As enterprise IT gets more complex figuring out exactly where the latest security flashpoint is has become increasingly more difficult.

As IT organizations confront the imminent prospect of a network upgrade to deal with the demand for increased bandwidth being created by everything from mobile to cloud computing and back again, Cisco Systems is making a case for increased security being thrown in as part of the bargain.

One of the more subtle aspects of and bigger lessons learned from IPv6 from a security perspective is how easy a technology developed to solve a specific problem can wind up being misappropriated.

While most of the focus on cybercrime these days has been on financially motivated attacks,  “hactivism” has re-emerged as the primary motivation behind distributed denial of service (DDoS) attacks.

On average any given website is probed by hackers 18 times an hour. And that's good news -- last year, sites were probed an average of 27 times per hour. But the bad news is once hackers decide to attack, they launch on average 38,000 attacks an hour, or roughly 10 attacks a second -- up from 27,000 attacks per hour recorded in January 2011.

Managing IT security can be a thankless job in more ways than one, especially given the size of the task at hand. To really figure out what is happening and when it's happening, IT security managers must sift through massive amounts of systems log data.

For all the concerns about cybercrime and digital espionage the threat that can do the most harm to any organization is the one that comes from inside. It doesn’t take much these days for a disgruntled employee to become motivated enough to share valuable business information with outsiders. Whether it’s for revenge or profit, most IT organizations are not really prepared to prevent that leak from happening or identify the source of that leak once it happens.

For many IT organizations, the management of firewalls today is a slow, painful process. The rules these firewalls rely on generally were put in place years ago, and subsequent firewall administrators have been loath to change them for fear of making things worse. To make matters more interesting, security administrators now find themselves trying to manage multiple firewalls from different vendors, all of which come with their own arcane management console.

In many enterprises, the use of software-as-a-service (SaaS) applications is spinning out of control, yet most companies don't know what to do about it, given the fact that the consumerization of IT appears to be an unstoppable trend.

A lot of people seem to be under the impression that virtual servers and desktops are secure environments because virtualization inserts a layer of software between the underlying operating system and the applications running on top of them.

FBI Director Robert Mueller told the U.S. House Permanent Select Committee on Intelligence this week that cyberthreats will equal or surpass the threat from counterterrorism in the relatively near future.

Unfortunately, when it comes to mobile security it looks like things might get a lot worse before they get better.

As security increasingly becomes a service delivered via the cloud, the number of endpoints that are unprotected should substantially drop in the months and years ahead.

The National Institute for Standards and Technology (NIST) this week published some additional guidelines for cloud computing security this week that would appear to put the onus for security in the cloud clearly on the end user.

With each passing day it’s becoming clear that law enforcement organizations are gaining more insight into the cybercriminal community.

There’s no better example of how much IT security is still considered an afterthought than the whole shift to agile application development. In theory, agile application development is a major business boon because it dramatically increases the rate at which new application and follow-on updates are delivered.

As security researchers look for patterns to all the various types of attacks that were launched in 2011, there is one glimmer of optimism that should warm the hearts of IT security administrators everywhere.

It’s hell week for many IT security professionals: Not only did Microsoft issue its usual raft of “Patch Tuesday” security updates, one of which involved a critical flaw to the Windows Media player, but Adobe Software also issued several updates as part of an ongoing process to address fundamental security issues.

There’s nothing quite like the simultaneous announcement of hundreds of mobile computing devices to draw one's attention to IT security issues. The Consumer Electronics Show (CES) this week is playing host to the launch of a raft of mobile computing devices, ranging from ultra notebooks and smartphones that will run Windows 8 to prototype devices that run the Linux distribution from Canonical.

Security in the coming year is going to be more complex than ever to manage. The attack vectors are widening and the skill sets of the hacker community are getting sharper with each passing day.