Richard Stiennon

Chief Research Analyst

IT-Harvest


Security Analytics: Essential Cyber Defense Capability

Posted on: 22 Apr 2014

This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. Despite years of investment in multiple layers of security defenses, every organization is still wide open to targeted attacks. It…

Ponemon Survey Reveals Lack of Incident Response Maturity

Posted on: 21 Apr 2014

This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. The Ponemon Institute published a survey earlier this year on incident response readiness. (You can download the entire report from…

Crafting an Insider Threat Strategy

Posted on: 19 Apr 2014

This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. In a recent post I discussed trust interfaces as a method of evaluating and improving security strategies. One of those…

Use Marty Roesch’s BDA to Keep BAD Things from Happening

Posted on: 18 Apr 2014

This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. Marty Roesch is a pioneer in network security. He is the creator of the open source IDS product SNORT and…

Reducing Time-to-Resolution With Network Analytics

Posted on: 18 Apr 2014

This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. When Boeing acquired Narus in 2010, it was one of the few acquisitions of a Silicon Valley IT security company…

Commtouch Pivots to a Product Vendor as Cyren

Posted on: 18 Apr 2014

This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. Commtouch has been in stealth mode for 20 years. Industry veterans know that many of the endpoint security suites, UTM…

Was the Heartbleed Bug Disclosed Responsibly?

Posted on: 16 Apr 2014

Responsible disclosure is a burning issue it the world of software and security. If a security flaw is discovered by  a researcher (sometimes called a hacker) what are the responsible actions the discoverer should take? There was a time when many security flaws were just published willy-nilly to a mail list or website. Researchers sought…

Cyphort Adding Context to Advanced Malware Detection

Posted on: 15 Apr 2014

This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid a fee to cover the expense of producing the videos. As malware become both more sophisticated and more targeted traditional AV began to fail.…

Evidence Appearing That NSA Knew About Heartbleed

Posted on: 11 Apr 2014

While Bruce Schneier may have been jumping to conclusions when he said: “At this point, the probability is close to one that every target has had its private keys extracted by multiple intelligence agencies.” It did not take long for at least a couple of traces of recorded network traffic, as reported by Ars Technica,…

Using Trust Interfaces to Build an IT Security Strategy

Posted on: 11 Apr 2014

After presenting this week at InfoSecWorld 2014 on Why Risk Management Fails, I was asked by a frustrated risk management professional how to build an IT security program. The days are gone when I could just sketch out a list of technologies to deploy, as I did for the newly appointed CISO of a government…