Monday, September 19, 2016

SaaS AI & Privacy

Salesforce's AI platform, Einstein (https://www.salesforce.com/products/einstein/overview/), may present some privacy concerns.

As a SaaS service the question begs on whether multi-tenancy data will be included in the analysis.

Will GDPR, U.S., Privacy Shield, HIPAA, PCI DSS requirements be included?  If so, it would behoove Salesforce to include details on de-identification.

Friday, September 16, 2016

Leveraging ITIL PPT for GRC, TVM, & DevSecOps / InfoSecOps

Many orgs now have some form of ITIL investment (PPT) in place (e.g., ServiceNow: SNOW, ServiceDesk, SAP Ariba) these days.

Why not leverage that for PCI DSS / GPDR / HIPAA / Privacy Shield compliance, let alone for other purposes (e.g., TVM, DevSecOps / InfoSecOps)?

Many ITIL tools have workflows that can automate tracking, reporting, etc.

Leverage existing tools for data processing in your ecosystem, and your ROI will increase dramatically.

Wednesday, September 14, 2016

Incident Response vs Digital Forensics

When an incident / event has happened that may turn into a full-scale breach it is best to ascertain (via a defined process / guide like 800-61) whether or not to engage in digital forensics or not.

However, beyond firing up forensic kits / tools like Sleuth / Autopsy, forensic activities may have adverse consequences as operations may be affected.

Many orgs want to be safe vs sorry, so they engage in forensics to check if there was a breach, though this may be not needed and may even be construed as impetuous.

Predicated on a quick notification on the event due to proper security education, awareness, and training (SETA); initial, cursory actions may be all that is needed.  At least, initially.

Monday, September 12, 2016

Open-Source IDS Comparison (Bro vs. Snort)

After installing and running both open-source Bro and Snort IDS deployments on Ubuntu 15.04, the pros and cons are clear.

Snort is easier to get up and running, while more limited in functionality.

Bro has more functionality, but Bro is more difficult to configure and consumes more resources.

Friday, September 9, 2016

(Application) Container Movement

With Cisco acquiring ContainerX on their security spree, Docker now looks to monetize its solution (Pied Piper-style, yes, from HBO).  However, the scuttlebutt is that an open-source fork (of Docker) will be created to keep the open-source dream alive.

So, what is next?  Will Twistlock be acquired too?  By Dell, perhaps?  TBD...

Tuesday, September 6, 2016

Mine Your Scanning / Audit Data

Like the article below suggests, orgs need to analyze the data from past endeavors focused on scanning / auditing for next-gen protections.

http://www.darkreading.com/analytics/the-new-security-mindset-embrace-analytics-to-mitigate-risk/a/d-id/1326812?

Anti-malware, user-behavior (anomaly detection), and signatures are great, but take interest with what scans / audits of your past have shown with gaps / attack vectors.