ADCs are load balancers on steroids (SSL offloading, enhanced compression / bandwidth utilization, WAF, reverse proxy, DDoS protections), while dedicated load balancers perform pure round robin transaction sharing.
For cloud-based apps, elastic load balancers (ELB) maybe consumed as a dedicated service (along w/ separate services: WAF, reverse proxy), while on premise Web apps should be leveraging an ADC for pure consistency & economy of scale reasons.
Tuesday, January 17, 2017
Sunday, January 15, 2017
How Many Threat Intelligence (TI) Feeds Are Enough?
MSSPs aside (as they can more easily achieve economies of scale), how many TI feeds should an internal SOC leverage?
Well, that depends on the quality of information. With that said, several open source & commercial / subscription feeds would not hurt for cross-reference purposes.
Here are some feeds worthy of consideration:
Well, that depends on the quality of information. With that said, several open source & commercial / subscription feeds would not hurt for cross-reference purposes.
Here are some feeds worthy of consideration:
- US-CERT
- CTIN
- Optiv
- Facebook ThreatExchange
- Crowstrike
- AlienVault
- SSLBL
- ZeuS Tracker
- Palevo Tracker
- Malc0de
- Binary Defense Systems
- Carbon Black / Bit9
- ThreatQuotient
- Anomali / ThreatStream
- ThreatConnect
Monday, January 9, 2017
ICSA, UL, CC....oh my! Do product certs mean anything?
Many (e.g., ISC2) certified pros will know CC (Common Criteria) for U.S. federal govt systems, but ICSA Labs (Verizon) & UL (Underwriters Labs) provide CC-like ratings too.
Who cares? Well, these certs can be a benchmark, though many products that have achieved C&A ratings have been found to have backdoors. So, they're imperfect, but better than nothing.
Who cares? Well, these certs can be a benchmark, though many products that have achieved C&A ratings have been found to have backdoors. So, they're imperfect, but better than nothing.
RASP or No RASP
Many orgs these days, especially regulated one's (and most are regulated), use some type of (dynamic) application security scanning tool (DAST: Qualys, Acunetix, WhiteHat) for Web application security.
With that said, fewer use edge protection solutions (e.g., WAF, DDoS) to "Band-Aid" findings, and fewer use static analyzers (SAST: CheckMarx, HPE Fortify, IBM AppScan) to find problems before they go to QA or into production.
So, a while back firms like Prevoty & HPE (& others now, like Immunio) have launched runtime application self-protection (RASP) solutions to further protect Java & .NET applications. But what about Perl, Python, MEAN, LAMP, etc.?
That's where an argument against RASP comes in. At the end of the day, a solid secure development lifecycle (SDL), and existing investments should help negate the need for RASP. Though, many orgs struggle to fix legacy bugs, let alone to fix w/in an acceptable remediation window.
Therefor, RASP, or no RASP, solely depends on the technology stack & time to remediate.
With that said, fewer use edge protection solutions (e.g., WAF, DDoS) to "Band-Aid" findings, and fewer use static analyzers (SAST: CheckMarx, HPE Fortify, IBM AppScan) to find problems before they go to QA or into production.
So, a while back firms like Prevoty & HPE (& others now, like Immunio) have launched runtime application self-protection (RASP) solutions to further protect Java & .NET applications. But what about Perl, Python, MEAN, LAMP, etc.?
That's where an argument against RASP comes in. At the end of the day, a solid secure development lifecycle (SDL), and existing investments should help negate the need for RASP. Though, many orgs struggle to fix legacy bugs, let alone to fix w/in an acceptable remediation window.
Therefor, RASP, or no RASP, solely depends on the technology stack & time to remediate.
IoT Architectures & Solution Providers
As IoT gains steam towards critical mass & orgs look to embrace it, mgmt. must ask how to deploy it properly (e.g., design patterns: http://www.internet-of-things-research.eu/pdf/Converging_Technologies_for_Smart_Environments_and_Integrated_Ecosystems_IERC_Book_Open_Access_2013.pdf) & whom to leverage for SME-based services.
Amazon, Microsoft, & Cisco (among others) have now rolled out IoT mgmt. svcs; so, who to use?
Well, if an org has a considerable investment in one of these providers then go ahead & continue on. But, if not, the question begs who do we leverage for authentication? If an org has Cisco ISE deployed already, then leverage that. Otherwise, stay w/ a cloud solution.
Thursday, January 5, 2017
Integrated Crypto (e.g., TDE, DDM) vs Enterprise Crypto / PKI
While it may be convenient to deploy integrated crypto / PKI solutions for sensitive data stores (e.g., PII, ePHI, PKI) via TDE / DDM, more and more data leaves local databases and / data stores & goes to the cloud.
This is where an enterprise PKI solution will help organizations. With holistic solutions, a tokenized, sensitive data element can proliferate / travel through the cloud or w/in an enterprise while still protected.
While expensive, highly visible, and risky, these endeavors will truly protect an organization from data breach / loss, etc.
This is where an enterprise PKI solution will help organizations. With holistic solutions, a tokenized, sensitive data element can proliferate / travel through the cloud or w/in an enterprise while still protected.
While expensive, highly visible, and risky, these endeavors will truly protect an organization from data breach / loss, etc.
Tuesday, January 3, 2017
Why Enterprise DLP Solutions Will Go Away
Large, traditional, enterprise DLP deployments will go away as organizations look to leverage multiple, integrated DLP solutions. The reasons for this include:
With that said, the real question is what else will be migrated away from on premise?
- A focus on cloud & mobile solutions, & a migration away from on premise
- Consolidation of vendor solution capabilities (e.g., CASB, DLP, DCAP, RMS, DMARC, SPF)
- Portable / interoperable policies / rules (e.g., SCAP, CTP)
- A focus on agile deployments
- Cost / economies of scale
With that said, the real question is what else will be migrated away from on premise?
Subscribe to:
Posts (Atom)