I have a new guest blog just posted at for Tufin around Security Policy Orchestration. You can check it out here.
Leveraging Security Policy Orchestration to “Bake Security in” to SDDC Environments
Topics:
Data center
IT Management
David Monahan
Scott Crawford
SDDC
security
Security
Security Policy Orchestration
software-defined data centers
Continue Reading
Breach Detection, Sony Entertainment and Vectra Networks…
Working in information security for the past 20 years, I have seen a lot. Though there have been many multi-million dollar impact breaches, the recent Sony Pictures hack and subsequent data exposure and extortion is probably the most impactful to a company out of the previous breaches this year.
Topics:
IT Management
breach detection
Cyberwarfare
David Monahan
Federal Bureau of Investigation
Hack
Hackers
National security
North Korea
Scott Crawford
security
Security
Sony
Vectra Networks
Continue Reading
Allgress Insight Risk Management Suite Brings Flexibility and Functionality to IT-GRC
When I started out in security, only very large organizations with a mature set of business processes dared to talk about implementing some form of governance, risk, and compliance (GRC) or enterprise program (e-GRC). They generally did it in an attempt to get ISO or similar certification, or to “move their programs to the next level,” and some, I think, attempted it just to prove they did it. Many of those efforts were monumental, costing millions of dollars and taking years to complete. However, a significant number seemed to end in compromise, yielding a smaller end result or totally failing after thousands of man hours and millions of dollars for software, systems, and consulting had been spent.
Topics:
Apps
Data management
Governance
IT Management
Software as a service
and Compliance (GRC)
Application software
David Monahan
Risk
Risk management
Scott Crawford
security
Security
Continue Reading
Is EMV an Expensive Security Misstep for the Payments Industry?
There is no disagreement that the current mag-stripe technology used in the USA and other countries outside of the EU is antiquated and lends itself to fraud. The data is easily copied using various methods from manual card data copying and shoulder surfing, to database compromise and POS terminal malware. Cards can be reproduced with off-the-shelf plastic blanks and a simple machine you can buy on the Internet.
Topics:
IT Management
IT management
David Monahan
EMV
Europay International
MasterCard
Scott Crawford
security
Security
Security management
Continue Reading
Cloud Security Alliance Hack-A-Thon and the Software Defined Perimeter
The Cloud Security Alliance (CSA) is a not-for-profit think tank of volunteers that spend their time trying to better the internet. These people are the antithesis of cybercriminals; they spend their energy trying to figure out ways to make our data safer. They create best practices for providing security assurance within cloud computing, or in this case, they determine how a cloud environment can be used to enhance and scale authentication for a service that can be cloud-based or private data center-based.
Topics:
Application programming interface
Alex Hawkinson
Android (operating system)
Apple Inc.
Cloud Security Alliance
IBM
Internet of Things
cloud computing
IT Management
BitDefender
Board of directors
David Monahan
Scott Crawford
Security
Continue Reading
Damballa and Bit9 + Carbon Black Collaborate to Deliver Better Security with More Context
Topics:
Carbon Black
Damballa
IP address
IT Management
Bit9 + Carbon Black
David Monahan
Internet service provider
Scott Crawford
security
Security
Continue Reading
Thoughts on Splunk .conf 2014
This week, Las Vegas hosted some 3500 people at the MGM Grand to mark Splunk .conf14, the annual user gathering for Splunk customers, referred to as “Splunkers”. For those of you not in the tech industry, spelunking, or the act of exploring caves, may come to mind. The theme of the conference was not cave exploration, but data exploration; however, the analogy of cave exploration actually aligns very well. “Splunkers” are diving into their data, delving deep into places that many have never explored before. Each of them finding new and cool ways to use the data that they have been collecting for years, just-in-case they ever needed it.
Topics:
Data Mining
IT Management
David Monahan
Information security operations center
Microsoft SharePoint
Scott Crawford
security
Security
Splunk
Continue Reading
Dell SecureWorks and Risk I/O team up to deliver a better kind of Vulnerability Management
On April 23rd, 2014 Dell announced its new Vulnerability Threat Monitoring and Prioritization service delivered through the SecureWorks Counter Threat Platform. This managed service was created to expand the current Vulnerability Management offerings and increase customer value by creating the ability for customers to integrate their own vulnerability management systems. With the additional context provided through Risk I/O, remediation and mitigation prioritization are done less in a bubble of the operational environment and more in context with the Internet threat universe.
Topics:
Dell
Dell SecureWorks
Ed Bellis
Jeff Heuer
Managed services
IT Management
Customer
David Monahan
Scott Crawford
SecureWorks
Security
Vulnerability management
Continue Reading
Gaining Data Control with BYOD and Bluebox
What’s the issue with BYOD? Data Control… What’s the issue with Data Sharing? Data Control!
Topics:
Bluebox
BYOD
Caleb Sima
February
Mobile device management
IT Management
blueboxsecurity
Bring your own device
David Monahan
Scott Crawford
security
Security
Continue Reading
Symantec CyberWar Games Provide Valuable Cyber-Insight
The emotions oscillate between high frustration and high jubilation as I observe cyber-attack teams’ hacking activities against an unnamed financial institution…
Topics:
California
CyberWar Games
Kapuria
IT Management
David Monahan
Games
Mountain View California
Samir Kapuria
Scott Crawford
Security
Security Operations Center
Symantec
Continue Reading
