Dealing with the Security Vendor Merry-Go-Round

I had the opportunity to listen to a number of security vendors pitch their stuff and some of the recent Merry-Go-Round sounds pretty impressive until you start digging into it. Here are a few of the stories with names and specifics redacted to protect the innocent. Vendor One This provider of security stuff energized their

Artificial Intelligence – Cybersecurity’s Future

There was some controversy emerging from the most recent RSA conference when the CTO of RSA – Zulfikar Ramzan – was quoted saying “I think it (the technology of machine learning) moves the needle,” he said on Wednesday. “The real open question to me is how much has that needle actually moved in practice?” What

The Changing Nature of SOCs

Security Operations Centers (SOCs) are largely confined to use by big businesses and governments, especially large federal governments and large enterprises among the global 1,000. Unfortunately, the resources – and available security talent – that are common among global 1,000 and large federal governments are not common among local governments, small businesses, and most healthcare

Security’s Universal Truths

Security’s Universal Truths There are several universal truths about security, including: There are no silver bullets There is no perimeter There is no security, only degrees of risk If you turn off the power, you might have no risk, and even then I’m not sure Security is not secrecy Silver Bullets and the Long Ranger

The Digital Transformation of Security

The digital transformation of security is underway: are you prepared for it? Our security practices of have grown up and around the combination of procedures/technologies tools that we use to implement it. We are very proud of our defense in depth security approaches. We revel in their coverage and speak of their architectures. The only

Blockchain Disrupts Everything :-)

I saw a story the other day about how Blockchain technology is disrupting everything, as in present-tense, happening today, the world is being disrupted. The author goes on to cite voting, finance, music, ownership and counterfeiting. Not exactly everything, and not exactly present tense either. Another one from Forbes says Blockchain startups are disrupting the

Security and Merlin’s Magic Wands

Wish you had a magic wand that could just make things right? We all have this fantasy at some time or another. But, work and life are about determination, persistence, teamwork and smart decisions, and not just the magic wand theory of life. It requires some level of effort and head scratching, and like an

Why Managing Risk Does Not Compute

One of the disciplines for information security is risk management. Managing the risk of using IT is after all, what it’s all about when it comes to digital security, or so they say. For example, when faced with the alternative of not closing a deal before the end of quarter versus closing it, what do

What’s Behind the Microsoft Linkedin Linkup

Microsoft announced it intends to acquire Linkedin – the premier business social network – in an all-cash deal for the sum of $26 billion on June 13, 2016. The acquisition announcement set off a firestorm of controversy about the deal ranging from utter bewilderment and outright rejection, to admiration for its chutzpah and vision. We’re

Vendor Integration and Risk Management – Two

Vendor integration and management is posing growing demand on IT for its own needs, and those of multiple business line constituents. In this part two, we look at some of the common procedures being used to implement successful vendor integration and risk management efforts. More mature organizations collecting information related to business value and business

Vendor Integration and Risk Management – One

Vendor integration and risk management is a growing demand on IT that is taking more time and effort to do at all, never mind do it right. IT has traditionally ignored the necessary resources, time, and attention to vendor integration and risk management programs. For some enterprises integration and management of vendors is ignored while

Intrusion Deception and the New Rapid Detection and Response

The new kid on the block is Intrusion deception, the virtual version of the old physical honeypots. The new intrusion deception catches attacks from cyber-attackers because they are only seen by attackers – internal or external – who then touch virtual decoys such as looking PCs, Mobile phones, servers, network equipment and anything else connected

Security’s Next Generation

We keep hearing about Nex-Gen Firewalls, and for the vendors of firewalls it is next generation to add web-application filtering and other tricks to their network access rules. But this stuff isn’t really next generation from a technology perspective: it’s next generation from the perspective of integrating existing technologies. Security’s first generation used simple blacklisting

Security and the IoT

We implement security because it is our way of managing risk. We could transfer the business risk of using IT to an insurance policy, and often we use this as a backstop for egregious potential loss. We could stop doing what we do: but its pretty unlikely we’ll stop using IT. Alternatively we could ignore

Microsoft and Market Dominance

Seventeen months after announcing that it would do so, Microsoft formally ended technical support and security updates for Internet Explorer versions 7, 8, 9 and 10 on most operating systems. Some see this as the end of an era while others see it as a potent of potential risk for web users and companies still

The Time to Act Has Come

The recent attacks in Paris on French soil, claimed by the terrorist organizers called ISIL, is an act of war on all free people everywhere. It follows the bombing of a Russian commercial airliner a few weeks earlier, and years of terrorizing civil people and governments of the Levant and beyond. The time to act

The New Analytics

The new analytics are already in play, and are about the become a more critical part of our lives in the future. They can be seen in use with Siri, Cortana and “Hey Google” through your phone. The new analytics are also being used with sales offers using new mass personalization applications, by healthcare providers

Google, Android and Stage Freight

Do you have Stage Freight?  No, not the kind of stage freight fear and anxiety that occurs when you have to deliver a speech or pose for the camera. This Stage Freight is a bug in the Android operating system powering the vast majority of mobile phones and tablets now on the market. This vulnerability

IoT Market Leaders and Laggards

Depending on who you talk with, the Internet of Things (IoT) is everything from the next big change that’s going to revolutionize entire industries to an interesting tech-led fueled publicity feeding frenzy. If you look behind the scenes there are some rather interesting pictures that are emerging of industries, products and breakout opportunities. FitBit Activity

Microsoft’s Big Mobile Gamble

Microsoft is – quietly and not so quietly – gambling big on mobile. The company loudly bet big when it acquired Nokia for $7.2 billion in 2014. In the year since the acquisition, the company has figured out that it’s route to market is not going to be as a manufacturer of handsets competing with

Featured Research

Spend on Security

Is your organization underspending on information security? If you’re like most, spending on information security lags far behind other priorities. Only during the past few years has spend on information security started to increase, but it still lags behind. In this Research Report, Wellington summarizes findings from research conducted with thousands of organizations to highlight

The Wizards of Tech

Find out how the unspoken issues of culture, incentives, business strategy, and people impact your life, and the utility of the technology products and services you rely on to operate your business. Download the full report – The Wizards of Tech – today!