Blog

Upcoming Webinar: Database Activity Monitoring

By Adrian Lane
February 23rd (this Tuesday) at 12:00pm EST, I will be presenting “Understanding and Selecting a Database Activity Monitoring Solution” in a Webinar with Netezza. I’ll cover the basic value propositions of platforms, go over some of the key functional components to understand prior to an evaluation, and discuss some key deployment questions to address during a proof of concept. You can sign up for the Webinar here. We will take 10-15 minutes for Q&A, so you can send questions in ahead of time and I will try to address them within the slides, or you can submit

Friday Summary: February 19, 2010

By Rich
I’d like some fail, with a little fail, and a side of fail. Rothman was out in Phoenix this week for some internal meetings and to record some video segments that we will be putting out fairly soon. I have a slightly weird video recording and production setup, designed to make it super-fast and dirt easy for us to put segments together. I’ve tested most of it before, although I did add a new time saver right before Mike showed up. Yeah, you know where this is headed. First, the new thing didn’t work. It was so

What is Your Plan B?

By Mike Rothman
In what remains a down economy, you may be suspicious when I tell you to think about leaving your job. But ultimately in order to survive, you always need to have Plan B or Plan C in place, just in case. Blind loyalty to an employer (or to employees) died a horrendous death many years ago. What got me thinking about the whole concept was Josh Karp’s post on the CISO Group blog talking about the value of vulnerability management. He points out the issues around selling VM internally and some of those challenges. Yet the issues with VM

Incite 2/17/2010 - Open Your Mind

By Mike Rothman
I was in the car the other day with my oldest daughter. She’s 9 (going on 15, but that’s another story) and blurted out: “Dad, I don’t want to go to Georgia Tech.” Huh? Now she is the princess of non-sequiturs, but even this one was surprising to me. Not only does she have an educational plan (at 9), but she knows that GA Tech is not part of it. So I figured I’d play along. First off, I studied to be an engineer. So I wasn’t sure if she was poking at me, or what the deal

New Release: Understanding and Selecting a Database Assessment Solution

By Adrian Lane
The Securosis team is proud to announce the availability of our latest white paper: Understanding and Selecting a Database Assessment Solution. We’re very excited to get this one published – not just because we have been working on it for six months, but also because we feel that with a couple new vendors and a significant evolution in product function, the entire space needed a fresh examination. This is not the same old vulnerability assessment market of 2004 that revolved around fledgling DBA productivity tools! There are big changes in the products, but more importantly there are bigger changes in the

Network Security Fundamentals: Looking for Not Normal

By Mike Rothman
To state the obvious (as I tend to do), we all have too much to protect. No one gets through their list every day, which means perhaps the most critical skill for any professional is the ability to prioritize. We’ve got to focus on the issues that present the most significant risk to the organization (whatever you mean by risk) and act accordingly. I have’t explicitly said it, but the key to network security fundamentals is figuring out how to prioritize. And to be clear, though I’m specifically talking about network security in this series, the tactics

Friday Summary: February 12, 2010

By Adrian Lane
Chris was kind enough to forward me Game Development in a Post-Agile World this week. What I know about game development could fit on the the head of a pin. Still, one of the software companies I worked for was incubated inside a much larger video game development company. I was always very interested in watching the game team dynamics, and how they differed from the teams I ran. The game developers did not have a lot of overlapping skills and the teams were – whether they knew it or not – built around the classical “surgical team” structure. They was always

Database Security Fundamentals: Database Access Methods

By Adrian Lane
It’s tough to talk about securing database access methods in a series designed to cover database security basics, because the access attacks are not basic. They tend to exploit either communications media or external functions – taking advantage of subtleties or logic flaws – capitalizing on trust relationships, or just being very unconventional and thus hard to anticipate. Still, some of the attacks are right through an open front door, like forgetting to set a TNS Listener password on Oracle. I will cover the basics here, as well as a few more involved things which can be addressed with a few

The Death of Product Reviews

By Mike Rothman
As a security practitioner, it has always been difficult to select the ‘right’ product. You (kind of) know what problem needs to be solved, yet you often don’t have any idea how any particular product will work and scale in your production environment. Sometimes it is difficult to identify the right vendors to bring in for an evaluation. Even when you do, no number of vendor meetings, SE demos, or proof of concept installations can tell you what you need to know. So it’s really about assembling a number of data points and trying to do your homework

Choose Your Own Whitepaper Adventure (and Upcoming Papers)

By Rich
We are in the process of finalizing some research planning for the next few months, so I want to see if there are any requests for research out there. First, here are some papers we anticipate completing over the next 3 months: Understanding and Selecting a Database Encryption or Tokenization Solution Understanding and Selecting a Database Assessment Solution Project Quant for Database Security Quick Wins with DLP Pragmatic Data Security Network Security Fundamentals Endpoint Security Fundamentals Understanding and Selecting a SIEM/Log Management Product Understanding and Implementing Network Segregation Data Security for the Cloud Some of these are sponsored, some aren’
Page 211 of 319 pages ‹ First  < 209 210 211 212 213 >  Last ›