RSA Security Analytics Receives Common Criteria Certification

Today RSA made the announcement that RSA Security Analytics has received Common Criteria certification.  The Common Criteria program is one that is relied on by governments and critical infrastructure providers globally to independently verify the security related claims of a multitude of security related products, ranging from Access Control Systems to Operating Systems. You will…

The Industrialization of Cybercrime: Driving Innovations in Security

If you compare the world of cybercrime now to that of 10 years ago, there really is no comparison. Whether one measures its impact through estimated profits – which some estimate as now surpassing those of the profits for illegal drugs – or from the scale, scope, and sophistication of available “black hat” services and…

Setting the Benchmark in the Network Security Forensics Industry

“Setting the benchmark” – “Beating thirty other products in threat detection and response capabilities” – “Outstanding achievement in product leadership, technological innovation, customer service, and product development” – “Superior capabilities for best addressing customer needs” Wow! While we certainly don’t do what we do here for such accolades – we do it to help our…

Improving Your Incident Detection & Response Maturity

Just having come back from the most recent RSA Conference in San Francisco, I think I can say with confidence that the security industry has moved beyond, at least at the level of strategic planning, security strategies which are purely based on prevention. Security professionals generally agree that what is needed is a better balance…

Moving from Low to High-Fidelity Security

In the 1940s and 50s home audio systems went through a high-fidelity revolution. This is the period when the music recording industry and stereo manufacturers dramatically improved the audio experience for consumers.  Technically it had to do with the improved audio capture, more sophisticated mastering (stereophonics), and dramatically improved reproduction of music, all at a…

Ramping Up Security Monitoring of Public Clouds

It is no secret that organizations are increasingly placing their security sensitive applications and data into the hands of public cloud service providers, whether via SaaS, PaaS, or IaaS-based cloud infrastructures. But what does this mean for an organization’s security monitoring program, namely their security focused detection, investigation, & response capabilities?  How can an organization’s…

Detecting and Investigating Webshells – Another Reason for Deepening Your Security Visibility

What would you call a piece of code or a script that runs on a server and enables remote server administration?  If you answered – “Webshell” – you would be correct.  While often used for legitimate administrative purposes, it is also a favored technology used by attackers for illegitimate purposes.  Attackers often infiltrate externally accessible…

What Would You Call the Market for Today’s Threat Detection and Response Solutions?

What would you call the market for security monitoring solutions that help organizations better detect investigate, and respond to advanced security threats? Five or ten years ago you could certainly be excused if you referred to this market as “SIEM”.  However, today what the right answer is is not clear, other than it certainly isn’t…

The Need for Increased Security Visibility; Public Cloud Security APIs: Why Won’t These Two Streams Cross?

It now is widely accepted in the security industry that improved security monitoring is now central to better defend organizations from attacks, particularly from the sophisticated and highly targeted attacks that have caused so much of the damage over recent years. Frankly, if you can’t prevent, you must be able to detect, investigate, and respond…

Diving Deeper into Behavior-Based Security Analytics

Following on to my earlier blog, Is Behavior-Based Analytics the Final Layer of our Security Defenses?, with this blog I will delve deeper into the topic. What behaviors of what “things” should we care about? Given we are trying to detect indicators of compromise of what often are highly sophisticated, targeted, and thus often hard-to-detect…