While open-source honeypots have been around for a while (e.g., conpot, t-pot, honeyd) commercial honeypots are now coming to realization.
Examples include Cymmetria's MazeRunner (https://www.cymmetria.com/) or Ridgeback's Deception Platform (http://www.ridgebacknet.com/).
Sunday, July 31, 2016
Friday, July 29, 2016
SPF, DMARC, or both?
Most orgs have email filtering in the way of sender policy framework (SPF: http://www.openspf.org/), though some seem to omit the use of domain-based message authentication reporting and conformance (DMARC: https://dmarc.org/).
While a belt and suspenders approach may not fit all budgets, in the wake of email-based malware, it may behoove orgs to use both...
While a belt and suspenders approach may not fit all budgets, in the wake of email-based malware, it may behoove orgs to use both...
Dart: Google's New Web Procedural Language
So, Google has announced that they are rolling out a new web procedural language called Dart, which strikes my fancy as I wonder if security was built from the ground up.
Specifically, IAM, encryption/hashing, prepared statements/input validation, enhanced error/exception checking all come to mind as points I hope they considered.
We will see.
Cloud Computing & ROI
I have spent several hours today reading about various takes on calculating the ROI on cloud computing and the consensus seems to be that it is nebulous. Though, one can break down the cloud into various buckets, such as: hardware, software administration, provisioning, etc.
These buckets may assist in the overall ROI of the cloud, but my experience is that a Business Analyst/Manager type uses ROI to build a business case for going to the cloud for a specific, not as much a CIO. So, in that case I believe a TCO for an internal solution could be used for calculating the ROI for a one-off app going to the cloud.
At the end of the day, you need a number the CxO will be satisfied with. The how you came about that number may not be questioned.
SIEM Deployments Does Not Equal Threat Intelligence
Just because an org has deployed a SIEM or uses a SIEM service from a MSSP / SOC vendor does not mean that threat intelligence (TI) has been implemented.
As articulated below, TI is at the next level compared to log aggregation and correlation.
https://securityintelligence.com/how-stix-taxii-and-cybox-can-help-with-standardizing-threat-information/
As always, budget, available resources, technical skill-sets, industry, and jurisdiction will all be factors in the feasibility of onboarding a TI program.
As articulated below, TI is at the next level compared to log aggregation and correlation.
https://securityintelligence.com/how-stix-taxii-and-cybox-can-help-with-standardizing-threat-information/
As always, budget, available resources, technical skill-sets, industry, and jurisdiction will all be factors in the feasibility of onboarding a TI program.
Monday, July 4, 2016
Don't Forget to Plan
In the midst of the Brexit mess, we are reminded to plan before we take action.
Case in point, perform due diligence regarding information security before a merger or acquisition. Likewise, have access controls in place before a divestiture. Finally, test an incident response / disaster recovery plan before either really happens.
Regardless of one's position on Iraq 2003 or Brexit 2016, let's learn from one's inability to plan.
Case in point, perform due diligence regarding information security before a merger or acquisition. Likewise, have access controls in place before a divestiture. Finally, test an incident response / disaster recovery plan before either really happens.
Regardless of one's position on Iraq 2003 or Brexit 2016, let's learn from one's inability to plan.
Subscribe to:
Posts (Atom)