Blog

What Really Led to WannaCry?

Much of the focus on WannaCry has been on how it works and what organizations need to do in the near term to recover. It’s important, however, to take a step back and ask ourselves why WannaCry became such a tour-de-force in the first place. After all, the security community has been talking about concepts…

Metrics (Not Just Fun Facts!) Are key to driving a Business-Driven Security™ Strategy

Dave Gray & Azeem Aleem “What’s Measured Improves” Peter Drucker It’s mid-2017 and we have already witnessed the conundrum across organizations as the pressure of building a more efficient business creates loopholes for cyber criminals to gain an advantage. In a previous blog we talked about the traditional perimeter melting away and how the “not…

The Business Value of RSA Archer

Implementing an effective governance, risk, and compliance program can be a costly and time-consuming effort: Hardware, software, and the active engagement of a lot of people in the first, second and third lines of defense.  Before implementing a program, and periodically throughout the life of the program, the question always arises from senior management: Is…

What Your Business Can Learn from WannaCry

The biggest cyber attack began last week, spreading to more than 150 countries and infecting 200,000 machines. The outbreak is a ransomware threat, WanaCrypt0r 2.0 also known as WannaCry, with worm-like capabilities leveraging an exploit against vulnerable Microsoft Windows® operating systems. Ransomware mimics the age-old crime of kidnapping: someone takes something you value, and in…

Failure to Communicate: Why SOCs Fail!

I’ve had the privilege of working in a few different SOCs at various maturity levels ranging from the stony shores of regulatory compliance – “Yes, we have a security solution”, to the deep shark-infested waters of a global enterprise under frequent attack by nation state-sponsored attack groups. Throughout all of these different engagements, I’ve worked…

Six Keys to Successful Identity Assurance – Flexible Authentication

So far, we’ve discussed the first five keys to a successful identity assurance: business context, anomaly detection, machine learning, broader ecosystem, and consistent experience. Let’s close the series with an important topic for both end users and administrators: flexible authentication. Administration Flexibility When we think of providing flexibility for administrators, we focus on the authentication…