March 3, 2015 | Joe Schreiber

MSSP Success Series: Name Your Assets

MSSPs, like any other business, are a factor of it’s People, Process, and Product. This series will offer insight into each of those factors and offer practical ways to achieve success. What’s in a name? A device by any other name, will work just as well… if not better Now that you are past the…

February 25, 2015 | Michelle Drolet

The 4 Es of Enterprise Security

Building a solid security program takes time. Every organization is different. It's very important to assess your technology, and consider both internal and external threats. An assessment will reveal vulnerabilities. The remediation process will help you take full advantage of your existing security assets and point you at any gaps that need filling. Even once your defenses are in…

Get the latest security news in your inbox.

Subscribe via Email

February 24, 2015 | Kate Brew

Red Team and Blue Team Collaboration: A Talk at CUISPA 2015

Mike Saurbaugh, Manager of Information Security at Corning Credit Union and Kevin Johnson, CEO of Secure Ideas presented "Security by Collaboration: Rethinking Red Teams versus Blue Teams” at CUISPA 2015. Mike represented the Blue Team side, as the internal guy who works with Kevin, as a hired-gun third party Red Team. Red Team focuses on adversarial probing of security at…

February 21, 2015 | Garrett Gross

Sofacy AKA Sednit/APT28/Fancy Bear Malicious Payloads

You’ve probably educated your users to not click on risky email attachments but what about Word files, spreadsheets or even PDFs? We send those all the time to our coworkers so how do we know what is legit and what isn’t? (Remember – one of the most visible breaches of our time (RSA 2011) started with a…

February 18, 2015 | Sharla Elizalde

6 Questions to Help you Plan for Integrating Cyber Threat Intelligence

Over the last several years, we have seen that attackers are innovating much faster than defenders are. This trend is steering many companies to look towards cyber threat intelligence (CTI) to help them navigate today’s threatening landscape. SANS conducted a survey this year to explore who is using cyber threat intelligence and how they are using it. The…

February 12, 2015 | Stephen Molina

Defending the Enterprise from Cyber Attacks: Save Mart Case Study

We’ve seen several cyber attacks occur over the course of 2014 – from Home Depot to Target and most recently Sony. The one thing I think most of us in the industry can agree on is that we don’t want to be the next company in headlines marked by a breach. As the information security administrator of…

February 10, 2015 | Garrett Gross

Emerging Threat - Reflection Using SQL Servers

A new, particularly nasty, technique was discovered out in the wild this past December (2014) where the City of Columbia, Missouri came under a DoS (Denial of Service) attack. While many of the attacks were carried out using known techniques (SSDP/NTP amplification, HTTP POST, SYN flood, etc.), one technique seemed to be of a new breed. It turns out, hackers…

February 6, 2015 | Patrick Bedwell

Healthcare and PII: They’ve Seen You Naked

With the recent Anthem data breach that has grabbed our attention, the topic of how Healthcare organizations protect your Personally Identifiable Information (PII) has moved to the forefront. In many ways, bad actors acquiring your PII are far worse than them simply stealing your credit cards. Stolen credit cards, you can cancel – easily and usually without cost. Stolen PII …

February 6, 2015 | Joe Schreiber

Don’t Panic: Six Steps to Surviving your First Breach

So you’ve come to terms with the truth of the world; eventually, you’re going to suffer a security breach. Maybe it won’t happen this month, or this year, but as the great sage Tyler Durden so incisively observed, “On a long enough timeline, the survival rate for everyone drops to zero.” Getting…

February 5, 2015 | Russ Spitler

Cloud Security Confusion: Who Owns What?

At BlackHat this past summer, we ran a survey in our booth asking a series of questions related to security in the cloud. We had more than 500 respondents and the signal was quite strong – everyone is confused about security in the cloud! Let’s start with the simplest, most basic question – who is responsible for security? To…

February 3, 2015 | Andy Manoske

Why Low-Tech Hacking Persists in a High Tech Age

The Bomber Will Always Get Through In the tumultuous years before World War 2, a British Parliamentary official, Stanley Baldwin, gave an ominous speech regarding the country’s war defenses. Responding to calls for building an “impenetrable” air defense network to defend London from an air raid, Baldwin quipped, “it is well also for the man in…

January 30, 2015 | Kate Brew

CryptoParty at Austin OWASP

One of Edward Snowden's first moves involving going around the NSA was to attend a CryptoParty in Hawaii. Not that we are anything like Edward Snowden, but we went ahead and had a CryptoParty at our Austin OWASP chapter meeting on 1/27/15. Here is a recording of the event We did not have cupcakes, but…

Watch a Demo ›
Get Price Free Trial