cybersecurity

Business-Driven Security™ to Lead through Chaos

My last post discussed the changing nature of security. The impact of today’s cyberattacks aren’t limited to stealing financial information or personal data. Instead, these attacks seed chaos. With this reality at hand, the need for business-driven security is even more pronounced. Security professionals must draw connections between the technical details of a security incident…

The Forum at RSA Conference

This year’s RSA Conference continues the long string of high powered speakers from both the private and the public sector. While there are great keynotes and more than 500 track sessions, we discovered we needed more! Five years ago, many senior government officials were looking for a platform from which they could communicate what they…

Defining Business-Driven Security™ for the Modern Enterprise

As I travel around the world and meet with CISOs and security teams, I continue to be amazed at the organizational disconnects around managing cyber risk. Security Operations and Identity & Access Management teams operate their own business processes with very few connection points. Security and Risk & Compliance teams have different world views of…

Are Software Supply Chain Attacks the New Norm?

How many of us stop to think about updating software we use every day? Do you think “maybe I should check for threats on this before I install it?” Or do you wait for it to automatically update? For many of us, we don’t consider the security of the everyday software we use. This is…

A New Cyber Mission Force

The context is something that could radically turn a bad event to something manageable or even interesting. If we consider how much the threat landscape changed, as did the context where security operates, we realize we are facing one of the most complex and articulated wars of the century – the Cyber War. As stated…

The Elephant in the Room for Endpoint Security

Stop me if you’ve heard this story before… Three blind men are traveling down the road to visit a friend.  On the way, they encounter an elephant.  Not being able to see it, they each stopped and felt the elephant to figure out what sort of creature it was.  The first one grabbed the trunk…

R-Evolution: The Evolution of Risk

Ten years ago, when a user needed to access a corporate application, his or her usage was on a company-owned device and typically confined to company-owned networks. These applications were nicely tucked behind corporate firewalls, and managed by dedicated IT organizations. To identify themselves, users would often enter complex, lengthy passwords when accessing such resources,…

Cloud Ready Threat Detection & Response

Organizations are leveraging third party cloud environments for increasingly critical data, applications, and infrastructure. The agility and potential cost savings that both public and private (virtual) clouds offer mean that the business can be more efficient and gain operational and financial advantages. While some organizations – dependent on vertical and “risk” appetite – may be…

Joining RSA’s Mission To Deliver Business-Driven Security – From RSA’s New President Rohit Ghai

I am delighted to be joining RSA at such an exciting and transformational time in the security industry. 2016 brought an unprecedented focus on the global cybersecurity situation. From the use of IoT vulnerabilities to halt the largest global websites, to politically motivated intrusions, to power grids being targeted – threats that were previously unimaginable…

Tales from the Black Hat NOC: Are We Broken?

Walking through the expo hall at Black Hat Europe was uplifting – if the vendor booths were to be believed, APT’s can be stopped in their tracks, Ransomware protection can be guaranteed, and phishing can become a term applied to lake activities again. All it requires is buying this tool! It made me wonder why people…