Friday, February 23, 2018

Metrics for Risk Management & Cybersecurity

A book by the name of How to Measure Anything in Cybersecurity Risk articulates enhanced metrics (versus impact & likelihood) via Bayesian models.

However, sans cyber insurers & actuaries, most risk management / cybersecurity functions struggle with the most simple metrics.  That happens due to a lack of technical key risk indicators (KROs) agreed to by the business.

While quantitative analysis can help derive budgeting priorities, most organizations are simply not mature enough to know the qualitative gaps within their enterprise. 

Friday, February 16, 2018

Hypervisor Replication for Virtualization Security

Vendors like Bracket & BitDefender are rolling out virtualization security solutions meant for hybrid cloud deployment to negate rootkits & chip-based exploits (Spectre, Meltdown).

However, comprehensive coverage / support seems limited & you would think that the big cloud service providers (CSPs: AWS, MSFT Azure, GCP) have hardened their own hypervisors already.

VMware's partnership w/ AWS could pave the way for hardened hypervisors that can lift & shift among on / off prem deployments.