Modern Operating SystemsCisco Canada
The Common Exposures and Vulnerabilities database has over 25 years of data on vulnerabilities in it. In this deck we dig through that database and use it to map out trends and general information on vulnerabilities in software in the last quarter century. For more information please visit our website: http://www.cisco.com/web/CA/index.html
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Qualys
Learn to effectively navigate the risks, new regulations, and new technologies on your journey to a secure and compliant digital transformation with this Qualys webcast series.
In this webcast, Chris Carlson, Vice President of Product Management at Qualys, discussed how enterprises can achieve immediate visibility across on-premises, endpoint, and cloud IT environments with Qualys Cloud Platform and its powerful, natively integrated security and compliance applications.
You will learn how Qualys Cloud Platform allows you to:
• Have all of your data analyzed in real time
• Respond to threats immediately
• See the results in one place, in just seconds
• Protect your digital transformation efforts
Watch the on-demand recording: https://goo.gl/gC7jZR
HMI/SCADA 리스크 감소
돌발적인 가동중지를 최소화하고 조직을 보호할 수 있는 핵심 단계
Decrease your HMI/SCADA risk
Key steps to minimize unplanned downtime and protect your organization
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...Symantec
Who should read this paper:
IT, security managers, and executives who use legacy on-premise two factor authentication solutions and are considering a switch to another provider’s solution for two-factor authentication should read this document. This solution brief offers advice about gauging the security of a new solution, understanding the ease of deployment and management, choosing the right strategy for migration, and measuring the total cost effectiveness of a new solution.
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
The recently disclosed Meltdown and Spectre vulnerabilities negatively impact the security of virtually every computer in the world today. These vulnerabilities allow an attacker to gain control of a computer’s processor and steal data located on that computer. Organizations that store data in the cloud are particularly susceptible.
During this webcast, Jimmy Graham, Director of Product Management for Qualys Threat Protection and Asset Inventory, showcased solutions that can help you determine the impact of Spectre and Meltdown across your global IT environments.
Understand how:
• To quickly and easily visualize Spectre and Meltdown vulnerabilities within your environment
• To track remediation progress as you patch against Spectre and Meltdown
• The Qualys Asset Inventory and Threat Protection apps will help you automate detection and track remediation progress
Watch the on-demand webcast: https://goo.gl/6FQ6uJ
Businesses are rapidly expanding beyond their traditional data center boundaries into the cloud, with hybrid cloud architectures becoming the new norm. As business-critical workloads and data get increasingly run on diverse platforms across multiple data centers, private and public clouds, it is imperative for IT business continuity solutions to keep pace with the transformation and to continue meeting business Service Level Agreements (SLAs).
Veritas Resiliency Platform makes it simple for organizations to innovate without compromising on critical business SLAs. Organizations can confidently adopt hybrid cloud architectures and predictably meet critical SLAs in spite of growing IT complexity. With a unified approach to IT Service Continuity, Resiliency Platform enables IT operations to deliver predictable service levels to the business while ensuring location independence, platform choice, and operational simplicity.
Beveiligingsdag SLBdiesten: 26 juni 2015
Presentatie McAfee: Leer hoe op een (kosten)efficiënte manier gebruik kunt maken van nieuwe, geïntegreerde McAfee-technologieën voor de bescherming tegen geavanceerde malware. Door Wim van Campen, Regional Vice President North & East Europe, Intel Security.
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
Need a crash course on SIEM? No problem. Our security gurus will explain what SIEM is (and isn’t) and how to get up and running with it quickly and painlessly.
You'll learn everything you need to know about:
* Critical information stored in your logs and how to leverage it for better security
*Requirements to effectively perform log collection, log management, and log correlation
*How to integrate multiple data sources
*What features to look for in a SIEM solution
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Qualys
Learn to effectively navigate the security risks, new regulations, and new technologies on your journey to a secure and compliant digital transformation with this Qualys webcast series.
In this webcast, Tim White, Director of Product Management at Qualys, explained how Qualys helps customers worldwide comply with the European Union General Data Protection Regulation (GDPR).
You will learn how Qualys’ security and compliance apps enable GDPR compliance by:
• Tracking and classifying the IT assets which contain EU customers’ personal data
• Providing ongoing protection of personal data across global IT environments and third parties
• Maintaining continuous visibility of your organization’s GDPR compliance state
Watch the on-demand recording: https://goo.gl/DkNq52
So You Got That SIEM. NOW What Do You Do? by Dr. Anton ChuvakinAnton Chuvakin
So You Got That SIEM. Now What Do You Do? Anton Chuvakin, Principal, Security Warrior Consulting (@anton_chuvakin)
Many organization that acquired Security Information and Event Management (SIEM) tools and even simpler log management tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use" and "totally intuitive."
So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful?
At this presentation, you will learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made. And laugh at some hilarious stories of "SIEM FAIL" of course! As a bonus track, how to revive a FAILED SIEM deployment you inherited at your new job will be discussed.
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
Trends like the increased use of cloud computing by businesses and their vendors introduce new complexities in reducing risk and assessing security across the supply chain. Demonstrating continuous risk reduction and compliance with internal policies and external regulations, fixing violations and configuration drift, centrally managing exceptions, and documenting progress are all common challenges.
The Center for Internet Security’s (CIS) Critical Security Controls (CSCs) were selected and prioritized by leading security experts to stop today’s most common and serious cyber threats. By implementing these controls, organizations can improve their security posture and reduce the risk of threats to critical assets, data, and network infrastructure.
In this webcast SANS Senior Analyst John Pescatore and Tim White, Director of Product Management for Qualys Policy Compliance (PC), discuss how you can achieve continuous security and compliance, and leverage Qualys solutions to address all 20 CSCs.
The presentation encompasses:
• An overview of the CIS Critical Security Controls, including ongoing updates
• Success patterns organizations have demonstrated for using the controls to their advantage
• How an automation can reduce the staffing load to determine whether controls are in place and effective
• How to prioritize remediation efforts
• Real-world examples of recent attacks that leveraged misconfigured systems
Watch the on-demand webcast: https://goo.gl/j6Posx
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
In this presentation from her webinar, renowned cybersecurity expert Paula Januszkiewicz delves into what a truly holistic vulnerability management program should look like. When all parts are correctly established and working together, organizations can dramatically dial down their risk exposure. This presentation covers:
- The key phases and activities of the vulnerability management lifecycle
- The tools you need for an effective vulnerability management program
- How to prioritize your VM needs
- How an effective VM program can help you measurably reduce risk and meet compliance objectives
You can watch the full webinar here: https://www.beyondtrust.com/resources/webinar/tips-remediate-vulnerability-management-program
Open Source IDS Tools: A Beginner's GuideAlienVault
This SlideShare provides an overview of the various Open Source IDS tools available today. Whether you need to monitor hosts or the networks connecting them to identify the latest threats, these are some great open source intrusion detection (IDS) tools available to you.
Security Vulnerabilities in Modern Operating SystemsCisco Canada
The Common Exposures and Vulnerabilities database has over 25 years of data on vulnerabilities in it. In this deck we dig through that database and use it to map out trends and general information on vulnerabilities in software in the last quarter century. For more information please visit our website: http://www.cisco.com/web/CA/index.html
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Qualys
Learn to effectively navigate the risks, new regulations, and new technologies on your journey to a secure and compliant digital transformation with this Qualys webcast series.
In this webcast, Chris Carlson, Vice President of Product Management at Qualys, discussed how enterprises can achieve immediate visibility across on-premises, endpoint, and cloud IT environments with Qualys Cloud Platform and its powerful, natively integrated security and compliance applications.
You will learn how Qualys Cloud Platform allows you to:
• Have all of your data analyzed in real time
• Respond to threats immediately
• See the results in one place, in just seconds
• Protect your digital transformation efforts
Watch the on-demand recording: https://goo.gl/gC7jZR
HMI/SCADA 리스크 감소
돌발적인 가동중지를 최소화하고 조직을 보호할 수 있는 핵심 단계
Decrease your HMI/SCADA risk
Key steps to minimize unplanned downtime and protect your organization
TECHNICAL BRIEF Protecting & Migrating Legacy Windows OSesSymantec
End of Support is Not the End of Business
Businesses need to be prepared for the end of support of operating systems (OSes), especially if the OS is used enterprise-wide or runs business critical applications, such as Microsoft® Windows XP® and Windows Server® 2003.
As you know, Microsoft ended support for Windows XP on 8 April 2014, and will similarly pull the plugon Windows Server 2003 on 14 July 2015. Without any security patches, Microsoft has cautioned that “PCs running Windows XP after April 8, 2014 should not be considered to be protected”.
However, many organisations stick with their legacy Windows systems, even after support ends. Changing an OS across the entire organisation opens up the risk of downtime for mission critical applications. Migrating to a new OS is also manpower-intensive, and could easily lead to time and cost overruns.
Not surprisingly, companies see very little incentive to replace an unsupported but still functional OS—until there is an overwhelmingly urgent need to do so. In addition, their business may be dependent on old, proprietary applications that cannot run on newer platforms. Yet, it’s crucial for organisations to understand the risks of running an out-of-support OS against the costs and effort of migrating to a new one.
Endpoint security will helps in enhancing protection to corporate networks. It prevents from threats, virus and monitor potential entry in the network. Would you like to know more about the endpoint security working mechanism, then click here https://www.comodo.com/business-enterprise/endpoint-protection/endpoint-security-manager.php
Whitepaper Abstract
This white paper explains why application whitelisting is being rapidly adopted as a security and control solution for control systems.
In three major sections, the paper:
Provides a detailed perspective on how application whitelisting technology works.
Discusses the use and benefits of whitelisting technologies in control system and Energy environments.
Explains how the technology is adapting to function in environments where controlled software changes are needed.
CoreTrace Whitepaper: Application Whitelisting And Energy SystemsCoreTrace Corporation
Whitepaper Abstract
This white paper explains why application whitelisting is being rapidly adopted as a security and control solution for SCADA systems.
In three major sections, the paper:
Provides a detailed perspective on how application whitelisting technology works.
Discusses the use and benefits of whitelisting technologies in SCADA and Energy environments.
Explains how the technology is adapting to function in environments where controlled software changes are needed.
Ten questions to ask before choosing SCADA softwareTrihedral
http://www.trihedral.com - When creating SCADA specifications, engineering firms must focus on meeting the immediate start-up and operational requirements of the SCADA system. This often means specifying products with which they are familiar. The engineer wants to ensure that the new system meets all start-up requirements at a reasonable price. It is often difficult to look past the immediate project and consider long range plans, cost of system maintenance, and keeping your SCADA application current with evolving technology. The following questions may help you ensure that these decisions will optimize your long-term SCADA strategy.
Remote connectivity is crucial for enterprise productivity and SSL has gained fast popularity as a remote access
tool. In fact, SSL VPNs as a technology have shown promise in eliminating many of the client side issues associated
with IPSec, and other forms of remote access. Furthermore, SSL VPNs offer a smooth migration to a more costeffective,
easier to deploy remote access solution than IPSec. SSL VPN’s combination of flexibility and functionality
makes it competitive with IPSec even when deployed for enterprise’s “power users.”
In today’s crowded SSL VPN market, it’s easy to become overwhelmed by the wide range of solutions available.
Obviously, there are many factors to consider when purchasing an SSL VPN product, and you want to make the
best choice possible. This SSL VPN Evaluation Guide serves as an important resource in identifying, describing, and
prioritizing the criteria you should consider when selecting an SSL VPN provider that best fits the needs of your
organization.
Selection Criteria
In coming up with a selection criteria, the functions offered by SSL VPNs have to be evaluated against two key
aspects: security and user experience. A truly successful deployment of a secure access solution cannot be achieved
without taking both aspects into consideration. Look for an SSL VPN that can also serve the organization’s longterm
needs, integrates seamlessly with the network architecture, and provides powerful management tools. The
optimal provider will exceed in these key areas:
n Performance and scalability
n Security
n Ease of use
n Company reputation
n Technology leadership
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesSymantec
Protecting a business’s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure with both customer and partner portals. The infrastructure typically employs a mix of databases, in-house applications, third-party applications and web services, running in a heterogeneous OS environment and is constantly changing as technology advances and new business applications are added.
To ensure a base level of security and compliance, IT installs antivirus and uses a complex series of static network zones to protect the infrastructure.
This approach makes it difficult and slow to deploy new business applications and only provides protection from a casual attacker. The architecture becomes more complex as more applications and business services are introduced. Increasing IT infrastructure complexity also exacerbates existing challenges in protecting the environment from zero-day threats and from malicious actors eager to take advantage of newly discovered vulnerabilities.
READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS Gregory McNulty
Cryptography is a fundamental building block of secure system design that security architects use as part of a layered approach to keep information private, and protect systems against fake communications. Potential attacks against networks and systems can be achieved by subverting communications and introducing havoc using specially constructed false messages. These types of attacks are safeguarded against when using proper modern cryptography to check the authenticity of messages and guard their privacy.
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMSGregory McNulty
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
Cryptography is a fundamental building block of secure system design that security architects use as part of a layered approach to keep information private, and protect systems against fake communications. Potential attacks against networks and systems can be achieved by subverting communications and introducing havoc using specially constructed false messages. These types of attacks are safeguarded against when using proper modern cryptography to check the authenticity of messages and guard their privacy.
READ ON HOW FUTURE PROOFING TODAY’S SECURE SYSTEMS
110006_perils_of_aging_emul_wp
1. The Perils of Aging Terminal Emulators
Why older emulators present a high security risk
Data on host systems is often the most sensitive on the
network. Terminal emulators on the desktop provide
access to these systems, but many organizations are
still using older products, deployed using best practices
from many years ago.
Older terminal emulators often don’t allow organizations
to comply with current security standards, and they
don’t give IT administrators the customization control
they need to properly secure their network. Yet many
companies are unaware of the inherent risks of staying
with older products.
Does your terminal emulation client conform to modern
security standards? Is your key business and customer
information secure? Because security breaches and
insider fraud are on the rise, organizations must protect
their sensitive data more tightly and comply with new
government regulations and standards such as PCI-DSS,
USGCB, FDCC, and FIPS 140, which are designed to
strengthen desktop deployment and data security.
Staying on an older emulator can put your networks
and your sensitive data in a vulnerable position. But
modernizing your terminal emulation deployment can
keep you compliant and protect against threats.
Here are five reasons why you should consider updating
your terminal emulation product:
1) Your security protocols might not
be truly secure.
If you’re using an older terminal emulator, the
product’s SSL/TLS and SSH encryption and
authentication technology probably isn’t secure.
Although most emulators include SSL/TLS
and SSH technologies, which provide secure
authentication to host systems and encrypt
transmission of sensitive corporate data,
hackers expose new vulnerabilities in these
protocols nearly every month.
With terminal emulation products, fixes to these
vulnerabilities aren’t automatically pushed
to customers; instead, they’re addressed in
product updates. If you’re not using the latest
version of your product, you’re likely exposed
to a number of vulnerabilities in your SSL/TLS
and SSH protocols.
In older emulation products, these protocols aren’t
lacking just important security fixes. They’re also
missing new capabilities that have been added over
the years, particularly on the authentication side, to
better secure your connections to host systems. These
additional safeguards aren’t available until you upgrade
your terminal emulator.
To provide truly secure host connectivity, your emulator
should contain military-strength SSH and SSL and be
certified with the latest standards.
2) What you don’t know CAN hurt you:
end-user macros.
Do you know where your macros are in the enterprise?
What do they do? If you don’t know the answers to these
questions, you’re exposed to a large, unknown risk.
All terminal emulation clients allow end users to record
macros to automate their daily tasks. Most terminal
emulators allow customers to build sophisticated macros
using tools like Visual Basic for Applications (VBA).
These advanced macros might allow users to record
everything typed into a host system, including sign-on
credentials. Or they might allow repetitive crawling
through screens to extract or update data on the host.
Not only that, deployment practices from years ago
allow users to easily share risky macros like these via
e-mail and sneaker-net.
The Perils of Aging Terminal Emulators
Why older emulators present a high security risk
WHITE PAPER
Risky macros allow sensitive business data, including user credentials, to be recorded,
copied, and shared.
