IBM Dances with Fortinet—Maybe…

By Mike Rothman
Ah, the investment bankers are circling again. Late Friday rumors started circulating about IBM discussions of acquiring Fortinet. With a weekend to stew and the gap open for Fortinet stock, it makes sense to think about what a potential deal means, right? Wrong. I’m pretty sure you have a lot to do. I’m also pretty sure that whether IBM buys Fortinet or not, you’ll still have a lot to do. If you are a Fortinet customer, you may have some impact. If you are an IBM customer or are still running ISS gear, you may have some

SQL Azure and 3 Pieces of Flair

By Adrian Lane
I have very little social life, so I spent my weekend researching trends in database security. Part of my Saturday was spent looking at Microsoft’s security model for the Azure SQL database platform. Specifically I wanted to know how they plan to address database and content security issues with their cloud-based offering. I certainly don’t follow all things cloud to the degree our friend Chris Hoff over at RationalSurvivability does, but I do attempt to stay current on database security trends as they pertain to cloud and virtual environments. Rummaging around MSDN, looking for anything new on SQL

Friday Summary: October 29, 2010

By Rich
What a wild few weeks. Talk about been there, done that, got the t-shirt. It all started October 9th, when I finally achieved a goal I’ve been chasing for well over a decade, and completed my first Olympic-distance triathlon. (1.5K swim, 40K bike, 10K run – those are distances, not dollar values). I first learned about triathlon when I was working as a medic for a race in Boulder – probably back in 1992. Being the young, aggressive type, I thought any sport where you write your number on your arms and legs in permanent ink had to be hard core. I

The Thing about Espionage

By Rich
Imagine you’re a young, skilled techie just starting your career. Maybe you’re fresh out of school, or still in an internship program. Or maybe you’ve been out of school for a few years, working your way up through various companies in the industry. You came from a normal background – possibly you thought about the military at some point, but the allure of working in technology drew you into the private sector. Your skills are solid, you produce at work, and you don’t get into any trouble beyond the usual for your age. Then one day you’

Incident Response Fundamentals: Roles and Organizational Structure

By Rich
In our last post we introduced some of the key principles of incident response. Today we will focus on the major roles and organizational structure. Organizational Structure As we return to our IT security focus, the incident response organization consists of two major kinds of resources: those dedicated completely to response, and those with other primary functions who get pulled into incidents as needed depending on the scope or nature. For example, the legal team isn’t necessarily involved in every incident, but clearly plays an important role in anything with legal or regulatory consequences. Also, a smaller organization might

SunSec Rises on November 3rd

By Rich
For those of you in the Phoenix area, or with way too many frequent flier miles and too much spare time, the Phoenix OWASP chapter is organizing a SunSec meetup after their meeting on November 3rd. It has been a long time since we had a real SunSec, after getting off to a good start a few years ago. This is a great excuse to meet up with local security folks over your favorite frosty beverages. SunSec will be held from 6:30 onward on November 3rd at SunUp Brewing.

Incite 10/27/2010: Traffic Ahead

By Mike Rothman
I saw an old friend last week, and we were talking about the business of Securosis a bit. One of the questions he asked was whether it’s a lifestyle business. The answer is that of course it is. Rich, Adrian, and I have done lots of things over the years and we all have independently come to the conclusion that we don’t want to work for big machines any more. We all have different reasons for that, and I was reminded of one of mine on Monday. Traffic. The mere mention of the word makes me cringe. Not

Incident Response Fundamentals: Incident Command Principles

By Rich
I know what you’re thinking to yourself right now: “They promised me a cool series of posts on the cutting edge of incident response, and now we’re talking management principles and boxes on an org chart? What a rip.” But believe it or not, the most important aspect of incident response is the right organization, followed by the right process. How do I know this? Because I’ve been through a ton of incident response training with local and federal agencies, and have directly responded to everything from single-rescuer ski accidents to Hurricane Katrina. (And a few IT

NSO Quant: The Report and Metrics Model

By Mike Rothman
It has been a long slog, but the final report on the Network Security Operations (NSO) Quant research project has been published. We are also releasing the raw data we collected in the survey at this point. The main report includes: Background material, assumptions, and research process overview Complete process framework for Monitoring (firewalls, IDS/IPS, & servers) Complete process framework for Managing (firewalls & IDS/IPS) Complete process framework for maintaining Device Health The detailed metrics which correlate with each process framework Identification of key metrics How to use the model Additionally, you can download and play around with

Everything You Ever Wanted to Know about DLP

By Rich
Way back when I converted Securosis from a blog into a company, my very first paper was (no surprise) Understanding and Selecting a DLP Solution. Three or so years later I worried it was getting a little long in the tooth, even though the content was all still pretty accurate. So, as you may have noticed from recent posts, I decided to update and expand the content for a new version of the paper. Version 1.0 is still downloaded on pretty much a daily basis (actually, sometimes a few hundred times a month). The biggest areas of expansion were a revamped
Page 185 of 324 pages ‹ First  < 183 184 185 186 187 >  Last ›