In this lesson, Professor Wool provides an overview of Amazon Web Services (AWS) Security Groups and highlights some of the differences between Security Groups and traditional firewalls. The lesson continues by explaining some of the unique features of AWS and the challenges and benefits of being able to apply multiple Security Groups to a single instance.
This blog post will discuss two factor authentication – when you should use it, and what techniques are available to help prevent the theft of credentials and protect against unauthorized access.
Ever wish you could get inside your QSA’s head before your next PCI audit? Get the inside scoop on what QSAs are looking for when they audit you. Aimed at security and networking professionals, this webinar will provide insider tips and tricks to help you prepare for and pass your audit – wherever your credit card data is stored – and remain continuously compliant even if you’re breached.
While you’re standing on the ramparts of your enterprise perimeter, scanning for bad guys, there may well be a threat right in your blind spot: Insiders. Maybe it’s someone truly malicious, like a spy. Maybe it’s someone pilfering for profit, the modern equivalent of someone stealing office supplies. Either way, the threat from trusted insiders…Read More
In this new educational whiteboard video, Professor Wool provides the example of a virtualized private cloud which uses hypervisor technology to connect to the outside world via a firewall. If all worksloads within the private cloud share the same security requirements, this set up is adequate. But what happens if you want to run workloads with different security requirements within the cloud? Professor Wool explains the different options for filtering traffic within a private cloud, and discusses the challenges and solutions for managing them.
According to the 2015 Accenture Technology Vision Report, Digital Business Era: Stretch Your Boundaries, 81% of executives believe that “industry boundaries will dramatically blur as platforms reshape industries into interconnected ecosystems”. Furthermore – according to the report – 60% of organizations are now planning to engage new digital partners within their respective industries. This means…Read More
In this post Matt Pascucci provides invaluable advice for CISOs and Security and Compliance Officers on security planning, including the value of a security plan, what should be included in a security plan, when and how to maintain and update it.
While at RSA last week I had the pleasure of attending the T.E.N breakfast which brought together CISOs from Aetna, Cox Automotive, SunTrust Bank, Target, and The Coca-Cola Company. During this highly informative and entertaining session, these leading influencers provided some great insight into their security challenges, trends and observations. Severe shortage of skilled security staff. Every…Read More
According to the recently released Verizon 2015 Compliance Report “27% of organizations that suffered a data breach in 2014 were compliant with Requirement 1 at the time of their breach.” And, a“there is strong correlation between a badly configured firewall and the likelihood of a security breach”. In this post I’d like to discuss Verizon’s findings and its recommendations to help companies comply with Requirement 1.
If you’re going to the RSA Conference in San Francisco next week, make sure to drop by AlgoSec’s booth (2115) and say hello. We’d love to see you!
As business demands increase and network complexity grows, it’s easy—and dangerous—to get overwhelmed as a firewall administrator. With all the security risks facing networks today, the last thing your business needs is for you to be so distracted by the hundreds of little things that pop up each week that you miss the critical responsibilities of your job. Here are some tips to help you manage your day-to-day work that can help you stay on top of the really important things, get more done, and keep your sanity.
It’s no surprise that most security gaps are already known by the security team, but have not been addressed because of other priorities. But claiming that its “not my job” that you don’t have the time to address security gaps is not good enough anymore and isn’t going to hold water when you’ve been breached or when a critical business application suffers an outage –as many CIOs who have recently lost their jobs will testify.