Showing posts with label TVM. Show all posts
Showing posts with label TVM. Show all posts

Thursday, August 17, 2017

Orchestration is Great, But is it Secure

DevOps / DevSecOps are all the current rage, and that is great, but how secure is your environment?

Chef, Puppet, and others offer automation and orchestration, but have those environments been secured via IAM, TVM, and architectural perspective?  While these solutions offer add-ons, a secure design and incorporating the right controls from the get go, will help dramatically.
Posted by at No comments:
Labels: , , , , , , , , ,

Friday, September 16, 2016

Leveraging ITIL PPT for GRC, TVM, & DevSecOps / InfoSecOps

Many orgs now have some form of ITIL investment (PPT) in place (e.g., ServiceNow: SNOW, ServiceDesk, SAP Ariba) these days.

Why not leverage that for PCI DSS / GPDR / HIPAA / Privacy Shield compliance, let alone for other purposes (e.g., TVM, DevSecOps / InfoSecOps)?

Many ITIL tools have workflows that can automate tracking, reporting, etc.

Leverage existing tools for data processing in your ecosystem, and your ROI will increase dramatically.
Posted by at No comments:
Labels: , , , , , , , , , , , ,

Friday, August 26, 2016

Are open-source SIEMs worth it?

Between SIEMonster, ELK, & OSSIM, there are several options out there for open-source SIEMs.

But, is the juice worth the squeeze?

Between cloud first strategies for SMBs & enterprises (many CSPs / IaaS providers offer add-on SIEM / ATP services), as well as the prevalence of MSSPs / SOCs, one may wonder if open-source SIEMs will ever hit critical mass?

Regardless, someone keeps building these solutions.  So, there is demand.  Also, startups may want to crawl before they sprint regarding TVM & SecEng.
Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)