Forensics Meets Continuous Security Monitoring to Achieve Optimal Visibility

Digital forensics is estimated to be a $3.2 billion industry by 2020, according to research from RnR Market Research summarized by WhaTech. The industry has grown due to the virtually ubiquitous use of IT systems in personal, corporate, and governmental settings. The need for the IT department to “see” from the network command center out…

Monitoring Assets and Vulnerabilities: Matching Data With Action

Monitoring assets and vulnerabilities has become a high-priority security practice for many enterprises. As RSA President Amit Yoran said in his RSA Conference 2016 keynote, the inevitability of an attack is so well-known that it’s almost cliche. However, the increasing persistence and stealth of attacks is less cliche. Attack campaigns increasingly use multiple exploit methods…

5 Must-Read Articles on Advanced Detection and Incident Response Speed

In his 2016 RSA Conference keynote, RSA President Amit Yoran explained that modern security is moving away from the traditional focus on prevention toward a mindset that includes monitoring and response as key security components. In particular, Yoran stressed that accelerating incident response speed is crucial for overcoming current known security threats and future attacks.…

Next-Generation Authentication: Addressing Changing Compute Paradigms

To achieve optimal security in today’s rapidly evolving computing environment, companies are turning to sophisticated authentication mechanisms. Next-generation authentication is identity and access validation that adapts to protect assets against both static and continuously changing variables. This type of authentication needs to accommodate the following: The burgeoning of bring-your-own-device (BYOD) trends The growing reliance on…

Bring-Your-Own-Identity Gains Steam in Information Security

Bring-your-own-identity (BYOI, or sometimes BYOID) is an emerging concept in Identity and Access Management. BYOI has become interesting because it presents a realistic solution to a pressing problem: the need for better federated identity management. The Theory BehindBring-Your-Own-Identity The BYOI security methodology, like bring-your-own-device (BYOD) before it, contributes more than identity to the InfoSec ecosystem…

Threat Intelligence Sharing: Customized Solutions to Challenges

Threat intelligence sharing is a hot and sometimes contentious topic. While its necessity and justifications are generally known, there are legitimate reasons why sharing information on a large scale has been met with resistance. The Argument for Sharing When sharing intelligence, it is important to establish from the outset that combining best practices for security…

Identity-Centric Management for Modern IT

In today’s mobile- and cloud-driven IT infrastructure, perimeters have become much harder to define. For this reason, identity management is a key point of control. An integrated user- and identity-centric security configuration can help solve modern infrastructure challenges, including issues of access at the perimeter and the authentication and accreditation of users accessing complex resources…

Context-Based, Next-Generation Authentication: Key Traits and Endurance

When analyzing a particular component within a security ecosystem, it is always useful to first take a drone’s-eye view of the system. This strategy can be used to map precisely where within the infrastructure the component may be deployed most efficiently. Where is its mission critical? Where can it profitably replace an alternative? Where will…

Threat Intelligence Cooperation: Creating Shared Value

The principle of synergy, or the whole being greater than the sum of its parts, dates back to Aristotle and has been reincarnated numerous times throughout history. One of its most famous iterations was recently articulated in a 2006 Harvard Business Review article by business scholar and executive Michael E. Porter as “creating shared value.”…

Cyber Risk Insurance: Preparing To Obtain Coverage With Standards and Frameworks

Cyber attacks are getting bigger, costlier, and more frequent. They are gaining more and more media attention with each strike. The Lloyd’s Risk Index 2013, a global biennial survey of board-level and top-level executives, identified cyber risk as the third-highest risk that faces businesses. However, while a proactive defense against cyber risks is the first…