IoT Enterprise Risk Report


ForeScout recently released an IoT Enterprise Risk Report based on research from ethical hacker Samy Kamkar. Based on Kamkar’s findings, the report on IoT security issues could readily be renamed something like, “IoT: the bane of the enterprise environment,” or “IoT brings new meaning to the term ‘Enterprise Risk’.” The report discusses a significant number of negative findings [...]



By | December 19th, 2016|APT, Internet of Things, IoT, Malware, Persistent Threat, Security|0 Comments

Allgress Insight Risk Management Suite Brings Flexibility and Functionality to IT-GRC


When I started out in security, only very large organizations with a mature set of business processes dared to talk about implementing some form of governance, risk, and compliance (GRC) or enterprise program (e-GRC). They generally did it in an attempt to get ISO or similar certification, or to "move their programs to the next [...]



By | December 19th, 2014|Uncategorized|0 Comments

Dell SecureWorks and Risk I/O team up to deliver a better kind of Vulnerability Management


On April 23rd, 2014 Dell announced its new Vulnerability Threat Monitoring and Prioritization service delivered through the SecureWorks Counter Threat Platform.  This managed service was created to expand the current Vulnerability Management offerings and increase customer value by creating the ability for customers to integrate their own vulnerability management systems.  With the additional context provided [...]



By | April 29th, 2014|Security|0 Comments

Blog Series: The Rise of Data-Driven Security


(Update: My research report on this topic is now in the EMA library. For further updates on the trend, check out my other posts on data-driven security before and since.) IT security has long been hamstrung by obstacles unknown to many other aspects of the enterprise. Businesses may be able to measure their performance through [...]



By | May 4th, 2011|Security|1 Comment

The Rise of Data-Driven Security, Part 4: The Case for the Fourth Paradigm


When I first cut my teeth in IT security some years ago, I was a systems administrator for a division of the University Corporation for Atmospheric Research, the parent of the National Center for Atmospheric Research here in Boulder. UCAR/NCAR is what Gordon Bell calls a “data place” – an organization whose mission in part [...]



By | January 27th, 2011|Security|1 Comment

The Rise of Data-Driven Security, Part 3: Security Management and Strategy


In the first two installments in this series, I looked at the rise of Tactical security defenses that are becoming more directly reliant on dynamic data feeds Data sources and emerging data markets to serve both security tactics and security intelligence In this post, I’ll look at the third aspect of data-driven security emerging today, and [...]



By | January 19th, 2011|Security|1 Comment

The Rise of Data-Driven Security, Part 2: Data Sources and Emerging Data Markets


In my last post, the first in this series, I talked about how recent vendor trends highlight the rise of data-driven tactics for defense. This is just one of three major aspects of data-driven security becoming more prominent in products and services. To recap, those three aspects are: Data-driven tactics which differ from legacy security [...]



By | January 14th, 2011|Security|0 Comments

Security, Visibility, Privacy: Pick Any Two?


Is it possible to have security and privacy? The question has been brought to a head recently, with the intense backlash to the US Transportation Security Administration’s more assertive passenger security checks – a reaction that seems likely to become only more heated with the coming of the busy holiday travel season. The issue for [...]



By | November 22nd, 2010|Security|0 Comments
Load More Posts