Skip to content

3 Hot Trends in Cybersecurity the C-Suite Is Talking About Right Now

computer-keys

Cybersecurity sometimes feels like a game of cat and mouse—new technologies and even familiar hacker capabilities are constantly testing protections, and requiring the security sector to put out and prevent potentially destructive attacks.

Today, we’ll look at three of the top issues in cybersecurity that the C-Suite is talking about right now, and suggest some ways you can prepare.

Continue Reading →

How Do I Know That My Network’s Data Is Really Secure?

Man with Tablet Covering Face

You don’t have to be a chief information security officer (CISO) to fear having accounts compromised; however, being a CISO takes worry to another level altogether.

How do you sort through all the log information that applications, networks and people are generating on a daily basis? Do you even track all your personal logins? Imagine doing this for a major enterprise!

Hackers, for the most part, are not spending a lot of time “guessing” your corporate passwords. They simply do not invest that much time on their targets; instead, they automate using your compromised passwords to find where they can gain access to your system.

Other areas that interest hacktivists or cybercriminals are phishing scams, Trojan horses and using open Wi-Fi services, to name a few.

Continue Reading →

3 Spooky Ways Your Systems Are Getting Hacked Right Now

spooky-hand
It’s that time of year, and unfortunately, cybercriminals are all tricks, no treats. Despite the fact that security spend continues to rise, so do security incidents. In this post, we’ll look at top vulnerabilities and security incident trends to understand three common ways attackers are getting into organizations right now.

Continue Reading →

Now There’s an Easy Way to Secure Your Legacy Applications

2016-10-18_blog-975px
I was with a colleague at lunch a few months back and this discussion came up in excruciating detail. The issue specifically had to do with security and compliance for old or “legacy applications” that are sitting on older versions of Windows or Red Hat.

The problem is one we hear often: the application was written by either someone who has moved on to another position, doesn’t work there anymore or was written by a company that went under or decided to end-of-life (EOL) the application.

What do you do when the vulnerability scanner run by your security department detects up to 600 applications that are out of compliance? In most cases, the security organization will want these applications either upgraded or moved off your network.

This isn’t always possible due to the criticality of most of these applications. Often, they are critical to run the day-to-day operations of the company or they are critical to the well-being of the organization.
Continue Reading →

VMware’s Goldilocks Security lost in the woods

2016-10-04_pic-1I have admired VMware’s technology for many years. I currently have a multi-node 5.5 vSphere deployment at home, and in my free time I love running benchmarks to marvel at what years of optimization by VMware has gotten us.  So, it was with great interest that I followed the unfolding vision and roadmap that Martin Casado laid out on behalf of VMware two and a half years ago. This vision regarding why security applied at the virtualization layer was the true answer to building a secure infrastructure, was especially exciting for me. I had just co-founded Skyport Systems a year earlier on a dovetailed premise that we need a fundamentally new approach to security as built-in secure infrastructure, and that the virtualization layer is key component.

However based on the update at VMworld 2016 (“How Virtualization Will Transform Security”), it is clear that VMware has lost their way in execution of the eloquent vision Martin laid out for them.  They have become  distracted from delivering on an MVP (Minimum Viable Product) for secure virtualization that the IT industry desperately needs to secure an aging architecture that VMware introduced in a prior IT era.
Continue Reading →

What Cyber Security Is Not

I feel like the first 2016 presidential debate should have been experienced over breakfast at a Waffle House. After having used a time machine to travel back to the mid-1980s. With bacon.

Because then I could have pretended that the cybersecurity discussion was just a couple of excited pensioners at a neighboring table who had good intentions but not a lot of clue: “my son is good at the computers“; “it’s probably those dastardly Russians!

It would have fit right into the atmosphere and been almost charming. It would not have been what it actually was: alarming.

The computer genius 10-year-old aside (is he available for an internship? we are hiring!), the reality of security that companies need to care about is neither basement-dwelling thrill hackers nor state actors. This is a false dichotomy that insults and misleads everyone in order to sell expensive security shovelware toolkits that address non-existent issues. Yes, I’m afraid that I have bad news: your Splunk instance is not really going to stop GCHQ.
Continue Reading →

1 2 6