The Limits of Packet Capture


In preparation for my new 'Achieving Hi-Fidelity Security' research project, I thought I would post a relevant blog I wrote for InformationSecurityBuzz.com. I have packet capture data for forensics, isn’t that enough? No! Of late, I have briefed with a number of companies that provide full network packet capture capabilities.  They tout its benefits and that [...]



Vectra Provides Pervasive Visibility & Analysis to Detect Cyber Attacks


Though cyber attacks have been around for years, in 2014 there was an explosion in the volume of attacks and a marked increase in the losses and damages they inflicted. In 2015, this does not seem to be lightening up. In February, Anthem health care insurers were compromised, putting 80 million current and former customers [...]



By | April 9th, 2015|APT, Malware, Persistent Threat, Security, Uncategorized|0 Comments

Leveraging User Activity Monitoring to Protect Information and Employees from Cyber Threats


Historically, many organizations and personnel have been concerned about user activity monitoring (UAM). Certain business cultures feel that these activities are an invasion of privacy or are distrustful. However, in today’s Internet connected, data driven world, having specific information or data means the difference in being a market leader and being out of business. Identifying [...]



By | March 4th, 2015|Malware, Persistent Threat, Security|0 Comments

PFP CyberSecurity Breaks on to the Scene to Identify Malware at the Chip Level.


A few weeks ago, I briefed with a new company called PFP Cybersecurity, also known as Power Fingerprinting, Inc., and was so intrigued by the concept alone that I wrote a Vendor to Watch about them. They officially launched on January 26, and currently their claim to fame is their physics-based scanning technology which monitors [...]



By | March 2nd, 2015|APT, Malware, Persistent Threat, Security|0 Comments

Leveraging Security Policy Orchestration to “Bake Security in” to SDDC Environments


I have a new guest blog just posted at for Tufin around Security Policy Orchestration.  You can check it out here. It discusses the benefits to using Security Policy Orchestration when defining software-defined data centers (SDDCs).  By supporting a centralized security policy across physical and virtual networks via a single interface. Security  change management provides many benefits including: Application [...]



By | January 27th, 2015|Security, Virtualization|0 Comments

Allgress Insight Risk Management Suite Brings Flexibility and Functionality to IT-GRC


When I started out in security, only very large organizations with a mature set of business processes dared to talk about implementing some form of governance, risk, and compliance (GRC) or enterprise program (e-GRC). They generally did it in an attempt to get ISO or similar certification, or to "move their programs to the next [...]



By | December 19th, 2014|Uncategorized|0 Comments

Is EMV an Expensive Security Misstep for the Payments Industry?


There is no disagreement that the current mag-stripe technology used in the USA and other countries outside of the EU is antiquated and lends itself to fraud. The data is easily copied using various methods from manual card data copying and shoulder surfing, to database compromise and POS terminal malware.  Cards can be reproduced with [...]



By | December 5th, 2014|Uncategorized|0 Comments

Cloud Security Alliance Hack-A-Thon and the Software Defined Perimeter


The Cloud Security Alliance (CSA) is a not-for-profit think tank of volunteers that spend their time trying to better the internet. These people are the antithesis of cybercriminals; they spend their energy trying to figure out ways to make our data safer. They create best practices for providing security assurance within cloud computing, or in [...]



By | November 7th, 2014|Cloud Computing, Security|0 Comments

Damballa and Bit9 + Carbon Black Collaborate to Deliver Better Security with More Context


  In looking at the solutions available for threat protection (and detection), there are quite a few options out there. Some, like Damballa Failsafe, are network-based, vigilantly watching packets across the network and looking for indications of undesirable activities/behaviors and content.  Others are host-based, like Bit9 + Carbon Black, using an agent on the endpoint, [...]



By | October 28th, 2014|Data Sharing, Security|0 Comments
Load More Posts