Kacy Zurkus – Page 11 – WindowsTechs.com

Are we ready to bid the SIEM farewell?

Posted on April 20, 2017 by Kacy Zurkus

At this year’s Infiltrate Security Conference in Miami, John Grigg walked the audience through a common target network where a known and commonly used SIEM had been integrated in order to show participants how to exploit onto the SIEM, find intel, and cover their tracks.

Though SIEM technologies are supposed to help secure the networks, Grigg said that they are often misconfigured, which creates more vulnerabilities.

Even though some of the legacy tools are pretty cool, Grigg said the problem is that no one really knows the platform that well. “The vendor who built it knows it from a design standpoint. Then there’s the re-selllers, the guys who install it, the internal IT guys who inherit the systems, but they tend to never really focus on it.”

To read this article in full or to leave a comment, please click here

Continue reading Are we ready to bid the SIEM farewell?→

Antivirus headaches that compromise browser security

Posted on April 6, 2017 by Kacy Zurkus

MIAMI — Google is one company that lives and dies in the web, so for many reasons, they need to care — a lot — about browser security. That was the focus of engineering lead for Chrome Security at Google, Justin Schuh’s keynote speech at this year’s Infiltrate 2017 conference.

There are three main reasons why Google needs to care. First, pretty much all of its revenue is funneled through the browser, “People need to feel that it’s reasonably safe,” Schuh said.

Securing the web browser wasn’t always a paramount concern, though, even for Google. What served as a huge wake up call for them was Operation Aurora in 2009. State-sponsored hackers broke into Google, which actually caused a significant change.

To read this article in full or to leave a comment, please click here

Continue reading Antivirus headaches that compromise browser security→

Prevent or detect? What to do about vulnerabilities

Posted on April 6, 2017 by Kacy Zurkus

Today’s CISOs are undoubtedly overwhelmed with trying to make the most informed, efficient, and economical decisions about securing the most valuable assets in the enterprise. In the days of old, those decisions were a little bit easier because investing in prevention provided decent protection.

That’s not true today, which is why Ira Winkler president of Secure Mentem and author of Advanced Persistent Security said that trying to protect against every threat is not cost efficient.

Shifting the mentality of those defenders who came to age in the world of preventative protection has been slow going. As a result, some security programs are failing, “Not because the bad guys got in, but because they got out,” Winkler said.

To read this article in full or to leave a comment, please click here

Continue reading Prevent or detect? What to do about vulnerabilities→

SDN solves a lot of network problems, but security isn’t one of them

Posted on March 27, 2017 by Kacy Zurkus

As the digital enterprise struggles to find the best security solutions to defend their ever-expanding networks, many are looking to next generation tools that offer interoperability capabilities.Software defined networking (SDN) holds lots of promi… Continue reading SDN solves a lot of network problems, but security isn’t one of them→

SDN solves a lot of network problems, but security isn’t one of them

Posted on March 27, 2017 by Kacy Zurkus

As the digital enterprise struggles to find the best security solutions to defend their ever-expanding networks, many are looking to next generation tools that offer interoperability capabilities.
Software defined networking (SDN) holds lots of pro… Continue reading SDN solves a lot of network problems, but security isn’t one of them→

Protecting the enterprise against mobile threats

Posted on March 10, 2017 by Kacy Zurkus

Mobile devices have transformed the digital enterprise allowing employees to access the information they need to be most productive from virtually anywhere. Has that convenience come at a cost to enterprise security, though?

According to Forrester’s The State of Enterprise Mobile Security: 2016 to 2017, by Chris Sherman, “Employees are going to continue to purchase and use whatever devices and apps they need to serve customers and be highly productive, whether or not these devices are company-sanctioned.”

To read this article in full or to leave a comment, please click here

Continue reading Protecting the enterprise against mobile threats→

Protecting the enterprise against mobile threats

Posted on March 10, 2017 by Kacy Zurkus

To read this article in full or to leave a comment, please click here

Continue reading Protecting the enterprise against mobile threats→

What’s the value in attack attribution?

Posted on March 8, 2017 by Kacy Zurkus

For those who pursue forensic analysis with the hope of identifying and prosecuting an attacker, they likely will find that the time spent on attack attribution is fruitless.If, however, they are looking to use what they gain through attack attribut… Continue reading What’s the value in attack attribution?→

What’s the value in attack attribution?

Posted on March 8, 2017 by Kacy Zurkus

For those who pursue forensic analysis with the hope of identifying and prosecuting an attacker, they likely will find that the time spent on attack attribution is fruitless.
If, however, they are looking to use what they gain through attack attrib… Continue reading What’s the value in attack attribution?→

Understanding the attack surface to better allocate funds

Posted on February 21, 2017 by Kacy Zurkus

In the last few years, the attack surface has changed from defending the perimeter to protecting applications in the cloud, leaving CISOs wondering how they can best allocate funds to stay ahead of attacks.

Misha Govshteyn, co-founder and CISO at Alert Logic, said, “For a long time, when people thought about defensive strategies it was about their enterprise or their perimeters, where the infrastructure ends and the outside world begins.”

According to Earl Perkins, research vice president, digital security, the IoT group at Gartner, “We now embrace multiple forms of wireless networks as an enterprise. We distribute smaller, fit-for-purpose devices that have some processor and memory function, but aren’t general-purpose platforms in the sense of traditional IT. All of these are now ingress points and vulnerable assets if they are inadequately protected.”

To read this article in full or to leave a comment, please click here

(Insider Story) Continue reading Understanding the attack surface to better allocate funds→