Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

GitHub adds support for Python to its security alerts feature, which notifies developers if their packages contain vulnerabilities [Read More]
A cyber-espionage group is abusing code-signing certificates stolen from Taiwan-based companies for the distribution of their backdoor, ESET reports. [Read More]
The UK government's Cabinet Office has published the first iteration of its Minimum Cyber Security Standard, which will be incorporated into the Government Functional Standard for Security. [Read More]
The State Department, the Department of Homeland Security, the Department of Commerce, and the Office of Management and Budget issue reports in response to the 2017 cybersecurity executive order [Read More]
Senator Ron Wyden instructs the U.S. Department of Defense (DoD) to implement HTTPS and other cybersecurity best practices on all its websites and web services [Read More]
U.S. Department of Energy lays out its multiyear cybersecurity plan, which includes strengthening preparedness, coordinating incident response and recovery, and accelerating RD&D [Read More]
Kaspersky researchers find a significant number of vulnerabilities in OPC UA, a widely used industrial communications protocol [Read More]
SafeBreach raises $15 million in Series B funding round, bringing the total raised by the company so far to $34 million [Read More]
Regulus Cyber raises $6.3 million in seed and Series A funding, and unveils a solution designed to protect sensors, communications and data in cars, robots and drones [Read More]
Slack releases goSDL, an open source secure development lifecycle (SDL) tool designed to provide developers a tailored security checklist for their projects [Read More]

FEATURES, INSIGHTS // Security Architecture

rss icon

Johnnie Konstantas's picture
As NSA Chief Hacker Rob Joyce indicated during his recent talk at the Usenix Enigma conference, hackers are patient and persistent.
Joshua Goldfarb's picture
In security, we have grown accustomed to treating the symptoms of our problems, rather than treating the problems themselves.
Wade Williamson's picture
Data science and machine learning models can assess large groups of cyber threats to find the subtle traits they have in common to better protect organizations.
Tim Layton's picture
While we must continue to use defensive technologies because they help address the level of white noise that has become part of the cost to operate in our hyper-connected, digitized world, we can’t stop there.
Joshua Goldfarb's picture
There are many contextual details that differentiate cyber threat information from threat intelligence. Only with the proper context can data be considered intelligence, rather than simply information.
Joshua Goldfarb's picture
Taking a look at security from a different vantage point that allows us to correlate activity by user, rather than by system alone gives us a very different perspective.
Scott Simkin's picture
When vendors and individuals attempt to keep threat intelligence private, they limit the ability of the entire group to identify and mitigate new threats as they are developed and launched against organizations.
Joshua Goldfarb's picture
Rather than proceed step by step through the process of building and maturing a security operations function, security teams often want to move immediately into very advanced topics.
Alan Cohen's picture
Today’s network perimeter is increasingly not a single physical or virtual place, yet much of the industry debate is still focused on the perimeter.
Jason Polancich's picture
Without a solid base in knowing who you are as a target and what’s going on around you at all times, everything else you do is essentially a half-measure.