Tag: CISO
Threat intelligence is mainstreaming into a de-facto everyday tool of cyber-defense. But all that intelligence must be collected, analyzed, and prepared by someone. Enter threat researchers, the advanced scouts of cybersecurity. They are becoming more numerous and conspicuous as more intelligence on illicit hacker activity is demanded. Threat researchers trawl through the dark web, pick…
Read MoreEver wonder what security professionals see as their main barrier to achieving a strong application security posture? We wondered that, too, so we asked them. As part of F5 Labs’ first annual Application Protection Report, F5, in conjunction with Ponemon Institute, surveyed security professionals on a slew of security-related topics. In answer to this particular…
Read MoreBetteridge’s law of headlines is an adage that explains that “Any headline that ends in a question mark can be answered by the word no.”1 Back in March 2017, I asked “Will Deception as a Defense Become Mainstream?” No, deception hasn’t become mainstream yet. But, here and there, deception does poke its fingers into the…
Read MoreWith each entity, process or service that moves from the physical world into cyberspace, there is a corresponding transformation to the threat landscape. Digital transformation doesn’t just change the business model or the supply chain dynamic. It also introduces significant new threats that go beyond monitoring web traffic and securing networks. Those threats take a variety…
Read MoreIt’s up to everyone — users, security pros, government — to be critical about the online information we encounter. In the weeks since indictments were handed down from the ongoing investigation into Russia’s influence over the 2016 United States election, much has come to light. A picture has emerged of a massive global effort to…
Read MoreIn part 1 of this blog series, we explored how to use delayed response and diversion as hack back tactics against attackers. Here, we up the game and explore some additional creative deception techniques. Potemkin Apps Back in 1787, the Empress Catherine II of Russia was touring the newly acquired Crimea via a barge trip…
Read MoreIf you think everything’s gone cyber now, just wait. “Digital transformation” is shifting all aspects of modern life — think automated grocery stores, driverless cars and trucks, even our social lives — and it all brings new forms of risk. Consequently, security is becoming one of the top fields in the world. But it’s not…
Read MoreEvery CISO dreams of the unhackable computer. A common method of bullet-proofing a system is to disconnect it from the outside world.1 No Internet. No wireless. No modem. Then you surround the computer with guards and gates. This is called an air-gapped system and it is supposedly hack-proof. In reality, it’s not. In 2010, the…
Read MoreCertificate revocation is an important, if ill understood, part of enterprise security. In this three-part blog series, I’ll explore why we need it, how you do it, and strategies for maximizing the benefits you get for it. Certificates Everywhere The use of digital certificates is growing exponentially. In particular, the move to a fully encrypted…
Read MoreAny CISO who’s been around the block understands Erik’s words. So, let’s roll up our sleeves and get started by understanding the scope of the problem. Understand Needs The first step in any security project is to be sure you have a clear inventory of your asset and applications. Everything flows from them. For most,…
Read More