There are a handful of steps, many common sense, that companies should take following a data breach. Naturally, following an established remediation plan, understanding what happened, and initiating an investigation around a breach are critical incident response steps. Adopting a data-centric frame of mind when it comes to security shouldn’t be too far down a…
Details
As 2018 is upon us, it’s time to take stock of our new realities and commit to better behavior that benefits us and our companies. The discussion of the perimeterless enterprise is not new. In fact, the term “de-perimeterisation” was coined by Jon Measham, a former employee of the UK’s Royal Mail in a research paper, and subsequently…
Details
It’s still early in 2018, and we’ve already been hit with one of the widest-reaching security flaws of all time. What makes the recent Spectre vulnerability a serious problem is the fact that it has been in place for 20 years and is the result of optimization for performance. While there are no known, documented…
Details
As cybersecurity matures as an industry, network defenders understand that preventing attack, while best case, is not foolproof. However, just because an adversary compromises a machine does not mean the battle is lost. In fact, it has just begun. In this article, I’ll describe how evolving your cybersecurity strategy from singleton instance detection to detecting…
Details
When my company launched in October 2015, few security folks even knew what software containers were. We might as well have been securing shipping containers! Development and DevOps teams, on the other hand, already were enthusiastically embracing software containers because of the speed and agility they bring to the application delivery process. Plus, containers enabled…
Details
At first glance, the Watch Dogs video games seem like far-fetched fantasy, depicting a world of constant surveillance, ubiquitous hackability, and authorities eavesdropping on citizens to prevent crimes before they happen. But the more you peer beneath the covers, the more you realize how close the games are to reality and the more you see…
Details
Creating secure software and systems has never been more challenging. An explosion in the number of devices that hook into company data, coupled with increased mobility and a shift to cloud services and storage, has dramatically increased the potential attack surface of most organizations. More than 9 billion data records have been lost or stolen…
Details
Application security is in crisis. Some shocking statistics to help set the stage… The average organization has hundreds or thousands of applications spanning many millions or even billions of lines of code, the average application has 26.7 serious vulnerabilities, 82% of breaches in financial organizations are due to applications, and the average breach costs $4m.[1] With…
Details
All of our critical computing devices have a Jar Jar Binks processor. That is, they have little common sense, they’re easy to manipulate, and they’re unable to distinguish good from bad. Just like the floppy-eared version in Star Wars, Jar Jar Binks processors are well-meaning but incredibly easy to trick. This is exactly what allows…
Details