Encryption Probably Wouldn’t Have Prevented the Anthem Breach
Anthem’s announcement of a breach to 80 million customer medical identity records in early February motivates an update to my After the Breach series and my 10-year U.S. breach table. The series is also morphing into… Continue reading
The Sandbox Wars, They Have Begun
Since writing “What’s in the Sandbox?” I’ve been waiting for the sandbox shootout: “Zscaler vs FireEye – Insights from the experts at Miercom Labs.” Now its here: According to Miercom Zscaler is… Continue reading
Security Monitoring of FireEye Off-Target During 2013’s Big Retail Breach
Two week’s ago, Bloomberg Businessweek broke this news:
“The biggest retail hack in U.S. history wasn’t particularly inventive…It’s a measure of …how conventional the hackers’ approach [was] that Target was prepared for such an attack…As they uploaded exfiltration… Continue reading
Towards Practical Recipes for Active Defense
What I call the militarization of security has raised the bar for defenders. For the last few years I’ve been telling clients to “assume your enterprise is already compromised,” especially if its in government, financial services, high technology, media or… Continue reading
Trust No One (Device)
In the age of the advanced persistent threat (APT) – a euphemism for China, the NSA, cybercrime Mafia groups or your bogeyman of choice – security pros are telling enterprise customers to “Assume you’re already compromised.” I’m in… Continue reading