Search

Instead of legacy security models that differentiate a "trusted" interior from an untrusted external one, zero trust instead assumes that all networks and hosts are equally untrustworthy. Once this fundamental shift in assumptions is made, you start to make different decisions about what, who, and w...

Two things are happening simultaneously: The RSA Security Conference is in full swing and so is COVID-19. It's a strange juxtaposition. The conference is going on undeterred just a few blocks from where the mayor declared a state of emergency due to the ongoing spread of the virus. There's also topi...

As most security pros know, application containers -- Docker, rkt, etc. -- and the orchestration elements employed to support them, such as Kubernetes, are used increasingly in many organizations. Often the security organization isn't exactly the first stop on the path to deployment of these tools. ...

If you're like most security pros, chances are pretty good that you're starting to get frustrated with microservices a little bit, or maybe a lot. Microservice architectures -- that is, architectures that leverage REST to build a number of small, distributed, modular components -- are powerful from...

If you've ever played chess, you know that each move you make has to be the best move. At one level, this is painfully obvious -- after all, who would choose to make a terrible move instead of a better one? -- but it's illustrative of an important concept. Specifically, the core reason it's true is...

They say that the key to good security is constant vigilance. As a practical matter, this means that it's important for security and network pros to pay attention to two things: changes in the threat landscape, so they can be on the alert for how their systems might be attacked; and changes and deve...

While good communication is pretty much universally beneficial, there are times when it's more so than others. One such time? During a cybersecurity incident. Incident responders know that communication is paramount. Even a few minutes might mean the difference between closing an issue vs. allowing...

In IT, we've been hearing about the "cybersecurity skills shortage" for a few years. There is no shortage of statistics and data about it: More than 70 percent of participating organizations reported being impacted by the skills shortage, according to an ESG/ISSA research report. Likewise, more than...

Following a natural disaster that causes property damage to businesses and homes -- say a hurricane, fire or flood -- how often do you hear suggestions that the victims were at fault for their misfortune, or that they could have done something to prevent the event from occurring in the first place? ...

Let's face it, there's been a lot of hype about blockchain over the past few years. Nowadays though, there are signs that we may be on the cusp of moving from the "blockchain will solve all your problems" segment of the hype cycle into the "blockchain may be useful for a few targeted applications" ...

Cybersecurity has been becoming a larger and larger concern for organizations. Nowadays, most organizations -- regardless of size, industry, location, or profit vs. nonprofit status -- find themselves directly or indirectly impacted by cybersecurity. Even though the topic itself is increasing in im...

If you're a technologist, you've probably noticed a few new things associated with Chrome 68's release last month. One of the more notable changes is that it now uses a "not secure" indicator for any site not using HTTPS. So instead of providing a notification when a site is HTTPS, it now provides ...

There are times when looking at something narrowly can be more effective than taking a wider and more comprehensive view. Consider the experience of looking at organisms in a microscope or watching a bird through binoculars. Distractions are minimized, allowing optimal evaluation and analysis. In se...

If you're a cybersecurity practitioner, chances are good that you've heard the term "zero trust" over the past few months. If you attend trade shows, keep current with the trade media headlines, or network with peers and other security pros, you've probably at least heard the term. Counterintuitive...

The security skills gap has become a topic of acute interest among practitioners responsible for building security teams for their organizations -- and keeping them running smoothly. It impacts everything from how they staff, how they cultivate and develop their workforces, and how they train, to th...

Those who follow security news may have noticed a disturbing trend. Late last year, we learned that Uber paid attackers $100,000 to keep under wraps their stealth of the personal information of 50 million Uber riders. More recently, we learned that Hancock Health paid approximately $55,000 in bitc...

If you've been keeping up with the news, you've probably noticed a few recent reports about companies that may have been a little less than candid about security issues. For example, we recently learned that Uber experienced a breach in 2016. As we've also learned from subsequent press reports, t...

In the security world, there is a truism that defense is harder than offense because it's an asymmetric playing field. The bad guys need only find one path into an environment -- one place where everything hasn't been done perfectly -- while those charged with securing that environment need to prote...

There are times when it seems like technology can work almost too well. Now, if working too well sounds to you like an impossibility -- along the lines of being too rich or too good looking -- reflect that there's more to a technology than end-user experience. In addition to the experience of using ...

Ask any security practitioner about ransomware nowadays, and chances are good you'll get an earful. Recent outbreaks like Petya and WannaCry have left organizations around the world reeling, and statistics show that ransomware is on the rise generally. For example, 62 percent of participants survey...