Tag: Controls
With the explosive growth of the Internet of Things, and the increasing threat posed by botnets that leverage IoT, more must be done to ensure IoT devices include security by design, says David Holmes, principal threat researcher at F5 Networks. The Named Data Networking project can play a critical role, Holmes says in an interview with…
Read MoreIt’s inevitable. Every organization needs externally-developed applications to some degree or another. Increasingly, these apps are web-based and accessed over the Internet. As part of a forthcoming report on protecting applications, F5 commissioned a survey with Ponemon. In it, we asked security professionals what percentage of their applications (by category) were outsourced. The top answers…
Read MoreBetteridge’s law of headlines is an adage that explains that “Any headline that ends in a question mark can be answered by the word no.”1 Back in March 2017, I asked “Will Deception as a Defense Become Mainstream?” No, deception hasn’t become mainstream yet. But, here and there, deception does poke its fingers into the…
Read MoreIt’s up to everyone — users, security pros, government — to be critical about the online information we encounter. In the weeks since indictments were handed down from the ongoing investigation into Russia’s influence over the 2016 United States election, much has come to light. A picture has emerged of a massive global effort to…
Read MoreIn part 1 of this blog series, we explored how to use delayed response and diversion as hack back tactics against attackers. Here, we up the game and explore some additional creative deception techniques. Potemkin Apps Back in 1787, the Empress Catherine II of Russia was touring the newly acquired Crimea via a barge trip…
Read MoreCertificate revocation is an important, if ill understood, part of enterprise security. In this three-part blog series, I’ll explore why we need it, how you do it, and strategies for maximizing the benefits you get for it. Certificates Everywhere The use of digital certificates is growing exponentially. In particular, the move to a fully encrypted…
Read MoreAny CISO who’s been around the block understands Erik’s words. So, let’s roll up our sleeves and get started by understanding the scope of the problem. Understand Needs The first step in any security project is to be sure you have a clear inventory of your asset and applications. Everything flows from them. For most,…
Read MoreSay you’ve got a hundred attacks coming into your organization at a given moment. Control Number One filters out 80% of threats to give us only 20 attacks to worry about. Not bad. And then Control Number Two whacks nearly a third of those. Now the total has dropped to 13. Not a great control,…
Read MoreIn my year-long research project, the F5 Labs’ 2018 Application Protection Report, I asked if security professionals used storage encryption for data and applications. About 19% of survey respondents said they didn’t do any while 39% said they used encryption most of the time and 42% said they used it some of the time. What…
Read MoreStep 3: Investigate the State of IoT Usage within Your Organization Never believe what you’ve been told or your own assumptions. You need to find out for yourself what IoT devices are already in use within your environment. It’s dangerously naïve to assume there aren’t any in place already. Just like standard IT security risk…
Read More