Tag: Threat Modeling
With the explosive growth of the Internet of Things, and the increasing threat posed by botnets that leverage IoT, more must be done to ensure IoT devices include security by design, says David Holmes, principal threat researcher at F5 Networks. The Named Data Networking project can play a critical role, Holmes says in an interview with…
Read MoreIt’s inevitable. Every organization needs externally-developed applications to some degree or another. Increasingly, these apps are web-based and accessed over the Internet. As part of a forthcoming report on protecting applications, F5 commissioned a survey with Ponemon. In it, we asked security professionals what percentage of their applications (by category) were outsourced. The top answers…
Read MoreTeam leader, network administrator, data miner, money specialist. These are just some of the roles making a difference at today’s enterprises. The same is also true for sophisticated cyber-gangs. Many still wrongly believe that the dark web is exclusively inhabited by hoodie-clad teenagers and legions of disaffected disruptors. The truth is, the average hacker is…
Read MoreThen there are the technical questions that need to be answered. What data will be captured, shared, and processed? What mobile platforms will the app run on? What server-side platforms will it need to talk to? Internal platforms? Third-party services? You also need to dig into the questions of expectations and dependencies. How important will…
Read MoreIn part one, we laid out how we should react when our organization tells us they want to roll out a mobile app. Short answer: don’t say no, but instead ask lots of questions. After that, we built a threat model that includes the mobile-specific twists on traditional IT security problems. Using this model, we…
Read MoreWhat Is MITRE ATT&CK®? MITRE ATT&CK is a documented collection of information about the malicious behaviors advanced persistent threat (APT) groups have used at various stages in real-world cyberattacks. ATT&CK, which stands for Adversarial Tactics, Techniques, and Common Knowledge, includes detailed descriptions of these groups’ observed tactics (the technical objectives they’re trying to achieve), techniques…
Read MoreRecent Posts
- GitHub, Telegram Bots, and QR Codes Abused in New Wave of Phishing Attacks
- IoT Security In The C-3PO Age Will Be A Bit Different: Analysis
- Data Analytics, Cybersecurity ‘Hot Space’ For Deals For ‘Foreseeable Future’: Expert
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers
- CISA: Hackers abuse F5 BIG-IP cookies to map network devices