Dissecting a Cybercriminal Heist – Podcast #248

In May 2013, the U.S. Dept. of Justice indicted several members of a cyber criminal gang  allegedly responsible for the largest coordinated cash heist from thousands of ATMs across 26 countries. The scheme netted more than $45 million in less than a week and has the banking industry reeling at the manner in which this…

The Fragmented Picture of Mobile Security

I was in Munich last week, speaking at the European Identity and Cloud Conference in a panel on standards for mobile security. It was a very good session, not least because of the colleagues who joined me on the panel. John Sabo spoke about the work he’s doing in privacy frameworks.  Tony Nadalin spoke about…

Adaptive IAM: On the Front Lines of Cyber Security

Like most technologies, Identity and Access Management (IAM) has been challenged by new business and IT trends that are causing serious disruptions in how we approach information security. The exponential growth of digital identities coupled with the increasing use of software as a service and mobile and cloud platforms have made the traditional perimeter all but disappear. As a result, legacy IAM tools that have been a security mainstay for decades are simply failing to keep up.

The Sea of Trust: Cloud, Big Data and Security at EMC World

In his #EMCworld keynote on Tuesday morning, Joe Tucci used the phrase “the sea of trust” to capture the pervasive role that security has to have in the success of the “third platform” of mobile, cloud and big data. It’s a great metaphor, reflecting not only the pervasiveness that security has to have, but also the dynamism and power that it needs to embrace.

Cybersecurity@EMCworld 2013: Transforming the Trusted Cloud

In my earlier blogs on Transforming Security Analytics and Transforming Trust, I wrote about the strong focus we have on cybersecurity at this year’s EMCworld, previewing several of the sessions that will highlight security topics. In addition to those presentations, we’ll also once again have a Birds-of-a-Feather session, focused on Building your Trusted Cloud. It’ll…

Cybersecurity@EMCworld 2013: Transforming Trust

The application of Big Data analytics to security has resulted in a transformation not only in detecting and responding to threats. It also transforms how we establish and evaluate trust, based on understanding risk rather than expecting absolute security. This transformation doesn’t just affect security professionals. Understanding trust is critical for many of the topics that are explored at EMCworld, including cloud, virtualization, storage and document management. Understanding trust can help in enabling new business opportunities, finding more effective operational processes and working more effectively with partners.

To MSSP or not to MSSP?

It’s an increasingly common question these days, and not an easy one at that. That is, do you build your security operations capabilities in house, or do you go with a Managed Security Service Provider (MSSP)? There are certainly advantages to both and bottom line wise; it is hard to say which one actually is cheaper. Ultimately, as with all things, it is a business decision that is made with an acceptable level of risk in mind.

The Changing Nature of the Threat – 2013, Part 2 – Migration to the Cloud

A through risk assessment should be adopted by customers to ensure that the benefits for moving on to the cloud outweigh the potential security threats. Techniques like privacy impact assessment (PIA) and ‘Plan, Do, Act, Check’ are recommended to ensure a moderate, but comprehensive change for them. Evidences shows that there may be issues involving customers meeting their legal obligations when their data are hosted outside of their local context. Hence, this will trigger issues relating to the effectiveness of existing risk governance frameworks. There should be more evaluations conducted to assess the true potential and apparent risks to protect customers and Cloud Service Providers (CSP).

Building a Next Generation SOC – Using Intelligence to Find the Threats; Podcast #245

In this edition of the RSA Speaking of Security Podcast, Tom Chmielarski, Practice Lead with RSA’s Advanced Cyber Defense consulting practice, talks about specific threat intelligence strategies that organizations can take in the defense against malware and advanced attackers. Tom is one of the lead consultants bringing RSA’s Next Generation Security Operations Design and Implementation…

Risk-Based Authentication: What’s Context Got to Do With It?

Contributed by Lauren Horaist, Senior Product Marketing Manager, RSA Identity and Data Protection Group I sometimes find myself making strange comparisons between real life and work life.  One of those stream-of-consciousness moments happened a few weeks ago while I was driving home in a snowstorm.  I was minding my business driving along my normal route,…