Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The 2014 ICS Cyber Security Conference will address real world problems and discuss actual ICS cyber incidents, many of which have never been told before.
NIST wants to build a reconfigurable cybersecurity testbed to provide guidance on the best practices for implementing security strategies within industrial control systems without negatively impacting process performance.
Hypervisors have become an important part of enterprise environments and while they should normally reduce the attack surface, experts warn that they can be plagued by security vulnerabilities that could be leveraged by malicious actors.
LogRhythm's Honeypot Security Analytics Suite helps customers deploy honeypots to attract opportunistic hackers and then capture network and log activity.
FishNet Security has opened a new technology testing lab that allows partners and customers to vet technologies in a virtual IT environment using simulated network conditions and attack scenarios.
CrowdStrike has launched a new threat intelligence exchange platform that facilitates the access and exchange of threat intelligence between vendor partners.
China-based threat actors are using sophisticated malware installed on handheld scanners to target shipping and logistics organizations from all over the world.
CyberX has raised $2 million in an initial funding round led by Glilot Capital Partners, with participation from the Swarth Group, GlenRock, and angel investor Gigi Levy-Weiss.
Joe Weiss of Applied Control Solutions, John Mallery of MIT, and Jeffrey Carr of Taia Global will hold a panel discussion at Suits and Spooks New York on where the tipping point lies for a cyber attack to turn into a catastrophe.
AIG has expanded its cyber insurance offering to include property damage and bodily injury that could be caused as a result of cyber attacks.

FEATURES, INSIGHTS // Security Architecture

rss icon

Joshua Goldfarb's picture
Is budget a good metric for security? In other words, if an organization wishes to improve its security posture, is spending more money an appropriate response?
Rebecca Lawson's picture
There is a common misconception that in order to move to virtual security solutions, companies can, or should, replace physical security technologies they rely on to keep their networks safe today.
Joshua Goldfarb's picture
An organization that keeps records of its security incidents should be able to study that data to understand the top ways in which it is generally becoming compromised.
Marcus Ranum's picture
There are two ways to start establishing security metrics. One is what I think of as the “bottom up” approach and the other being “top down”. For best results you might want to try a bit of both.
Marcus Ranum's picture
When you start your metrics program, you'll find that a great deal of information can be gleaned from existing data that gets stored in various places – most likely in your system logs.
Marcus Ranum's picture
There are many important and useful tools related to the metrics landscape; let's take a look at some of them and how they fit together.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Danelle Au's picture
Zero Trust advocates for a segmented network, and security built into the architecture rather than an afterthought. It also advocates for some key principles built around the concept of “never trust, always verify”.
Jeff Hudson's picture
Making decisions based on anomalies is predicated by one very important assumption—you must understand what “normal” looks like.
Mark Hatton's picture
Just like football, security is a tough game and not for the faint of heart. There are threats lurking around every corner and it’s when you think you are in the clear that a blindside hit is most likely to happen.