The Essential Role of Forensics in Computer Security

Every organization, no matter its size or line of business, should assume it has either been or will be breached. When it comes to responding to an incident, organizations need to realize that time is of the essence. For this reason, forensics in computer security is a growing discipline. However, according to a survey by…

Transaction Signing, Meet Selfie

Money-stealing Trojans be gone. When is the last time you logged into your online banking portal, made a payment transaction, and received a notification on your phone to validate the details of the transaction and tap approve? Better yet, when is the last time you had to use a physical hardware device to sign a…

Incident Response Roundup: 5 Facets of Top Performers

An Aberdeen Group analysis of current enterprise practices for managing privileged access provides a powerful illustration of how better visibility and operational forensics can not only help with more effective incident response (IR), but also point the way to high-impact improvements in specific security practices and technical controls. The Importance of Qualitative, Risk-Based Analysis In…

E6 – Ghost in the Machine – Curtain Call

The Hunter’s horse panted heavily and churned up dust as it raced down the dirt road towards the Frontier.  The moonlight glanced off the swirling clouds of powder in the horse’s wake.  The Hunter gritted his teeth as the horse careened around a corner. His mind raced.  He wondered if he would make it in…

Threat Intelligence Sharing: Customized Solutions to Challenges

Threat intelligence sharing is a hot and sometimes contentious topic. While its necessity and justifications are generally known, there are legitimate reasons why sharing information on a large scale has been met with resistance. The Argument for Sharing When sharing intelligence, it is important to establish from the outset that combining best practices for security…

3D Secure Innovations: New Analytics Dashboard Helps Improve Response to Fraud

The 3D Secure protocol has been much (and somewhat unfairly!) maligned for the negative impact it has on the cardholder’s online experience. Requiring cardholders to produce their password each and every time they try to transact on a participating merchant site significantly disrupts purchase flow. Adding friction to the online checkout process leads to cart…

Making Smart Choices for Identity Assurance

Good news: in 2015, device makers, OS providers and authentication solution providers all picked up their momentum on initiatives tackling user authentication challenges. Cases in point: the support of fingerprint sensors in Google Android M, the proliferation of Apple Touch ID supporting solutions, Microsoft Windows 10 multi-method biometric support, Samsung’s fingerprint enabled devices, and the…

Measure your Readiness – Security Monitoring Program

In the previous post of this series “Measure your Readiness”, I depicted a framework to assess, shape and accelerate a Threat-Driven Incident Response program useful for all kind of organizations to enhance their response capabilities and be ready to deal with unforeseen incidents. The second post in the series aims to look at the “security…

Biometric Security: Making Authentication More Secure and Convenient

Concerns about biometric security, its usability, and the potential for spoofing are starting to dissapate. Fingerprint sensors are now being built into the latest smartphone models, which means more people are becoming comfortable with the technology. Although some users still cite concerns with biometric security, convenience is the main driver for its increased adoption. Biometrics…

The Apple iMessage Encryption Vulnerability

A team of researchers at Johns Hopkins (Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan) discovered a profound vulnerability in how Apple’s iMessage encrypts data. The flaw allows the attacker to correctly guess the cryptographic key that decrypts iMessage attachments, which enables the attacker to determine the contents of the underlying data.…