With hundreds, if not thousands of security alerts per day pouring into Security Operations Centers (SOC), security professionals are fighting a losing battle. Fortunately, tried-and-true manufacturing techniques can turn the tide. Heather Hixon of DFLabs outlines two techniques that can help even the playing field between SOCs and their adversaries.
In 2019, security teams will start using more technologies to achieve detection and response versus simply relying only on standard SIEM alone. But deploying more and more technologies is not enough. SVP strategy at CyberInt Itay Yanovski explains why organizations need to look at Security Operations Centers (SOC) in a different way.
There is a widespread need for organizations to modernize their security operations. Why? It creates the structure to eliminate distractions caused by chasing compliance mandates and the latest “shiny technology objects” and allows security organizations to reduce enterprise risk. Mark Maxey of Optiv outlines how to get started on modernizing operations.
ITSPmagazine co-founder Sean Martin interviews Howard Miller, co-author of “Developing a Framework and Methodology for Assessing Cyber Risk for Business Leaders“ (Journal of Applied Business and Economics, volume 20 (3), 2018), about the background of and vision related to this research article, how it applies to companies, boards and CEOs, risk management systems, and the ongoing development with Pepperdine CyRP.
In the past, nation states such as North Korea and China had a very limited ability to respond to the U.S.’ military attacks or sanctions. But in today’s digital world, these countries use cyber-attacks to deter a sanction or get retribution. Wayne Lloyd, Federal CTO of RedSeal, provides a list of actions organizations can take to ensure good cyber hygiene and digital resilience to withstand a cyber event and/or recover quickly.
Last year Locky, NotPetya and WannaCry ransomware savaged Internet users, with billions of dollars lost, data destroyed, worldwide shipping disrupted, and reputations damaged. Even though they are the most hacked businesses on the Internet, many SMBs do not have proper cybersecurity protections in place. In part 2 of this two-part series, Dave Moore, founder of Internet Safety Group, walks the reader through a well-crafted response plan and reviews of the top backup programs.
Last year Locky, NotPetya and WannaCry ransomware savaged Internet users, with billions of dollars lost, data destroyed, worldwide shipping disrupted, and reputations damaged. Even though they are the most hacked businesses on the Internet, many SMBs do not have proper cybersecurity protections in place. In part 1 of this two-part series, Dave Moore, founder of Internet Safety Group, explains why and how SMBs need to make Internet safety training a top priority.
Given all the vendor- and analyst-speak in the security space, it’s become difficult for organizations to know the difference between Security Information and Event Management (SIEM) and security analytics. Here are 6 ways to tell a SIEM from a security analytics product.
Every business falls victim to cyberattacks sooner or later. Are you prepared for when the inevitable breach happens? If not, your business and your career could be in jeopardy. This article highlights nine key criteria that should be part of every cyber-breach preparation plan.
The most successful incident response programs excel in five areas: visibility, incident management, workflows, threat intelligence, and collaboration/information-sharing. DFLabs Senior Product Manager John Moran explains what’s required to achieve excellence in each of these components from a systems level perspective.
How can companies be better at training employees to prevent phishing and improve security? Inky founder Dave Baggett provides a quick history of antivirus software, how antivirus worked then and now, and the flaws in security software.
The most effective first level of physical defense in your network architecture’s security infrastructure is the firewall. Yoram Ehrlich, VP Products at Niagara Networks, explains how there is now a clear shift toward next-generation firewall (NGFW) technology incorporating advanced know-how.
How can cybersecurity managers effectively identify strategic gaps when 90% of managers have never had strategic management training? Organizations that equip their cyber leaders with the knowledge to think and act strategically improve their chances for long-term success.
Organizations of all sizes are vulnerable to cybersecurity threats, and they need to be able to detect indicators of compromise in order to address risks and respond to attacks. Integrating SIEM and SOAR combines the power of each to create a more robust, efficient and responsive security program – which ultimately allows security teams to avoid alert fatigue.
Threat detection relies on signatures or the correlation of system events to identify indicators of compromise (IOCs). As such, it is primarily reactive and used to verify if a breach has occurred, and to assess the scope and spread of a threat. This article explains how proactive threat hunting can address this inherent weakness in threat detection by assuming a threat or threat actor has not been detected, yet may have targeted an organization.
KRACK, as acronyms go, seemed an appropriate handle for last month’s WiFi security disclosure. After a quarter stuffed with bad security news, a new flaw in one of our most beloved technologies might have a few security pros on the verge of cracking. The showiest security disasters make news, but breaches happen every day to organizations of every type around the world. The attacker perpetrating the next big cybersecurity incident is probably already behind someone’s firewall. And while you should definitely patch your vulnerabilities and maybe even turn off your WiFi (ok, just kidding, no one’s going to turn off the WiFi), that’s not going to be enough. We need to change how we think about cybersecurity.
Ransomware creates turmoil every day – for individuals and for enterprises. But there is encouraging news. Ransomware, by its very nature, tips its hand with characteristics that make it predictable and recognizable. These distinct features enable advanced security tools to detect and defeat ransomware before files are frozen and ransoms demanded.
The practice of Bring Your Own Intelligence—BYOI for short—enables security teams to more effectively protect their organizations by focusing on what’s most relevant to them. Here are four key benefits of BYOI for your business.
You can increase the likelihood of successfully defending against—or at least mitigating the effects of—an attack, by understanding what happens at each phase of a ransomware attack, and knowing the indicators of compromise (IoCs) to look for.