Is Security blindly driving your business?


From the CIO’s perspective, IT and Network Security ultimately exist for one reason: to ensure the organization’s business applications securely drive the business. For IT this is fairly simple. Business applications is its business. IT is driven by the businesses’ needs and is responsible for enabling agility through IT. IT is involved, and has visibility into every aspect of the application’s lifecycle – from development through to delivery, performance monitoring and auditing. But when it comes to Security the story is a little different. Security exists to protect business applications, their connectivity flows and data. But, unlike the IT team, they are, in fact, working blind.

Going global: food for thought when managing firewalls across international networks


Globalization is the new normal for most organization today, but it can present some significant challenges – not least when it comes to managing the firewall estate across these large-scale, distributed networks.

Learn how an application-centric approach will improve your security and operational efficiency


Hear how an application-centric approach to security policy management – from automatically discovering application connectivity requirements, through ongoing change management and proactive risk analysis, to secure decommissioning – will help improve your security maturity and business agility.

SWIFT response: what we can learn from this year’s banking cyberattacks


SWIFT, the international cooperative that facilitates wire transfers, has hit the headlines recently, after falling victim to a series of attacks by cybercriminals. The first to come to light was the massive Bangladesh Bank $81 million heist . While details of this attack are still emerging, three factors are clear.

Open ports mean open season for attackers: Lessons learned from Rapid7’s Project Sonar


Globally, millions of systems connected to the internet are exposing insecure services to anybody who cares to look for them according to Project Sonar, a massive port-scanning operation by Rapid7. Let’s be clear: these are cybersecurity 101 mistakes. But it’s important to point out that the majority of these open doors are probably not on enterprise machines within large corporations, but rather they are probably home computers in small ‘mom-and-pop’ businesses, running basic Windows applications. Yet individual, poorly protected computers can actually have a significant impact on larger organizations’ cybersecurity posture.

Tips on how to prioritize your network security initiatives


All things considered, all we really have is our time. As IT and information security professionals, time is our most precious and scarcest resource. So, why is it that so much time is squandered in our profession?

Misconfiguration Routes Internet Traffic Destined for Europe to……..Hong Kong

telia logo 2016

Earlier this week, millions of customers of Swedish firm Telia, reported connectivity issues, with mobile apps such as WhatsApp and websites. The problem was so severe that the initial diagnosis was that a transatlantic cable had been severed or damaged. However, after much frantic investigation, it transpired that the outage was actually caused by a Telia engineer misconfiguring a router, resulting in all web traffic bound for Europe being sent to Hong Kong and causing a massive internet outage.

PCI DSS 3.2: Why removing SSL or updating the TLS just isn’t enough


The average end user – and the average organization – probably uses far more devices and applications that deploy web technology than they realize. For an end user, this might mean that they’re not following the good online security practices that they think they are. For a business, this might mean that they’re not complying with PCI DSS– even if they think they are.

Checking the cybersecurity pulse of medical devices


Hospitals are increasingly becoming a favored target of cyber criminals. Yet if you think about medical equipment that is vulnerable to being hacked at a hospital, you might not immediately think of high-end, critical equipment such as MRI and X-ray scanners, and nuclear medicine devices.  After all, these devices go through rigorous approval processes by…Read More

Connecting the dots: how to tie threat path intelligence to actionable choices


Threat path intelligence is analyzing and assessing threat information in relation to your business, and preparing a suitable response or taking proactive protective measures. Given that these days it’s no longer a matter of if, it’s the matter of when you will be attacked, monitoring and tracking threat intelligence can be vital to saving your business.

Plugging the cybersecurity skills gap with automation


What can organizations do to fight the disconnect between supply and demand and ensure that they have the right cybersecurity skills in place – one that can adequately protect them in an increasingly challenging world? The cybersecurity sector has generally-speaking been too introspective in recent years, expecting talent to simply land in their laps. But with the growing number of threats facing organizations every single day, and talented young IT enthusiasts choosing alternative career paths, it’s a problem that can’t be ignored any longer especially, as my colleague, Nimmy Reichenberg, likes to say “creating a security professional with 10 years of experience takes … well, 10 years”.

‘Have IT Your Way’: making network security change processes similar to ordering a burger


Burger King may have updated its slogan from ‘Have It Your Way’ to a more lifestyle-friendly ‘Be Your Way’, but the underlying message still stands. Order a burger, and they will deliver it exactly as you want it – while still following a standard, automated, quality and highly efficient process.