SHARED INTEL: New book on cyber warfare foreshadows attacks on elections, remote workers

It’s difficult to convey the scope and scale of cyber attacks that take place on a daily basis, much less connect the dots between them.
Related: The Golden Age of cyber spying
A new book by Dr. Chase Cunningham —  … (more…… Continue reading SHARED INTEL: New book on cyber warfare foreshadows attacks on elections, remote workers

NEW TECH: Why it makes more sense for ‘PAM’ tools to manage ‘Activities,’ instead of ‘Access’

Privileged Access Management (PAM) arose some 15 years ago as an approach to restricting  access to sensitive systems inside of a corporate network.
Related: Active Directory holds ‘keys to the kingdom’
The basic idea was to make sure … Continue reading NEW TECH: Why it makes more sense for ‘PAM’ tools to manage ‘Activities,’ instead of ‘Access’

SHARED INTEL: Study shows mismanagement of ‘machine identities’ triggers $52 billion in losses

In one sense, digital transformation is all about machines.
Related: Authenticating IoT devices
Physical machines, like driverless vehicles and smart buildings; but, even more so, virtual machines. I’m referring to the snippets of “microser… Continue reading SHARED INTEL: Study shows mismanagement of ‘machine identities’ triggers $52 billion in losses

STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules

We’ve come to rely on our smartphones to live out our digital lives, both professionally and personally.
When it comes to securing mobile computing devices, the big challenge businesses have long grappled with is how to protect company assets whi… Continue reading STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules

SHARED INTEL: How attacks on web, mobile apps are being fueled by rising API vulnerabilities

Application programming interface. API. It’s the glue holding digital transformation together.
Related: A primer on ‘credential stuffing’
APIs are the conduits for moving data to-and-fro in our digitally transformed world. APIs are li… Continue reading SHARED INTEL: How attacks on web, mobile apps are being fueled by rising API vulnerabilities

BEST PRACTICES: Mock attacks help local agencies, schools prepare for targeted cyber scams

Cyber criminals who specialize in plundering local governments and school districts are in their heyday.
Related: How ransomware became a scourge
Ransomware attacks and email fraud have spiked to record levels across the U.S. in each of the past &#8230… Continue reading BEST PRACTICES: Mock attacks help local agencies, schools prepare for targeted cyber scams

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

Deploying the latest, greatest detection technology to deter stealthy network intruders will take companies only so far.
Related: What we’ve learned from the massive breach of Capitol One
At RSA 2020, I learned about how one of the routine &#8230… Continue reading BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

NEW TECH: Security Compass streamlines the insertion of security best practices into DevOps

DevOps is now table stakes for any company hoping to stay competitive. Speed and agility is the name of the game. And everyone’s all-in.
Related: A firewall for microservices
DevSecOps arose to insert security checks and balances into DevOps, aim… Continue reading NEW TECH: Security Compass streamlines the insertion of security best practices into DevOps

Q&A: Accedian’s Michael Rezek on using ‘Network Traffic Analysis’ to defend hybrid networks

Defending business networks isn’t getting any easier. Companies can have the latest, greatest perimeter defenses, intrusion detection systems and endpoint protections – and attackers will still get through. Just ask Equifax or Capital One.
Continue reading Q&A: Accedian’s Michael Rezek on using ‘Network Traffic Analysis’ to defend hybrid networks

NEW TECH: QuoLab advances ‘Security Operations Platform’ — SOP — technology

Defending enterprise networks has become a convoluted challenge, one that is only getting more byzantine by the day.
I’ve written about the how SIEMs ingest log and event data from all across hybrid networks, and about how UEBA and SOAR… (m… Continue reading NEW TECH: QuoLab advances ‘Security Operations Platform’ — SOP — technology