In danger of oversimplifying, this post will discuss the potential for building versus buying security solutions.
Some vendors who shall remain anonymous come in awfully high for security solutions. Due to this, some smaller shops will want to go with building SIEM, GRC, or WAF solutions. With that said, SMBs must realize that these tools require TLC to remain secure.
Note that an organization may be able to report compliance with PCI, etc. though they may not be able to keep secure.
Monday, February 1, 2016
Friday, January 29, 2016
SOAP/WCF...just die already!
To paraphrase Walter White's son in the TV show Breaking Bad, "just die" SOAP & WCF.
While RESTful and JSON APIs are not a silver bullet, they are certainly better than SOAP & WCF,
I am sure that AJAX and XML will live on, but SOA needs to pass the torch.
While RESTful and JSON APIs are not a silver bullet, they are certainly better than SOAP & WCF,
I am sure that AJAX and XML will live on, but SOA needs to pass the torch.
Thursday, January 28, 2016
WAF/MDM/2FA/CAPTCHA/DLP/SSL/... Bypass
It is extremely important to test out the effectiveness of your compensating controls.
Many organizations have rested on their laurels after implementing one of the tools above only to experience a data breach.
A cynic might say that this is the difference between compliance and information security.
Many organizations have rested on their laurels after implementing one of the tools above only to experience a data breach.
A cynic might say that this is the difference between compliance and information security.
Wednesday, January 27, 2016
More Than SIEM (VSOC, SOC) - Threat Intelligence
In contemporary times it is no longer enough for an organization to simply collect data in a SIEM (on-premise, cloud/VSOC, SOC).
This data must be analyzed and correlated with national, industry, and association-based threat intelligence to determine attack vectors and action items.
In other words, it is essential for us to move beyond security compliance to stop subsequent data breaches.
This data must be analyzed and correlated with national, industry, and association-based threat intelligence to determine attack vectors and action items.
In other words, it is essential for us to move beyond security compliance to stop subsequent data breaches.
Tuesday, January 26, 2016
DDoS Prevention: Build vs Buy
In light of the recent DDoS atatcks against the Irish government, it is prudent that organizations take steps to prevent DDoS attacks.
Such attacks may affect either layer 7 or layer 4 of an organization's technology stack, and therefore solutions should be put in place to cover both attack vectors.
Many organizations leverage cloud-based solutions, such as: Imperva Incapsula, Cisco OpenDNS, or F5 Silverline. However, an organization can leverage more cost effective solutions as well, like: ModSecurity (with a commercial license from SpiderLabs for layer 7 protections) and iptables (for layer 4 protections).
Such attacks may affect either layer 7 or layer 4 of an organization's technology stack, and therefore solutions should be put in place to cover both attack vectors.
Many organizations leverage cloud-based solutions, such as: Imperva Incapsula, Cisco OpenDNS, or F5 Silverline. However, an organization can leverage more cost effective solutions as well, like: ModSecurity (with a commercial license from SpiderLabs for layer 7 protections) and iptables (for layer 4 protections).
Thursday, September 24, 2015
Apple iOS Malware
As detailed here, http://appleinsider.com/articles/15/09/24/apple-lists-top-25-apps-affected-by-xcodeghost-malware-infiltration, a group of iOS apps have been published to the app store with malware.
The concern here is whether causation versus correlation is at play here, as many of these apps were for the Chinese market.
Did the malware exploit a more forgiving vetting process from Apple due to complexities with encoding for Mandarin and / or Cantonese? Or, is it a more general issue regarding the vetting of apps for the Asian market?
Regardless, Apple products are no longer under the radar for security concerns, and we should act appropriately.
The concern here is whether causation versus correlation is at play here, as many of these apps were for the Chinese market.
Did the malware exploit a more forgiving vetting process from Apple due to complexities with encoding for Mandarin and / or Cantonese? Or, is it a more general issue regarding the vetting of apps for the Asian market?
Regardless, Apple products are no longer under the radar for security concerns, and we should act appropriately.
Monday, May 4, 2015
AFNetworking, Certs & MITM
Though Apple's iOS AFNetworking vulnerability is several weeks old, I am reminded of the need for IT professionals to constantly be intellectually curious. To clarify, it never hurts to stay current on crypto libraries & CA logistics even if these are outsourced.
Furthermore, it remains necessary for InfoSec/AppSec professionals to stay slightly paranoid about exploits via threat modelling, etc. Years after, the industry is still challenged by MITM exploits/vulnerabilities.
Furthermore, it remains necessary for InfoSec/AppSec professionals to stay slightly paranoid about exploits via threat modelling, etc. Years after, the industry is still challenged by MITM exploits/vulnerabilities.
Subscribe to:
Posts (Atom)