What You need to Know About Heartbleed

The world has been talking about a new security buzzword and that buzzword is “HeartBleed”.  What is Heartbleed? Heartbleed is the nickname given to the vulnerability known as CVE-2014-0160, which is a flaw in the TLS/DTLS heartbeat extension implementation in certain versions of OpenSSL.  In plain English, this vulnerability allows an attacker to use a…

More than a Balance: Privacy and Security as Partners in Trust

I was in Dublin recently to speak once again at the Secure Computing Forum. The theme this year was “Security and Privacy: Getting the Balance Right”, so I talked briefly about the KPMG report that I discussed in my 2013 blog on “Balancing Security and Privacy”, in particular the KPMG conclusion that “A balance can…

Battle of the Botmasters

We don’t often look at old intelligence, but recently one known botnet published a list of new Dynamically Generated Domain names, and it caught our attention. As we investigated, we were surprised to find out that one malware family associated with Cutwail bot was launching a Denial of Service attack against the infrastructure of a botnet associated with Zbot, Zeus and Blackhole. This was quite literally a live action view of botmasters attacking one another.

An Impassioned Perspective

As someone who speaks at many conferences and hears (and gives) many keynotes, I was struck by the extraordinary passion and commitment in Art Coviello’s keynote at RSA Conference US last week. His call to action certainly echoed his keynotes of the past several conferences, in his conviction that we – all of us –…

Security Operations Management: Metrics that Matter

In my previous blog series on Vulnerability Risk Management, I included a post on “Metrics that Matter”.  I made the statement that in security, we constantly talk about the challenges of showing return on the investment.  Security Operations is one of these areas that can be hard to show a return.  If you have prevented…