security « EMA Blog Community

Security in 2013: Intelligence, Integration…and the Integration of Intelligence

posted by Scott Crawford | April 5, 2013 | 0 Comments

arrows_opposite_directions_300x190px

In my last post, I talked about the frustration that enterprises have with the lack of integration among security tactics – an egregious gap attributable in no small way to the extremely fragmented nature of the IT security industry itself. I offered a few examples of approaches that seek to close these gaps and equip...

Posted in IT Management, Scott Crawford, Security Tags: Computer security, Consultants, Denial-of-service attack, General and Freelance, Intelligence, security, Security Information and Event Management, SIEM

The Leverage Attack: Do We Really Get It?

posted by Scott Crawford | February 11, 2013 | 0 Comments

Earth_Lever-300x190

“Give me a place to stand, and with a lever I will move the whole world.” –Archimedes In the wake of last week’s disclosure of an attack against Bit9, Jeremiah Grossman seems positively prescient. His New Year’s prediction about security’s immediate future was that attacks against security measures would increase. And why not? If defense...

Posted in IT Management, Scott Crawford, Security Tags: Bit9, Chief technology officer, Harry Sverdlove, Jeremiah Grossman, Malware, RSA, security, Waltham Massachusetts

Security in 2013: Intelligence, Coordination and Integration (and Will We Get There?)

posted by Scott Crawford | January 24, 2013 | 0 Comments

Binoculars-in-grass_300x190

I’ve happily managed largely to avoid getting entangled in the New Year’s ritual of security predictions, since these can, frankly, be fairly boring. But for those who expect such, here you go: Attackers will continue to succeed. Determined adversaries will become even more so. Moving one set of playing pieces does not alter the objectives...

Posted in IT Management, Scott Crawford, Security Tags: Big data, Business, Data center, Jeremiah Grossman, RSA, security, Wiktionary

Thoma Bravo acquires Blue Coat: Initial Thoughts

posted by Scott Crawford | December 9, 2011 | 0 Comments

BCsq_logo-300x300

Read the press release here. In security, the private equity firm is establishing an increasingly provocative portfolio of solutions. Some have a primary focus on security, such as SonicWALL and Entrust. Others, however, offer benefits in the optimization of IT beyond security. Some recent examples: Tripwire NetIQ LANdesk In these cases, security is either an...

Posted in IT Management, Scott Crawford Tags: Blue Coat Systems, security, Thoma Bravo

The Rise of Data-Driven Security, Part 5: Synthesis Platforms

posted by Scott Crawford | April 1, 2011 | 0 Comments

Data driven security graphic

(Ed. note: After too long a hiatus, I wanted to round out this series that began here and continued here, here and here. This will certainly not be the end of my coverage of data-driven security, however. Keep an eye on this blog as the field continues to unfold.) In this series, I’ve described three...

Posted in IT Management, Scott Crawford, Security Tags: NetWitness, Network security, security

RSA SecurID Breach Update: (Some) Additional Info Provided to Customers

posted by Scott Crawford | March 22, 2011 | 0 Comments

A short while ago, RSA released an additional customer advisory (customer login required) regarding the breach of SecurID information disclosed last Thursday. In my updated initial take on the breach, I noted that: To date, RSA has disclosed no detail about exactly what was compromised or how, leaving customers with no actionable information regarding their...

Posted in Scott Crawford Tags: RSA, SecurID, security

Toward CNS: Converged Network Security systems

posted by Scott Crawford | January 31, 2011 | 0 Comments

Lock background

In my ongoing series of posts on data-driven security, I noted the rise of defense tactics that seem to point the way toward reliance more on continuous, dynamic data sources than on intermittent feeds of data such as signature updates. One advantage of such an approach would be to make defense more responsive to new...

Posted in Scott Crawford Tags: Network security, security

The Rise of Data-Driven Security, Part 2: Data Sources and Emerging Data Markets

posted by Scott Crawford | January 14, 2011 | 0 Comments

Data driven security graphic

In my last post, the first in this series, I talked about how recent vendor trends highlight the rise of data-driven tactics for defense. This is just one of three major aspects of data-driven security becoming more prominent in products and services. To recap, those three aspects are: Data-driven tactics which differ from legacy security...

Posted in Scott Crawford Tags: Data security, security

Security in the Era of Big Data

posted by Scott Crawford | December 17, 2010 | 0 Comments

A lot of ink (digital and otherwise) has been spilled over Wikileaks this year, but there is one central aspect of the recent “cablegate” case that I wonder if we really get in infosec: Simply put, information has gotten huge – and this doesn’t just mean the content we must protect. The sheer volume of...

Posted in Scott Crawford Tags: BI, Intelligence, security, Wikileaks

Security, Visibility, Privacy: Pick Any Two?

posted by Scott Crawford | November 22, 2010 | 0 Comments

eye-magnifying-glass-iStock_000003249646XSmall-150x150

Is it possible to have security and privacy? The question has been brought to a head recently, with the intense backlash to the US Transportation Security Administration’s more assertive passenger security checks – a reaction that seems likely to become only more heated with the coming of the busy holiday travel season. The issue for...

Posted in Cloud Computing Tags: cloud computing, Privacy, Risk management, security