Is EMV an Expensive Security Misstep for the Payments Industry?

By David Monahan on Dec 8, 2014 10:04:28 AM

There is no disagreement that the current mag-stripe technology used in the USA and other countries outside of the EU is antiquated and lends itself to fraud. The data is easily copied using various methods from manual card data copying and shoulder surfing, to database compromise and POS terminal malware.  Cards can be reproduced with off-the-shelf plastic blanks and a simple machine you can buy on the Internet.

Continue Reading

Cloud Security Alliance Hack-A-Thon and the Software Defined Perimeter

By David Monahan on Nov 7, 2014 11:00:31 AM

The Cloud Security Alliance (CSA) is a not-for-profit think tank of volunteers that spend their time trying to better the internet. These people are the antithesis of cybercriminals; they spend their energy trying to figure out ways to make our data safer. They create best practices for providing security assurance within cloud computing, or in this case, they determine how a cloud environment can be used to enhance and scale authentication for a service that can be cloud-based or private data center-based.

Continue Reading

Damballa and Bit9 + Carbon Black Collaborate to Deliver Better Security with More Context

By David Monahan on Oct 28, 2014 1:54:17 PM

 

Continue Reading

Thoughts on Splunk .conf 2014

By David Monahan on Oct 24, 2014 10:43:42 AM

This week, Las Vegas hosted some 3500 people at the MGM Grand to mark Splunk .conf14, the annual user gathering for Splunk customers, referred to as “Splunkers”. For those of you not in the tech industry, spelunking, or the act of exploring caves, may come to mind. The theme of the conference was not cave exploration, but data exploration; however, the analogy of cave exploration actually aligns very well. “Splunkers” are diving into their data, delving deep into places that many have never explored before. Each of them finding new and cool ways to use the data that they have been collecting for years, just-in-case they ever needed it.

Continue Reading

Dell SecureWorks and Risk I/O team up to deliver a better kind of Vulnerability Management

By David Monahan on Apr 29, 2014 11:56:20 AM

On April 23rd, 2014 Dell announced its new Vulnerability Threat Monitoring and Prioritization service delivered through the SecureWorks Counter Threat Platform.  This managed service was created to expand the current Vulnerability Management offerings and increase customer value by creating the ability for customers to integrate their own vulnerability management systems.  With the additional context provided through Risk I/O, remediation and mitigation prioritization are done less in a bubble of the operational environment and more in context with the Internet threat universe.

Continue Reading

Gaining Data Control with BYOD and Bluebox

By David Monahan on Apr 22, 2014 10:51:06 AM

What’s the issue with BYOD? Data Control… What’s the issue with Data Sharing? Data Control!

Continue Reading

Symantec CyberWar Games Provide Valuable Cyber-Insight

By David Monahan on Mar 3, 2014 6:40:11 PM

The emotions oscillate between high frustration and high jubilation as I observe cyber-attack teams’ hacking activities against an unnamed financial institution…

Continue Reading

CA Analyst Symposium- CA is Changing

By David Monahan on Mar 3, 2014 6:39:56 PM

I had an interesting experience a few weeks ago.  I went to NYC to brief with CA Technologies.  I spent a full day speaking in group sessions with some of its top executives including CEO, Mike Gregoire, EVP Technology and Development, Peter Griffiths, EVP Strategy and Corporate Development Jacob Lamm, as well as a 1 on 1 meeting with GM of Security Management Mike Denning,.  I found their discussions and candor on the changes and advancements within CA VERY refreshing; more so than I would have expected from what I perceived as a “monolithic behemoth” such as CA.
Continue Reading

Security Awareness Programs Are Not just For Compliance

By David Monahan on Jan 16, 2014 8:35:20 PM

I see a significant gap in not only how the need for Security Awareness training is perceived as needed but also in the general quality of the programs and training delivered vs other types of training.  In many cases small companies avoid security awareness training due to ignorance, cost fears, or fears it will stifle their culture of creativity.  This research project is structured to give CIO’s, CISO’s, and other security and IT managers the data to motivate them to provide in security awareness training programs thereby bringing about change in their organizations.

Continue Reading

Last minute 2014 RSA Boycotts Hurt Attendees not RSA

By David Monahan on Jan 16, 2014 8:35:19 PM

With all of the negative attention that the NSA – RSA relationship (or deal) has been getting, many are fired up.  If the deal went down anything like it has been reported by Reuters, then rightfully so.  However, the last minute boycotts of the RSA event to show disapproval are a bit much.

Continue Reading
  • There are no suggestions because the search field is empty.

Lists by Topic

see all

Posts by Topic

see all

Recent Posts