Is Threat Intelligence a Misnomer?
The bulk of what passes for “threat intelligence” is just ephemeral data, frequently changed by hackers, and only useful on short-lived blacklists. To improve their cybersecurity, organizations need to raise their “threat IQ”. The security ecosystem of vendors and… Continue reading
Speaking at the Threat Intelligence Summit 2015
MISTI’s Threat Intelligence Summit 2015 is coming to Orlando September 29-30, and I’ll be speaking there on:
___
Separating Threat Intelligence from FUD: An Enterprise Approach
A breach here, an NSA expose there – cybersecurity’s constantly in the news. Fear,… Continue reading
How Mature are your Enterprise Security Data Sharing Practices?
Last month I wrote about attending a Department of Homeland Security (DHS) conference on its effort to create a new wave of Information Sharing Analysis Organizations (ISAOs). Along with many in the industry, I believe the future of cybersecurity… Continue reading
FEDs 30-Day Sprint is Just the First Step off the Blocks
In the wake of the OPM hack, Federal CIO Tony Scott launched a government-wide cybersecurity Sprint on June 12, giving agencies 30 days to shore up their systems.
The audience for the sprint announcement was clearly the media.… Continue reading
Regaining the Defensive Advantage in Cybersecurity
Disease may be the best metaphor for our cybersecurity status, and Security Architects Partners has recorded a webinar diagnosing possible cures. With some special guests, we covered core prevention mechanisms, smart deception techniques to turn the tables… Continue reading
Questions to Ask Your Cyber-Insurance Provider
The breach problem has increased and cyber insurance is on the radar screen for many CEOs. The U.S. Congress is likely to create supportive legislation for cyber-insurance as a vehicle for improved security data sharing and a market-based solution … Continue reading
Security Researcher Allegedly Hacks Into Commercial Passenger Airplane Flight Systems
According to the FBI, a security researcher may have hacked into commercial airplane flight systems from poorly-designed and poorly protected inflight entertainment systems (IFEs). If even the high-flying airline industry can’t protect its critical systems, what does that say… Continue reading
It Takes a Network to Fight Networks
At the RSA pre-conference Cloud Security Alliance (CSA) Summit both Philippe Courtot (CEO, Qualys) and Marc Goodman (Author, “Future Crimes”) highlighted the need for a paradigm shift in how enterprises and societies address cloud security.
Courtot finds… Continue reading
Is Security Architecture Failing?
“One of the discussions that never happen in relationship to the numerous successful hacks is: What was the security architecture? Security architecture – or any architecture for that matter – is the foundation upon which we should secure and protect… Continue reading
A Two Factor Authentication Makeover for your Protection
Cybercrime. SpyEye. Zeus. Anonymous. APT1. PRISM. Bullrun. Hackers of every sort are everywhere. As I wrote in “TrustNo One Device (Part 2)” and “Direct Memory Access (Again)” you have no assurance your device isn’t … Continue reading