Je suis Charlie – In Cyberspace
Sony of cyberattack fame is not French, nor as sympathetic as Charlie Hebdo and didn’t suffer a loss of human life in its (latest) breach. Otherwise, “Je suis Sony” might have rhymed just as well as #jesuischarlie.
Turkish Pipeline Attack – The Hour is Later Than You Think
The alleged attack on the Baku-Tbilisi-Ceyhan (BTC) pipeline has it all: geopolitical and ethnic conflict, potential nation state or terrorist involvement, environmental and economic disaster potential. Is is said to be comparable in destructive effect to Shamoon… Continue reading
The Sandbox Wars, They Have Begun
Since writing “What’s in the Sandbox?” I’ve been waiting for the sandbox shootout: “Zscaler vs FireEye – Insights from the experts at Miercom Labs.” Now its here: According to Miercom Zscaler is… Continue reading
Beyond SWGs (Part 3): What’s in the Sandbox?
Anti-malware sandboxes have emerged as a key defensive weapon in cybersecurity. But what are they? In general, they’re appliance- or cloud-based services that capture an executable document, file or script and “detonate” the object in a virtual machine or emulator.… Continue reading
Beyond SWGs (Part 1): Cybersecurity in the Cloud
Enterprises have long relied on secure web gateway (SWG) appliances to enforce appropriate use policies and protect staff and their endpoints from malware. In recent years, however, the SWG market has struggled to cope with cybersecurity issues cloud computing and… Continue reading
Cyber-Insurance: A Market-Based Approach to Risk Management
Cyber-insurance has never taken off in the industry. But that may be about to change with recent announcements from a major underwriter that a larger pool of policies, and larger policies, than were provided in the past are now going… Continue reading
Industrial Control Systems (ICS) ISAC Vision for Security Information Sharing
At first, the Industrial Control System Information Security and Analysis Center (ICS-ISAC) was just a notion Chris Blask got in 2006 that ICS facilities needed situational awareness of computerized systems at the facility level, and that better regional,… Continue reading
My Heartbleed Resources
It’s gotten so that a couple times a day I see a new Heartbleed checker tool or list. I decided to separate a quick, running summary of these resources from my Heartbleed impact assessment blog post. The resources below… Continue reading
Net Quake: What to do about Heartbleed?
From Schneier on Security: “Heartbleed is a catastrophic bug in OpenSSL: ‘The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.… Continue reading
Security Monitoring of FireEye Off-Target During 2013’s Big Retail Breach
Two week’s ago, Bloomberg Businessweek broke this news:
“The biggest retail hack in U.S. history wasn’t particularly inventive…It’s a measure of …how conventional the hackers’ approach [was] that Target was prepared for such an attack…As they uploaded exfiltration… Continue reading