Last year SafeNet sponsored my work on a project to develop the Breach Level Index (BLI). The BLI is designed to provide a simple way to input publicly disclosed information on data breaches and calculate a score indicating breach severity. I looked at other scales that had been created such as wind severity classified by the…
DetailsThis week the White House felt the need to formalize statements the President has made on responsible disclosure. They did so through a blog post penned by Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator. Daniel acknowledges the issue, partly highlighted by the insinuation that the HeartBleed bug may have been known and used…
DetailsThis series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. The rise of highly targeted attacks is disrupting the security industry with many new solutions coming to market that seek…
DetailsIn an ideal world threat intelligence should prevent IT security incidents from occurring in the first place; however, in reality incidents are inevitable, often with associated data breaches. Post-event clear up requires intelligence gathering as well and the quicker this can be done the better. As incident response capability speeds up the ability to use…
DetailsThis series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. Cisco’s announcement earlier this week that they were launching a Threat Defense Managed Service was surprising in that it was the first…
DetailsThis series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. While it is fairly common for the Chairman of the Board of a publicly traded company to step in to…
DetailsThe very best security teams I have worked with engage in continuous network monitoring and analysis. They capture downloaded executables and detonate them in sandboxed environments to extract key indicators of attack and store those in a library that runs against network traffic to identify ongoing attacks. It is hard to come by the skill…
DetailsThis series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. Despite years of investment in multiple layers of security defenses, every organization is still wide open to targeted attacks. It…
DetailsThis series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. The Ponemon Institute published a survey earlier this year on incident response readiness. (You can download the entire report from…
DetailsThis series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. In a recent post I discussed trust interfaces as a method of evaluating and improving security strategies. One of those…
Details