Looking back to identify trends and patterns, we can see what lessons we can learn when it comes to patch management. Chris Goettl, director of product management, security at Ivanti, reviews what we saw throughout 2018 and also some trends across the last decade. From this he provides some guidance as to what you should be working toward to make your cybersecurity program successful.
There’s a cloud-based avatar of you that knows your habits, desires, needs and preferences with timeliness and pinpoint accuracy. It sounds futuristic, but it’s entirely achievable now thanks to the data you willingly supply companies with. But what happens, Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies, asks, when any one of these multitudes of data sources is breached?
For midsize companies, the best practices outlined in the “First 5 CIS Controls” provide a solid foundation for securing their IT environments and reducing their level of exposure to the vast majority of security threats. Ofer Amitai, CEO and co-founder of Portnox, discusses how NAC provides coverage for these controls.
The theme of the vulnerability onslaught continues in 2019. And things are only getting more complex as we continue to write more lines of code to control all of the things we are connecting to the Internet. In this Experts Corner, Doug Mechaber gives some insight into these complexities as it relates to identifying and measuring vulnerability-driven risk.
With the exposure of personally identifiable information via data breaches, organizations need to look beyond name, address, date of birth and Social Security Number to accurately identify individuals. Advanced data and innovative technology, such as physical and behavioral biometrics, device intelligence and digital behaviors, can help usher in a new frontier of authentication and lead to improved identity proofing as well as a better customer experience.
While multi-cloud is a smart decision, it's extremely hard to get right, and the added complexity of securing data makes it an even more daunting proposition. Mario Duarte explores the challenges in developing a multi-cloud strategy that accounts for security and reviews four recommendations to execute on your own secure multi-cloud strategy.
When is the last time your company truly thought about the security of your network, devices and data? If this answer isn’t “yesterday” or “today,” then your agency, and the client data it is entrusted with, might be at risk. Dror Liwer, CISO of Coronet, outlines what agencies can do to get serious about cybersecurity.
With hundreds, if not thousands of security alerts per day pouring into Security Operations Centers (SOC), security professionals are fighting a losing battle. Fortunately, tried-and-true manufacturing techniques can turn the tide. Heather Hixon of DFLabs outlines two techniques that can help even the playing field between SOCs and their adversaries.
The Ancient Athenian Themistocles said: “He who controls the sea controls everything.” In today's world, the "sea" is the "communications sea" and the "communications sea" relies on anything and everything cyber. George Platsis of SDI Cyber lays out how somebody has been quietly dominating the communications sea and what the implications are for everybody — including who will rule this empire.
There is a widespread need for organizations to modernize their security operations. Why? It creates the structure to eliminate distractions caused by chasing compliance mandates and the latest “shiny technology objects” and allows security organizations to reduce enterprise risk. Mark Maxey of Optiv outlines how to get started on modernizing operations.
Cyber Insurance is a rapidly growing market, and small- to medium-sized businesses are driving that growth. Ari Vared, Senior Director of Product at CyberPolicy, explains that as SMBs gather more data to leverage business decisions, they also need to be more aware of cyber risks and be prepared for an incident.
To address the rising tide of data breaches, social network providers have enhanced their built-in security and have focused primarily on improving multi-factor authentication processes. To better understand what varying platforms offer, Ehud Amiri, senior director for product management at OneLogin, looks at how the leading social media sites are protecting their users.
Despite the common belief that mainframes are secure fortresses of data, it's much easier than businesses might think to access the mainframe by hacking an employee's mobile phone or other connected smart device. Ray Overby, President of Key Resources, Inc., lays out two new ways that cybercriminals can get into corporate networks through a personal IoT device.
Until manufacturers of IoT devices incorporate strong security into their products, the only reliable way to keep devices from compromising an enterprise is to use network topology to prevent attackers from interacting with such devices. Dr. Srinivas Mukkamala, co-founder and CEO of RiskSense, looks at the top IoT security risks facing enterprises.
As more people bring their own devices to work (BYOD), companies embracing blockchain can ensure that the infrastructure is secure and their employees are accommodated. Alistair Johnson, founder & CEO of Nuggets, explains how this new technology accommodates a fresh understanding of work and the technological peculiarities that come with it.
ITSPmagazine co-founder Sean Martin interviews Howard Miller, co-author of “Developing a Framework and Methodology for Assessing Cyber Risk for Business Leaders“ (Journal of Applied Business and Economics, volume 20 (3), 2018), about the background of and vision related to this research article, how it applies to companies, boards and CEOs, risk management systems, and the ongoing development with Pepperdine CyRP.
In the past, nation states such as North Korea and China had a very limited ability to respond to the U.S.’ military attacks or sanctions. But in today’s digital world, these countries use cyber-attacks to deter a sanction or get retribution. Wayne Lloyd, Federal CTO of RedSeal, provides a list of actions organizations can take to ensure good cyber hygiene and digital resilience to withstand a cyber event and/or recover quickly.
Given all the vendor- and analyst-speak in the security space, it’s become difficult for organizations to know the difference between Security Information and Event Management (SIEM) and security analytics. Here are 6 ways to tell a SIEM from a security analytics product.
Criminal cryptomining has replaced ransomware as the leading type of cyber attack in 2018. While not all cryptomining is criminal in nature, this new type of cyber attack has gained momentum and popularity as a result of its success. Lastline’s director of threat intelligence, Andy Norton, explains the popular criminal techniques used to mine cryptocurrencies — and what lies ahead for cryptomining.
As more security technology companies emerge, consolidate and disappear, CISOs are struggling to understand which products are really worth their investment. Absolute’s Director of Security Strategy Josh Mayfield shares how CISOs can cut through the product marketing jargon and break down the five questions every CISO should ask a potential security vendor.