Richard Stiennon

Chief Research Analyst

IT-Harvest


Mark Your Calendar: May 13 Greenwald To Post More Snowden Docs

Posted on: 09 May 2014

At the bottom of yesterday’s post on General Alexander’s extended interview with The Australian Financial Review, Glenn Greenwald appended: “The release date for my book on the NSA, privacy, and our reporting of the surveillance story, No Place to Hide, is next Tuesday, May 13, at which time all of the previously unpublished NSA documents…

Target CEO Ousted

Posted on: 05 May 2014

The list of top executives at Target who have been ousted because of the massive breach late last year has now extended to its President and CEO, Gregg Steinhafel. Target’s Chief Financial Officer John Mulligan will serve as interim CEO. This is the biggest impact on a major corporation’s C-suite since the blood bath at CSX…

A Rise in Cyber Academies

Posted on: 02 May 2014

Academia is acquiring an interest in cyber education on many fronts. Not likely to crank out cyber warriors at anywhere close to the rate needed to meet current demand, they are nonetheless anxious to participate in a real trend. De Montfort University’s Cyber Security Centre in Leicester, England offers undergrad, graduate, and PhD degrees in…

Browsing Security. Again. Major Vulnerability in IE.

Posted on: 29 Apr 2014

Here we go again. A major zero day vulnerability in a widely deployed application, Internet Explorer, has been discovered. The usual cycle of discovery-disclosure-patch-announcement-exploitation has bee reversed this time. FireEye Research Labs discovered the exploit being actively used in what they have dubbed “Operation Clandestine Fox.” The fact that a zero day in IE6 through…

Putting Breaches in Perspective

Posted on: 29 Apr 2014

Last year SafeNet sponsored my work on a project to develop the Breach Level Index (BLI). The BLI is designed to provide a simple way to input publicly disclosed information on data breaches and calculate a score indicating breach severity. I looked at other scales that had been created such as wind severity classified by the…

White House Statement on Heartbleed Bug Misses the Mark

Posted on: 29 Apr 2014

This week the White House felt the need to formalize statements the President has made on responsible disclosure. They did so through a blog post penned by Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator. Daniel acknowledges the issue, partly highlighted by the insinuation that the HeartBleed bug may have been known and used…

Norse Exposes Dark Intelligence

Posted on: 28 Apr 2014

This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. The rise of highly targeted attacks is disrupting the security industry with many new solutions coming to market that seek…

Active Threat Protection: The Future of Managed Security Services

Posted on: 24 Apr 2014

This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. Cisco’s announcement earlier this week that they were launching a Threat Defense Managed Service was surprising in that it was the first…

New RedSeal CEO Breathes New Life into Company

Posted on: 24 Apr 2014

This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. While it is fairly common for the Chairman of the Board of a publicly traded company to step in to…

Cisco Launches Managed Threat Defense Service

Posted on: 22 Apr 2014

The very best security teams I have worked with engage in continuous network monitoring and analysis. They capture downloaded executables and detonate them in sandboxed environments to extract key indicators of attack and store those in a library that runs against network traffic to identify ongoing attacks. It is hard to come by the skill…