security

December 30, 2014

SECURITY

Getting More Responsive Security by Learning From Disaster Responses

5 min read

Editor’s Note: In the two previous blogs, we discussed some of the issues and dilemmas found within information security knowledge and practice domains. Those challenges arise fundamentally from the traditional approach that many organizations have adopted to address information security requirements. In this fourth installment, we look at how good preparation can improve security outcomes, […]

December 23, 2014

SECURITY

Network Access Control Sure Isn’t What It Used to Be…

3 min read

Chances are you might be reading this blogpost on a device other than a laptop or desktop computer.  I’d also wager that the device you’re using to read this post handles double-duty – that is, you use it for both work (e.g., checking email, reviewing confidential documents) and play (e.g., Vine, Flappy Bird, social media). […]

December 23, 2014

SECURITY

Issues and Dilemmas in Information Security Practices

5 min read

Editor’s note: In A Circular Problem in Current Information Security Principles, we highlighted one of the challenges in our knowledge domain that contributes to the ineffectiveness of today’s information security practices. In this third installment, we review the issues and dilemmas that are common in our practice environment. One of the challenges information security management teams […]

December 22, 2014

SECURITY

Continuous Protection on the Endpoint: Show Me

2 min read

Advanced malware is dynamic, elusive, and evasive. Once it slithers into the organization’s extended network, it can very quickly proliferate, cause problems, and remain undetected by traditional point-in-time security tools. These tools poll or scan endpoints for malware or indicators of compromise at a moment in time, and then do not evaluate again until the […]

December 16, 2014

SECURITY

A Circular Problem in Current Information Security Principles

5 min read

Editor’s Note: In this second installment of the blog series on more responsive security, we take a closer look at the circular problems associated with four common security principles in managing “weak link” risks in Information Technology organizations. Before discussing what constitutes this responsive approach to security, let us first look at a few of […]

December 12, 2014

SECURITY

A Model for Evaluating Breach Detection Readiness

4 min read

Given that modern attacks are complex and sophisticated, there is not a single product or tool that will ever be 100% effective at detecting threats. Prevention eventually fails. Therefore, you need protection before, during, and after an attack. Modern-day networks are large and complicated. It is a nightmare for incident response teams and security investigators […]

December 11, 2014

SECURITY

Reintroducing Snort 3.0

1 min read

A little more than a year ago when Sourcefire became a part of Cisco, we reaffirmed our commitment to open source innovation and pledged to continue support for Snort and other open source projects. Our announcement of the OpenAppID initiative earlier this year was one of several ways we have delivered on this promise. Today we are […]

December 9, 2014

SECURITY

Understanding and Addressing the Challenges of Managing Information Security – A More Responsive Approach

2 min read

Just like bad weather conditions found in nature, such as typhoons, hurricanes, or snowstorms, technology system defects and vulnerabilities are inherent characteristics found in a cyber system environment. Regardless of whether it’s a fair comparison, weather changes are part of the natural environment that we have little direct control over, whereas the cyber environment is […]

December 2, 2014

DATA CENTER

Pros and Cons: Do-It-Yourself Approaches to Monitoring Shadow IT & Cloud Services

2 min read

Shadow IT is estimated to be 20-40 percent beyond the traditional IT budget. The ease by which organizations can purchase apps and services from cloud service providers (CSP) contributes significantly to this spending. This is an eye-catching number worthy of investigation—not only to identify and reduce costs, but to discover business risks. So, it is […]