Monday, June 25, 2018

Cloud Visibility

With more organizations going to the cloud, with shadow IT, and with GDPR requirements cloud visibility seems to be the latest fad....

Microsoft & Amazon picked up on this several years ago, thus Azure Info Protection (AIP) and AWS Macie but, that does not cover them together or Google / Salesforce / Rackpsace.

So, expect this area to gain traction for several more years...

Saturday, June 23, 2018

Incident Response v.2.0: Partner Office 365 (O365) Compromise

As more ecosystems move to Microsoft's Office 365 it seems necessary to create an IR playbook for O365 compromises.

Said playbook should include proper responses.

Tasks to perform should include:


  • Disabling established trusts
  • Quarantining emails / messages
  • Establishing enhanced security policies / black lists
  • Calibrating monitoring / notification rules



Wednesday, March 21, 2018

Facebook, Cambridge Data Compromise Should Not Surprise Consumers

Facebook is receiving bad press due to compromised consumer data by a Cambridge-based analytics firm for political purposes.

Frankly, this should not be news as social media outlets, and free online services (email, vlogs, blogs), use subscribing advertisers to generate their revenue by selling the (supposed to be anatomized) data.  Said data extraction models have been the point of episodes on shows like Netflix's House of Cards. 

Regardless, the sensitive data is supposed to be masked.  And how obfuscated said data is, is often a matter of debate.

So, the questions is, will the US get serious about data privacy now and / or will consumers migrate from these services in droves?

TBD....

Friday, February 23, 2018

Metrics for Risk Management & Cybersecurity

A book by the name of How to Measure Anything in Cybersecurity Risk articulates enhanced metrics (versus impact & likelihood) via Bayesian models.

However, sans cyber insurers & actuaries, most risk management / cybersecurity functions struggle with the most simple metrics.  That happens due to a lack of technical key risk indicators (KROs) agreed to by the business.


While quantitative analysis can help derive budgeting priorities, most organizations are simply not mature enough to know the qualitative gaps within their enterprise. 

Friday, February 16, 2018

Hypervisor Replication for Virtualization Security

Vendors like Bracket & BitDefender are rolling out virtualization security solutions meant for hybrid cloud deployment to negate rootkits & chip-based exploits (Spectre, Meltdown).

However, comprehensive coverage / support seems limited & you would think that the big cloud service providers (CSPs: AWS, MSFT Azure, GCP) have hardened their own hypervisors already.

VMware's partnership w/ AWS could pave the way for hardened hypervisors that can lift & shift among on / off prem deployments.

Wednesday, December 20, 2017

Smart Home / IoT, Threat & Vulnerability Management (TVM) & B2C Delineation for Vendors

As the smart home becomes a reality (https://www.theverge.com/2017/12/20/16799918/homekit-vulnerability-details) so does the need to monitor & patch said smart home.

But, who from a vendor standpoint will own that market / responsibility (ISPs, Utilities, Alarm / Physical Security, AV software vendors, separate vendors: Amazon / Apple / Google / Staples: Geek Squad, B2C MSSPs / SOCs)?

The answer will vary depending on the jurisdiction / age of the house, though this wrestling match is sure to come.

So, wait & see how this shakes out, because change is coming for sure.

Thursday, October 26, 2017

Are mobile app reputation services (MARS) legit?

Should enterprises invest in mobile security solutions explicitly for ranking the trust model of some apps?

It depends on what your use cases, requirements, user base, & relevant jurisdictions are.  However, most orgs should not need a MARS solution as MDM, MAM, & even MTD should be able to handle most threats.