Does it make sense to implement a dedicated MFT environment?
http://docs.media.bitpipe.com/io_13x/io_130983/item_1359879/axway_datasheet_securetransport_en.pdf
It depends on the org & architecture; however, most orgs could do without.
Healthcare, insurance, fin svcs, or legal orgs may need these, though many will probably be better off using SFTP / FTPS or EDI in a pointed manner.
Monday, June 20, 2016
Wednesday, June 15, 2016
SIEMs / IPS Alone No Longer Work
Advanced threat protection (ATP), or a MSSP / SOC, versus solely SIEM deployments, are needed now more than ever.
https://www.bluecoat.com/documents/download/8540d91b-b8d6-4be6-b0d0-7ed23c897764/0184e57d-7c34-4851-8266-2b430d93a3c6
Most orgs do not do a great job on log analysis, or malware / APT / phishing prevention, so it is well advised that outsourced ATP services be engaged, at least temporarily.
https://www.bluecoat.com/documents/download/8540d91b-b8d6-4be6-b0d0-7ed23c897764/0184e57d-7c34-4851-8266-2b430d93a3c6
Most orgs do not do a great job on log analysis, or malware / APT / phishing prevention, so it is well advised that outsourced ATP services be engaged, at least temporarily.
Monday, June 13, 2016
IoT Medical Device / Wearable Push-back
The AMA is pushing back on the proliferation of IoT medical device & wearables.
Now, this a is a culture issue between clinicians & technicians, though a breach will provide all too much ammo for further friction.
http://www.forbes.com/forbes/welcome/#4c6f247f1f72
Security requirements have been and will continue to be extremely important for IoT assimilation & use.
Now, this a is a culture issue between clinicians & technicians, though a breach will provide all too much ammo for further friction.
http://www.forbes.com/forbes/welcome/#4c6f247f1f72
Security requirements have been and will continue to be extremely important for IoT assimilation & use.
Friday, June 10, 2016
Web App Password Protections
Whether using AD / IDaaS / LDAP / RDBMS / NoSQL, etc. to store your web app credentials, an org needs to ensure that these are secured while at rest. And yes, while a no brainer, many orgs do not.
Whole disk / volume-based encryption is a start for all deployments, especially transparent data encryption (TDE) solutions using the KMIP for interoperability between on or off prem.
For those who follow the belt-and-suspenders model, tokenization, salted hashes, or symmetric encryption are all options for data at rest (DAR).
For deployments (NoSQL) where organic encryption functionality may not be available, add-on algorithms (Bcrypt) may be utilized.
Whole disk / volume-based encryption is a start for all deployments, especially transparent data encryption (TDE) solutions using the KMIP for interoperability between on or off prem.
For those who follow the belt-and-suspenders model, tokenization, salted hashes, or symmetric encryption are all options for data at rest (DAR).
For deployments (NoSQL) where organic encryption functionality may not be available, add-on algorithms (Bcrypt) may be utilized.
Stop the Emails
Email technologies are a tool to complement conversations, not supplement them.
In a global, distributed workforce it may seem easier to email away, but don't.
IMs, phone or face-to-face chats will always be more productive.
In a global, distributed workforce it may seem easier to email away, but don't.
IMs, phone or face-to-face chats will always be more productive.
Tuesday, June 7, 2016
Soft Skills
We all need to "sharpen the saw" of our soft skills regularly. With that said, I am constantly in awe of the amount of managers who shy away from mentoring junior staff on said soft skills.
Beyond that, Toastmasters, project management, & Dale Carnegie training should be regularly reinforced to those who show potential.
Develop your people or they will certainly leave you. To reiterate, they will certainly leave you, maybe not the company.
Beyond that, Toastmasters, project management, & Dale Carnegie training should be regularly reinforced to those who show potential.
Develop your people or they will certainly leave you. To reiterate, they will certainly leave you, maybe not the company.
Wednesday, June 1, 2016
Stop Using IE / Edge
http://searchsecurity.techtarget.com/news/450297353/Ingenious-attack-mixes-memory-deduplication-with-Rowhammer
Chrome / Safari / Firefox should be the preferred browser for orgs these days.
Use IE / Edge sparingly for Web apps that only support those browsers.
Chrome / Safari / Firefox should be the preferred browser for orgs these days.
Use IE / Edge sparingly for Web apps that only support those browsers.
Subscribe to:
Posts (Atom)