IoT Enterprise Risk Report


ForeScout recently released an IoT Enterprise Risk Report based on research from ethical hacker Samy Kamkar. Based on Kamkar’s findings, the report on IoT security issues could readily be renamed something like, “IoT: the bane of the enterprise environment,” or “IoT brings new meaning to the term ‘Enterprise Risk’.” The report discusses a significant number of negative findings [...]



By | December 19th, 2016|APT, Internet of Things, IoT, Malware, Persistent Threat, Security|0 Comments

Gaining Data Control with BYOD and Bluebox


What’s the issue with BYOD? Data Control… What’s the issue with Data Sharing? Data Control! Let’s face it, though it took an evolution of about 15 years, industry figured out that Data Management and Control are the underlying security issues.  Data is power, knowledge, money, control.  If you have it you’re in control.  If you [...]



By | April 22nd, 2014|BYOD, Cloud Computing, Data Sharing, Security|0 Comments

CA Analyst Symposium- CA is Changing


I had an interesting experience a few weeks ago.  I went to NYC to brief with CA Technologies.  I spent a full day speaking in group sessions with some of its top executives including CEO, Mike Gregoire, EVP Technology and Development, Peter Griffiths, EVP Strategy and Corporate Development Jacob Lamm, as well as a 1 [...]



By | March 3rd, 2014|Security|0 Comments

Thoma Bravo acquires Blue Coat: Initial Thoughts


Read the press release here. In security, the private equity firm is establishing an increasingly provocative portfolio of solutions. Some have a primary focus on security, such as SonicWALL and Entrust. Others, however, offer benefits in the optimization of IT beyond security. Some recent examples: Tripwire NetIQ LANdesk In these cases, security is either an [...]



By | December 9th, 2011|Security|2 Comments

Security in the Era of Big Data


A lot of ink (digital and otherwise) has been spilled over Wikileaks this year, but there is one central aspect of the recent "cablegate" case that I wonder if we really get in infosec: Simply put, information has gotten huge - and this doesn't just mean the content we must protect. The sheer volume of [...]



By | December 16th, 2010|Security|1 Comment

Security, Visibility, Privacy: Pick Any Two?


Is it possible to have security and privacy? The question has been brought to a head recently, with the intense backlash to the US Transportation Security Administration’s more assertive passenger security checks – a reaction that seems likely to become only more heated with the coming of the busy holiday travel season. The issue for [...]



By | November 22nd, 2010|Security|0 Comments

Verizon Publishes its VERIS Community Application


The Verizon RISK team have just published their VERIS community application. Structured on the VERIS (Verizon Enterprise Risk and Incident Sharing) framework, this application is a tool they have made available to extend to anyone the ability to contribute information on data breach incidents, to enrich the already considerable body of breach data Verizon has [...]



By | November 11th, 2010|Security|0 Comments

A New Security Paradigm: HCIA


(Ed. Note: I've updated this post to incorporate some great feedback I've gotten on it already. I may well do so again to keep it fresh, as I expect to refer to this concept a lot...) In a recent post, I talked about the security value of IT management disciplines such as configuration and change [...]



By | November 10th, 2010|Security|0 Comments
Load More Posts