Richard Stiennon

Chief Research Analyst

IT-Harvest


The Latest on the Heartbleed Bug

Posted on: 10 Apr 2014

In the days since the Heartbleed Bug, a vulnerability in OpenSSL heart beat function, was exposed we have begun to see signs of the Internet bleeding out. Bruce Schneier ranks this issue an 11 on a scale of 1 to 10. Read the original Heartbleed post at heartbleed.com and then read this great explanation of…

Heartbleed Vulnerability is a Major Heartache

Posted on: 08 Apr 2014

The announcement yesterday of a widely deployed vulnerability in OpenSSL, the Heartbleed Bug, is set to shake up the security industry. According to the discoverers at Codenomicon and Google, all Apache web servers and most recent distributions of open source operating systems suffer from this bug in the way a SSL heartbeat function works. An attacker can…

Firewall Policy Management Evolves to Security Policy Orchestration

Posted on: 07 Apr 2014

This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production. As networks have grown and network security device deployments have skyrocketed, it has become much more difficult to manage the…

Cyber Policy Experts to Follow on Twitter

Posted on: 05 Apr 2014

The emerging field of cyber policy is attracting government, academic, and technology experts. Here is a list of cyber policy experts from around the world who are well worth following on Twitter. You can follow them individually or read their posts on this Twitter list we have created. Please tweet suggested additions to the list…

Breach Detection Report From NSS Labs Defines Winners/Losers

Posted on: 04 Apr 2014

NSS Labs has issued the first test results of Breach Detection Systems (BDS). Breach Detection, sometimes called Advanced Malware Defense, is usually a gateway device that inspects downloaded executables by detonating them in virtualized environments and inspecting them for behavior that indicates the presence of malware. Command and Control communications is a key indicator that…

Why Is Congress So Hot on Information Sharing?

Posted on: 03 Apr 2014

A perplexing question for those in IT security is why are so many in government pushing for “information sharing” as their solution to the cyber crisis? The crisis is apparent and shows up as the preamble to every proposed bill and National Cybersecurity Strategy. But what about information sharing? If one where to create a…

Where Are the US Tech Heroes?

Posted on: 02 Apr 2014

It has been three months since the world learned that the NSA’s Signals Intelligence Directorate, through its Tailored Access Operations (TAO) has been deploying backdoors in Cisco, Juniper, Huawei, Dell, and several hard drive manufacturer’s gear. The response from them so far? Weak protestations that they knew nothing of this. What they don’t get is…

Never The Twain Shall Meet: Why Network Security Vendors Should Stay Away From End Point Security, and Vice-Versa

Posted on: 01 Apr 2014

There would be many more successful security companies if their founders and leaders had a better understanding of the IT security space. One fallacy that will not die is the idea that, to grow, a vendor must be a full stack solution. There is no question that every organization needs to deploy layered security. Solutions…

How Symantec Can Pull Out of a Tail Spin

Posted on: 24 Mar 2014

It should come as no surprise to anyone that Symantec’s recently fired CEO Steve Bennett’s strategy of cut costs and improve operations has failed miserably. As I wrote when Symantec’s board replaced then CEO Enrique Salem with Bennett, in the IT security industry innovation far outweighs the usual business practices of accounting, inventory control, and workforce “optimization.” …

What Will A Russia-Ukraine Cyberwar Look Like?

Posted on: 03 Mar 2014

Update March 4:  According to a Renysis Blog post from February 26 Ukraine has very resilient Internet connectivity not likely to be disrupted by a single event.  According to Reuters Tuesday Valentyn Nalivaichenko, the head of Ukraine’s SBU security service,  told a news briefing “I confirm that an IP-telephonic attack is under way on mobile phones of members…