Undivided we fall: decoupling network segmentation from micro-segmentation in the software defined perimeter

September 25, 2019 | Alissa Knight
Alissa Knight

Alissa Knight

Senior Partner, Brier & Thorn

Alissa Knight is the Group Managing Partner of Brier & Thorn, Inc.. Alissa also heads up European operations as the Managing Director of the firm’s new facilities in Stuttgart, Germany where she lives and works. Alissa has a passion for helping clients secure their most valuable assets; the ideas they bring to market that change the ways in which we work, live, and play. A proven leader with deep domain knowledge in developing strong client relationships, she builds outstanding global teams and partnerships, bringing a disciplined focus to operations and execution. Alissa leads the delivery of IT risk management services to the global marketplace; creating the service roadmap for Brier & Thorn’s portfolio of IT risk management projects and managed security services delivered from its global network of Security Operations Centers.

September 25, 2019 | Alissa Knight

Undivided we fall: decoupling network segmentation from micro-segmentation in the software defined perimeter

Introduction As of today, no laws or regulations, even the latest version of PCI-DSS, HIPAA, and HITECH, do not make network segmentation or micro-segmentation compulsory to comply with the rule. By making network segmentation discretionary -- even when transmitting, processing, or storing regulated data, the number of breaches will continue to rise as companies err on the side of…

March 2, 2017 | Alissa Knight

Demystifying Network Isolation and Micro-Segmentation

A project management approach to designing, implementing, and operationalizing network isolation and micro-segmentation Network segmentation (often referred to as network isolation) is the concept of taking your network and creating silos within it called VLANs (virtual local area networks) that separates assets in the networked environment based on the function of the asset within the organization or some other schema…

Get the latest security news in your inbox.

Subscribe via Email

September 6, 2016 | Alissa Knight

Digital Forensics According to the FORZA Model and Diamond Model for Intrusion Analysis

The Bridge on the River Forza We can teach these barbarians a lesson in Western methods and efficiency that will put them to shame.” -Colonel Nicholson (The Bridge on the River Kwai, 1957) Efficiency. Something we look to implement in everything we do, whether that be through the elimination of waste through Six Sigma, or other frameworks and methodologies, efficiency…

August 3, 2016 | Alissa Knight

One Flew Over the Cuckoo’s Test: Performing a Penetration Test with Methodology

“All I know is this: nobody’s very big in the first place, and it looks to me like everybody spends their whole life tearing everybody else down.” - One Flew Over the Cuckoo’s Nest (1975) I love this quote from this film and unfortunately, despite the fact that it’s now 41 years later since…

July 18, 2016 | Alissa Knight

Understanding Electronic Control Units (ECUs) in Connected Automobiles and How They Can Be Hacked

Before you read any further, I must caution you that the weaknesses described in this article impact multiple ECUs on the market today and therefore have had all identifiers, such as references to specific automobile and ECU manufacturers removed in the interest of responsible disclosure. While topics in this article will be discussed at a very superficial level, My talk…

July 5, 2016 | Alissa Knight

Hacking Multifunction Printers: Lock, Stock and Two Smoking Printers

Introduction Because networked printers are often configured with access to the organization’s file server, email server, and active directory, the potential risk is enormous and unfortunately printers are the last device that the IT Security team even thinks about. As a matter of fact, in almost every single engagement we’ve been on at Brier & Thorn,…

January 18, 2016 | Alissa Knight

Counter-Insurgency Bullet Designed to Kill Insurgents is Like IT Security Looking for a Special APT Detector

What? A special bullet that is designed just to kill insurgents? That's ridiculous. Well of course it is. No one in their right mind at the Pentagon, no chief on the Joint Chiefs of Staff would ever propose something like that. They wouldn't because first of all, it's not possible to create a bullet that only kills…

November 5, 2014 | Alissa Knight

Red teams; a diary from the garden of Red versus Blue

As with most terminology used in information technology, such as DMZ (or Demilitarized Zone), the term Red team was originally adopted from its use by the US military, which is still heavily used today in the ongoing force transformation of the Department of Defense. Red teaming can be used at multiple levels within a company, not just red team/blue…

Watch a Demo ›
Get Price Free Trial