Wednesday, May 31, 2017

Derivatives of Blockchain

Holochains (http://ceptr.org/projects/holochain) and other derivatives are making their way into this new ecosystem.

It seems that IoMT and other tech that requires firmware to have high level of integrity are the best use cases.

Thursday, May 18, 2017

Dual of Cloud Silver Bullets: Aporeto vs RedLock

Both are flush w/ cash & both have stormed outta the gate for cloud security.

The question is who is there customer?  Many orgs have existing InfoSec investments that could be extended to the cloud via virtual appliances.  So, unless cloud security providers (CSPs) bundle these solutions in, I would think that large, Fortune 1000 companies wouldnt be early adopters.

TBD....

Monday, May 15, 2017

Ransomware & Incident Response: Thoughts from WannaCry, WannaCry2, & WannaCrypt0r

Lots of content has been created for detecting & dealing with ransomware; however, these past few days have seen a flurry of different attacks & thus require some specific after-action reports (AAR).

So, here are some observations / thoughts / notes:


  • Many orgs do not have the budget to ward off ransomware, including: 
    • Advanced threat protection (ATP) via: EDR, UBA / UEBA, UTM / NGFW / NGIPS / NGIDS
    • Virtualization to segment legacy tech: SDN, SDS, hyperconvergence
    • SIEM & TI
  • SETA & CSIRT awareness notifications were slow & ineffective
  • Close the patching gap....no more excuses
  • We'll see this level of pandemic / infestation again...this is just a start.
So, folks will see this level of attack again & its up to them to be proactive & respond accordingly.

Monday, May 8, 2017

CISO Leadership Academy is Coming Soon

Watch out for the CISO Leadership Program, which will formally start this June....