Mar 04, 2015 By Andy Kicklighter In Blog

Insider Threats: Painful Lessons Learned

When a government agency or business suffers a major breach, much of the subsequent attention focuses on the outside hackers who penetrated cyber defenses to access networks and steal valuable data. But one of the most important lessons we learned in the past year was this: In the vast majority of large breaches that occurred, there was a...

Read More

Feb 25, 2015 By Brian Reynolds In Blog

Cyber Shelfware

Shelfware.  Noun, informal.  1.  Computers.  software or hardware that remains unsold, unused, or underused. /shelfweir/ Software which is never used and so ends up on the shelf. Shelfware may be purchased on a whim by an individual or group, or in accordance with corporate policy, but not actually required for any particular use. One of my...

Read More

Feb 20, 2015 By Jean-Paul Bergeaux In Blog

Anthem Hack Should Silence Calls For Regulatory Over Voluntary

The NIST Cyber Security Framework was created in response to President Obama’s call for our Federal Government to do more to help American companies secure their environments.  The framework is a voluntary starting point for companies to use, instead of having to start from scratch or hire a security firm to create a baseline to work...

Read More

Feb 12, 2015 By NetApp USPS In Blog

Ready for Cyber Analytics?

The Department of Defense is shifting the cyber defense paradigm from a strategy characterized by static, labor intensive risk assessments to a more dynamic posture relying on big data analytics to continuously monitor its networks for potential threats. Defense leaders see this as a vast improvement, but questions remain whether DoD’s...

Read More

Feb 04, 2015 By Jean-Paul Bergeaux In Blog

Offensive Cyber Warfare

Last fall I attended a presentation by Ryan Sherstobitoff, Principal Security Researcher from Intel Security, about how his lab had put together a system of honeypots and honeynets to capture and document what a ring of cyber hackers were doing in Asia and North America.  I was very impressed and intrigued.  First, the quality of...

Read More

Jan 28, 2015 By Alan Kessler In Blog

Who is Your Most Dangerous Insider?

Is the most dangerous insider threat to your organization the malicious insider who purposely exploits his or her access? Or is it the clueless employee who clicks on the wrong attachment? Actually, it’s neither. The insiders who represent the greatest risk are your “privileged users,” the high-level computer operators who often have...

Read More

Jan 22, 2015 By Jean-Paul Bergeaux In Blog

Why Virtualize NGFWs?

After the blog I wrote about the dirty little secret of virtual appliances, a few people asked why it’s such a big deal to virtualize a Next-Generation Firewall (NGFW) anyway.  “Why not just use appliances?  You don’t need that many of them,” they said. I knew right away where the disconnect was. Traditional security environments only...

Read More

Jan 14, 2015 By Jean-Paul Bergeaux In Blog

There’s a Dirty Little Secret of Virtual Appliances

Nearly all innovative products start as appliances.  There are many good reasons for this, but two stand out.  One is that an appliance controls the environment the product has to live in.  This saves a significant amount of quality assurance testing against multiple different types of environments, but more importantly ensures that the...

Read More

Jan 08, 2015 By Jean-Paul Bergeaux In Blog

Phishing over the phone?

The other day I got a call from a man who, in broken English, said to me, “You are being hacked right now!” I knew right away what this was, but I thought I’d play it out a bit.  I said, “Right now?  As we’re talking?” “Of course, yes,” he said, claiming he worked for “Microsoft Windows” and that my PC was sending him...

Read More

Dec 23, 2014 By Jean-Paul Bergeaux In Blog

Lessons from recent news in cyber security (Part 2)

Last week I established the need to really get Email phishing under wraps.  This needs to be attacked from both from a technology perspective and from a user perspective.  The first step is getting your senior management–beyond the security team and even beyond the CISO–on board with more intensive user education and training .  If senior...

Read More