Security’s Insecurity Problems

Security has insecurity problems. Do you know what they are? The problems are related to what our five senses do and all these offer. They are related to physical sensors designed and used by people and all these deliver. It’s problems are related to neurons and synapses and all they convey. And security’s insecurity problems

Will Enterprise IT Security Ever Converge?

Will the current state of enterprise IT security every converge? And if it does, should it? The funding, direction and delivery of enterprise IT security is currently split between different departments. And, what’s interesting to note is that this splitting of the IT security function is expressly established by design among most enterprises. The three

GDPR – It’s About the Data, Stupid

Observers not familiar with the practice of security often look perplexed when you tell them that – with the exception of data protected in transit for use with web applications and virtual private networking – most data stored and accessed via applications on-premises or via hybrid, private and public Cloud applications, is unprotected. But in

Is SIEM Dead – Or Is SIEM Transforming?

Is SIEM dead? Or is SIEM transforming? For those not familiar with it, SIEM is a combination of security event management (SEM) and security information management (SIM). SEM.  The SEM part of SIEM is focused on quasi real-time monitoring and correlation of security-relevant events and alerting and notification necessary to warn human operators – typically

No CMDB – Problem or Opportunity?

Comprehensive CMDB? Do you have a configuration management database (CMDB) that is up-to-date and that contains security relevant information about all IT assets your enterprise and its providers use for end-to-end business processes? You’re not alone if you say no: fewer than 1-in-10 enterprises have a comprehensive CMDB containing an up-to-date list of hardware and

Can You Say Security as a Service?

Security as a service is the future of security and it’s future is now. In the old days we used to code a lot. “What’s that”, you say? It was the day when we tweaked toggles on the front-end of the machine to bootload the system image, or loaded a paper tape to a memory

Bots Change Security

Security for the enterprise is in a transition, from the era of on-premises products and managed services, to an era where security bots – using robotic process automation – will automate many task-oriented activities of security. This includes many of the tedious day-to-day operations and tasks associated with end-point protections, firewalls, intrusion detection, email content

Dealing with the Security Vendor Merry-Go-Round

I had the opportunity to listen to a number of security vendors pitch their stuff and some of the recent Merry-Go-Round sounds pretty impressive until you start digging into it. Here are a few of the stories with names and specifics redacted to protect the innocent. Vendor One This provider of security stuff energized their

Artificial Intelligence – Cybersecurity’s Future

There was some controversy emerging from the most recent RSA conference when the CTO of RSA – Zulfikar Ramzan – was quoted saying “I think it (the technology of machine learning) moves the needle,” he said on Wednesday. “The real open question to me is how much has that needle actually moved in practice?” What

The Changing Nature of SOCs

Security Operations Centers (SOCs) are largely confined to use by big businesses and governments, especially large federal governments and large enterprises among the global 1,000. Unfortunately, the resources – and available security talent – that are common among global 1,000 and large federal governments are not common among local governments, small businesses, and most healthcare

Security’s Universal Truths

Security’s Universal Truths There are several universal truths about security, including: There are no silver bullets There is no perimeter There is no security, only degrees of risk If you turn off the power, you might have no risk, and even then I’m not sure Security is not secrecy Silver Bullets and the Long Ranger

The Digital Transformation of Security

The digital transformation of security is underway: are you prepared for it? Our security practices of have grown up and around the combination of procedures/technologies tools that we use to implement it. We are very proud of our defense in depth security approaches. We revel in their coverage and speak of their architectures. The only

Blockchain Disrupts Everything :-)

I saw a story the other day about how Blockchain technology is disrupting everything, as in present-tense, happening today, the world is being disrupted. The author goes on to cite voting, finance, music, ownership and counterfeiting. Not exactly everything, and not exactly present tense either. Another one from Forbes says Blockchain startups are disrupting the

Security and Merlin’s Magic Wands

Wish you had a magic wand that could just make things right? We all have this fantasy at some time or another. But, work and life are about determination, persistence, teamwork and smart decisions, and not just the magic wand theory of life. It requires some level of effort and head scratching, and like an

Why Managing Risk Does Not Compute

One of the disciplines for information security is risk management. Managing the risk of using IT is after all, what it’s all about when it comes to digital security, or so they say. For example, when faced with the alternative of not closing a deal before the end of quarter versus closing it, what do

What’s Behind the Microsoft Linkedin Linkup

Microsoft announced it intends to acquire Linkedin – the premier business social network – in an all-cash deal for the sum of $26 billion on June 13, 2016. The acquisition announcement set off a firestorm of controversy about the deal ranging from utter bewilderment and outright rejection, to admiration for its chutzpah and vision. We’re

Vendor Integration and Risk Management – Two

Vendor integration and management is posing growing demand on IT for its own needs, and those of multiple business line constituents. In this part two, we look at some of the common procedures being used to implement successful vendor integration and risk management efforts. More mature organizations collecting information related to business value and business

Vendor Integration and Risk Management – One

Vendor integration and risk management is a growing demand on IT that is taking more time and effort to do at all, never mind do it right. IT has traditionally ignored the necessary resources, time, and attention to vendor integration and risk management programs. For some enterprises integration and management of vendors is ignored while

Intrusion Deception and the New Rapid Detection and Response

The new kid on the block is Intrusion deception, the virtual version of the old physical honeypots. The new intrusion deception catches attacks from cyber-attackers because they are only seen by attackers – internal or external – who then touch virtual decoys such as looking PCs, Mobile phones, servers, network equipment and anything else connected

Security’s Next Generation

We keep hearing about Nex-Gen Firewalls, and for the vendors of firewalls it is next generation to add web-application filtering and other tricks to their network access rules. But this stuff isn’t really next generation from a technology perspective: it’s next generation from the perspective of integrating existing technologies. Security’s first generation used simple blacklisting

Featured Research

Spend on Security

Is your organization underspending on information security? If you’re like most, spending on information security lags far behind other priorities. Only during the past few years has spend on information security started to increase, but it still lags behind. In this Research Report, Wellington summarizes findings from research conducted with thousands of organizations to highlight

The Wizards of Tech

Find out how the unspoken issues of culture, incentives, business strategy, and people impact your life, and the utility of the technology products and services you rely on to operate your business. Download the full report – The Wizards of Tech – today!