Looking back to identify trends and patterns, we can see what lessons we can learn when it comes to patch management. Chris Goettl, director of product management, security at Ivanti, reviews what we saw throughout 2018 and also some trends across the last decade. From this he provides some guidance as to what you should be working toward to make your cybersecurity program successful.
For midsize companies, the best practices outlined in the “First 5 CIS Controls” provide a solid foundation for securing their IT environments and reducing their level of exposure to the vast majority of security threats. Ofer Amitai, CEO and co-founder of Portnox, discusses how NAC provides coverage for these controls.
As organizations shift more to the cloud, it means they will increasingly rely on networks and infrastructure they don't own or directly manage. Yet this infrastructure is just as critical to consume and deliver the applications and services as when it was in the data center. Alex Henthorn-Iwane, VP Product Marketing at ThousandEyes, outlines 6 key network considerations that IT managers should take into account before shifting to the cloud.
DevOps is about more than continuous delivery. Prasanna Singaraju, Chief of Engineering and Technology at Qentelli, explains how AI can help fill in the potential gaps to improve application quality and delivery speed as well as user satisfaction.
This article introduces the concept of a Software Defined Perimeter (SDP) as a progressive security model. Don Boxley, co-founder and CEO of DH2i, explains how an SDP overcomes today’s most prevalent data security challenges – especially as cloud adoption continues to soar – while presenting numerous, previously unattainable benefits.
To address the rising tide of data breaches, social network providers have enhanced their built-in security and have focused primarily on improving multi-factor authentication processes. To better understand what varying platforms offer, Ehud Amiri, senior director for product management at OneLogin, looks at how the leading social media sites are protecting their users.
With security often seen as an obstacle in the path of innovation, adhering to project delivery deadlines and staying agile, it can be something of a dirty word in the software industry. Pieter Danhieux, CEO of Secure Code Warrior, explains how to engage developers to code securely, bridge the gap between the development and security functions of the business, and strive for a higher build standard of software.
When it comes to protecting end-user devices, many enterprises see two choices: either lock down devices and limit what users can access, or prioritize productivity and take some chances with security. Tal Zamir shows why this either/or proposition is untenable for CISOs, IT and end-users, and how a new software-defined endpoint approach is enabling enterprises to deliver completely secure and totally unrestricted user experience.
Given all the vendor- and analyst-speak in the security space, it’s become difficult for organizations to know the difference between Security Information and Event Management (SIEM) and security analytics. Here are 6 ways to tell a SIEM from a security analytics product.
99% of successful attacks involve vulnerabilities that have been known to cybersecurity professionals for at least one year. Nollaig Heffernan describes the issues that exist today with applying software patches, primarily at the application layer, and advises on how to mange the patching effort and where priorities should lie for organizations.
We kicked off 2017 with a lot of excitement around a nasty set of SMB vulnerabilities which led to the devastatingly successful WannaCry and NotPetya attacks, and 2018 started off with a similar level of excitement concerning the Spectre and Meltdown vulnerabilities. Ivanti’s Chris Goettl discusses which trends have surfaced and what to watch for during the rest of the year.
RiskIQ surveyed 1,691 security leaders from multiple verticals in the U.S. and U.K. about the current digital threat landscape. The results show that relentless, Internet-scale threat campaigns are near-universal pain points – and CISOs are afraid that their security teams are ill-equipped to stop them.
While Mac users like to believe that their systems are secure, the truth is that Macs really aren't more secure than Windows PCs; it's a myth that Apple computers are inherently more secure and don't get malware. Here are several things that Mac users can do to improve their security.
Despite the advances in technology, there’s still a very human element to whether a company embraces security practices. This article examines the impact that organizational culture has on a company's ability to adopt a security-driven mindset and offers some pragmatic tips on overcoming oft-encountered challenges.
Organizations are implementing stricter mandates for what kind of platforms and mobile features employees can use on both personal and corporate-owned devices, prompting a dramatic increase in the rise of "shadow IT" like unauthorized messaging apps. By bringing messaging apps out of the shadows and into the mainstream, organizations can reduce the risk of both outside and inside threats to the enterprise.
Citizen development – when non-programmers create useful software solutions – is excellent for driving business productivity.It lets employees that own business problems to own – and build – business solutions. Unlike with software written by a company’s IT developers or outside contractors, citizen development involves a minimum of red tape and funding, gets directly to the heart of what the employee was trying to accomplish, and can make lots of people happy. If it’s done right.
When technology evolves faster than our ability to make sure there's a viable level of safety, how do we educate businesses and the layperson on best practices for IoT security? In this part 2 InfoSec Life article, Phil Agcaoili, CISO, shares his views on the need to raise InfoSec awareness in society while striving for (and embracing) diversity in cybersecurity.
2016 saw a record setting number of cyberattacks, resulting in the most records stolen in the seventeen years that breaches have been tracked. When you can’t secure the network any longer, what do you do? Shifting to a runtime protection approach will require a bit of retooling, but the end-result will be—finally—slowing the attacks that threaten every organization, every day.
The new Facebook Messenger "live location" feature comes in handy when coordinating plans with friends, as it lets users share their real-time location on a map within a private/group message. But what kind of security vulnerabilities are consumers voluntarily opening themselves up to?
After attending AppSec California this past January, Arleena Faith learned some interesting lessons that she wanted to share with other Software Developers and professionals in the Software Security field. The topics included in this Experts Corner range from insights on scaling a Software Security Initiative to automating Security Testing within the pipeline.
There is an overarching theme driving these security breaches: ineffective adherence to secure design principles. Expert Ted Harrington explores the world of secure design principles (and anti-principles) as a means to build resilient systems.
Security researchers at the CWI institute in Amsterdam working together with a team from Google found a practical way to compromise the SHA-1 hash algorithm. The goal of this post on ITSPmagazine is to explain the impact of this finding and what can be done to mitigate the risk.
Would you feel comfortable hiring a hacker? Caroline Wong, CISSP and VP of Security Strategy at Cobalt, discusses the benefits and risks to using the power of the people – crowdsourced application security programs – at this OWASP AppSec session.
Since 76% of data breaches are from stolen login information. Jack Bicer, CEO of Sekur Me, says that eliminating passwords and using instant, automatic 2-factor authentication will eliminate fraudulent activities.
At this year’s AppSec California conference – a yearly event for InfoSec professionals, developers, pentesters, and QA and testing professionals – the Women in Security panel was among the most highly attended, a very clear indication that this topic resonates strongly with both women and men.
Good Bots. Bad Bots. Can you tell those apart from the ‘normal’ traffic generated by the humans using your network? Sean Martin works with the team at Distil Networks to identify 10 ways to spot bad bots on your network?