Mitigate Common Attack Paths at the Core
Last week I wrote that encryption probably wouldn’t have prevented the Anthem breach. The details of that attack haven’t been released, but I found some CSO Online’s analysis that pieces together how it may have… Continue reading
Pressures and Pitfalls for Early Disclosure in the Wake of the Anthem Breach
As the investigation continues into yesterday’s announcement of the #AnthemHack, Security Architects Partners will be monitoring to see what it portends for early breach notification. By disclosing early, Anthem broke the typical mold of companies waiting to complete a full… Continue reading
Je suis Charlie – In Cyberspace
Sony of cyberattack fame is not French, nor as sympathetic as Charlie Hebdo and didn’t suffer a loss of human life in its (latest) breach. Otherwise, “Je suis Sony” might have rhymed just as well as #jesuischarlie.
Turkish Pipeline Attack – The Hour is Later Than You Think
The alleged attack on the Baku-Tbilisi-Ceyhan (BTC) pipeline has it all: geopolitical and ethnic conflict, potential nation state or terrorist involvement, environmental and economic disaster potential. Is is said to be comparable in destructive effect to Shamoon… Continue reading
The Sandbox Wars, They Have Begun
Since writing “What’s in the Sandbox?” I’ve been waiting for the sandbox shootout: “Zscaler vs FireEye – Insights from the experts at Miercom Labs.” Now its here: According to Miercom Zscaler is… Continue reading
Beyond SWGs (Part 3): What’s in the Sandbox?
Anti-malware sandboxes have emerged as a key defensive weapon in cybersecurity. But what are they? In general, they’re appliance- or cloud-based services that capture an executable document, file or script and “detonate” the object in a virtual machine or emulator.… Continue reading
Beyond SWGs (Part 1): Cybersecurity in the Cloud
Enterprises have long relied on secure web gateway (SWG) appliances to enforce appropriate use policies and protect staff and their endpoints from malware. In recent years, however, the SWG market has struggled to cope with cybersecurity issues cloud computing and… Continue reading
Cyber-Insurance: A Market-Based Approach to Risk Management
Cyber-insurance has never taken off in the industry. But that may be about to change with recent announcements from a major underwriter that a larger pool of policies, and larger policies, than were provided in the past are now going… Continue reading
Industrial Control Systems (ICS) ISAC Vision for Security Information Sharing
At first, the Industrial Control System Information Security and Analysis Center (ICS-ISAC) was just a notion Chris Blask got in 2006 that ICS facilities needed situational awareness of computerized systems at the facility level, and that better regional,… Continue reading
My Heartbleed Resources
It’s gotten so that a couple times a day I see a new Heartbleed checker tool or list. I decided to separate a quick, running summary of these resources from my Heartbleed impact assessment blog post. The resources below… Continue reading