Thursday, April 28, 2016


If it comes to embracing one email-focused protection solution or another, what is best for an organization?

Many orgs solely deploy DLP for email due to an enterprise DLP purchase; however, does this protect against spear phising, whaling, or spamming?

Not really, especially if your DLP deployment is in its infancy.  With that said, email protections like DMAC & SPF will not work to prevent data loss without some type of content & context-aware solution (e.g., classification, labeling).

Thankfully, email-as-a-service (EmaaS) cloud providers include both services, while usually as an add-on service at an additional cost.

Wednesday, April 27, 2016

AWS Mobile Hub = Death of Local / Network-based DevOps?

With more organizations leveraging (at least) a cloud-first policy, is the time for local / network-based DevOps gone?

I suspect that the larger, internal development functions of Fortune 1000 firms wont change anytime soon.  However, the ecosystem between large and small is tightly coupled.  So, give it 5-10 years, and the local SCM repository will be gone.

Docker Security

Great blog post from CloudPassage below:

But what agents does one place on a container? 

  • File Integrity Monitoring (FIM)
  • Anti-virus / Malware
  • Logging / SIEM

Nice to Haves:
  • Edge Protection / Network Access Controls (NAC) - assuming a private cloud deployment
  • Data Loss Prevention (DLP) - only if an enterprise solution is deployed

Tuesday, April 26, 2016

SaaS (e.g., Cloud) Apps & Enterprise Security Architecture

Beyond extending formal enterprise security architecture (ESA) frameworks like SABSA, TOGAF, DoDAF, etc. to the cloud, organizations will have to choose on a strategy for implementing controls in the cloud as well.

Now, many cloud service providers (CSP) enumerate their safeguards on a high-level and say hands-off; however, more and more are either adding premium add-on security services (e.g., Shield, Office 365 DLP), or allow for the integration with third party solutions (e.g., Dropbox & CloudLock).

Pending the ubiquity of usage (i.e., enterprise-wide), industry, and / or amount of CSPs used, a hybrid strategy probably works best.  In this manner an organization can leverage enterprise access controls and monitoring via cloud access security broker (CASB) or enterprise mobility management (EMM) solutions, while leveraging native content awareness (e.g., DLP, RMS) or cryptography solutions as well. 

Friday, April 22, 2016

Whaling, Spear Phishing, Scamming.....oh my!

Orgs need to conduct red team-like exercises to benchmark their exposure to this stuff....big time!

Gotchas, and ah-hahs, are not necessary when conducting this testing.  Though identification for security education, training, & awareness (SETA) is.....

Wednesday, April 20, 2016

Ransomware Response & Red Teaming

Too many pen tests are more or less vulnerability scans.

So, how many orgs engage in the next logical step, red teaming?

Better yet, how many orgs engage a red team to test their incident response process & procedures for ransomware, malware, DDoS / DoS, APT, or brute forcing / rainbow attacks throughout the cyber kill chain (

As orgs progress w/ pen testing, red teaming, etc., they need to up the ante with more inclusive testing.

Tuesday, April 12, 2016

Cloud Service Providers & Retention

When it comes to using cloud services for business, it pays to know what retention policies can and will be leveraged, particularly for heavily regulated industries.  Below are the retention policies for the heavy hitters regarding cloud: 

For the retention policies of traditional cloud file storage, see below:

Here are the retention policies for popular cloud (e.g., SaaS) apps:

On Premise DLP for Cloud-first Organizations

More often than not cloud-first organizations still engage in on premise DLP projects.  The mentality being that on prem DLP has a solid use case (file shares, etc.).

With many orgs now leveraging Exchange Online or Gmail, as well as cloud file sharing (e.g., Box, Dropbox, OneDrive, Dive), is this the best strategy?

No, most of these orgs would be better off to first focus on:

  • Cloud App Security Brokers (CASB) solutions (e.g., CloudLock, Centrify)
  • Whole Disk Encryption / EMM / MDM (e.g., BitLocker / Intune, AirWatch)
  • Email / EDM DLP
  • Web Filtering DLP
After that, orgs should focus on these investments to tie up any residual risk:
  • Database Crypto
  • IRM / RMS / DRM
  • NAC / NAP