Introduction and Thoughts About Recent Surveillance “Revelations”
Hello everyone! I have been at Enterprise Management Associates for a couple of months now and decided that it is time to write an introduction and blog. For those of you who have been following the...
View ArticleRecent Surveillance “Revelations” Part 2- What can we do?
I hope you were able to read part 1 of this blog prior to coming to this part as it really sets the stage. Last week we all received reports on revelations that GCHQ (the rough British equivalent of...
View ArticleForeScout Technologies has a Knack for NAC (and more) with ControlFabric and...
Recently I briefed with ForeScout Technologies, a Network Admission/Access Control (NAC) vendor, to get an update on the CounterACT platform it has been delivering and developing for a few years and to...
View ArticleLast minute 2014 RSA Boycotts Hurt Attendees not RSA
With all of the negative attention that the NSA – RSA relationship (or deal) has been getting, many are fired up. If the deal went down anything like it has been reported by Reuters, then rightfully...
View ArticleSecurity Awareness Programs Are Not just For Compliance
I see a significant gap in not only how the need for Security Awareness training is perceived as needed but also in the general quality of the programs and training delivered vs other types of...
View ArticleCA Analyst Symposium- CA is Changing
I had an interesting experience a few weeks ago. I went to NYC to brief with CA Technologies. I spent a full day speaking in group sessions with some of its top executives including CEO, Mike...
View ArticleSymantec CyberWar Games Provide Valuable Cyber-Insight
The emotions oscillate between high frustration and high jubilation as I observe cyber-attack teams’ hacking activities against an unnamed financial institution… It’s the final day of the Symantec 2014...
View ArticleGaining Data Control with BYOD and Bluebox
What’s the issue with BYOD? Data Control… What’s the issue with Data Sharing? Data Control! Let’s face it, though it took an evolution of about 15 years, industry figured out that Data Management and...
View ArticleDell SecureWorks and Risk I/O team up to deliver a better kind of...
On April 23rd, 2014 Dell announced its new Vulnerability Threat Monitoring and Prioritization service delivered through the SecureWorks Counter Threat Platform. This managed service was created to...
View ArticleThoughts on Splunk .conf 2014
This week, Las Vegas hosted some 3500 people at the MGM Grand to mark Splunk .conf14, the annual user gathering for Splunk customers, referred to as “Splunkers”. For those of you not in the tech...
View ArticleDamballa and Bit9 + Carbon Black Collaborate to Deliver Better Security with...
In looking at the solutions available for threat protection (and detection), there are quite a few options out there. Some, like Damballa Failsafe, are network-based, vigilantly watching packets...
View ArticleCloud Security Alliance Hack-A-Thon and the Software Defined Perimeter
The Cloud Security Alliance (CSA) is a not-for-profit think tank of volunteers that spend their time trying to better the internet. These people are the antithesis of cybercriminals; they spend their...
View ArticleIs EMV an Expensive Security Misstep for the Payments Industry?
There is no disagreement that the current mag-stripe technology used in the USA and other countries outside of the EU is antiquated and lends itself to fraud. The data is easily copied using various...
View ArticleAllgress Insight Risk Management Suite Brings Flexibility and Functionality...
When I started out in security, only very large organizations with a mature set of business processes dared to talk about implementing some form of governance, risk, and compliance (GRC) or enterprise...
View ArticleBreach Detection, Sony Entertainment and Vectra Networks…
Working in information security for the past 20 years, I have seen a lot. Though there have been many multi-million dollar impact breaches, the recent Sony Pictures hack and subsequent data exposure...
View ArticleLeveraging Security Policy Orchestration to “Bake Security in” to SDDC...
I have a new guest blog just posted at for Tufin around Security Policy Orchestration. You can check it out here. It discusses the benefits to using Security Policy Orchestration when defining...
View ArticlePFP CyberSecurity Breaks on to the Scene to Identify Malware at the Chip Level.
A few weeks ago, I briefed with a new company called PFP Cybersecurity, also known as Power Fingerprinting, Inc., and was so intrigued by the concept alone that I wrote a Vendor to Watch about them....
View ArticleLeveraging User Activity Monitoring to Protect Information and Employees from...
Historically, many organizations and personnel have been concerned about user activity monitoring (UAM). Certain business cultures feel that these activities are an invasion of privacy or are...
View ArticleVectra Provides Pervasive Visibility & Analysis to Detect Cyber Attacks
Though cyber attacks have been around for years, in 2014 there was an explosion in the volume of attacks and a marked increase in the losses and damages they inflicted. In 2015, this does not seem to...
View ArticleThe Limits of Packet Capture
In preparation for my new ‘Achieving Hi-Fidelity Security’ research project, I thought I would post a relevant blog I wrote for InformationSecurityBuzz.com. I have packet capture data for forensics,...
View Article
More Pages to Explore .....