The Fundamentals of AWS Security Groups – A New Professor Wool Educational Video

AWS_large

In this lesson, Professor Wool provides an overview of Amazon Web Services (AWS) Security Groups and highlights some of the differences between Security Groups and traditional firewalls. The lesson continues by explaining some of the unique features of AWS and the challenges and benefits of being able to apply multiple Security Groups to a single instance.

Two Factor Authentication: Why, When and How

2Factors_authorization_icon

This blog post will discuss two factor authentication – when you should use it, and what techniques are available to help prevent the theft of credentials and protect against unauthorized access.

Top PCI Audit Pitfalls and How to Avoid Them: The QSA’s Perspective

PCI_webinar

Ever wish you could get inside your QSA’s head before your next PCI audit? Get the inside scoop on what QSAs are looking for when they audit you. Aimed at security and networking professionals, this webinar will provide insider tips and tricks to help you prepare for and pass your audit – wherever your credit card data is stored – and remain continuously compliant even if you’re breached.

Insiders – the Threat Right in Your Blind Spot

Insider_Threats

While you’re standing on the ramparts of your enterprise perimeter, scanning for bad guys, there may well be a threat right in your blind spot: Insiders. Maybe it’s someone truly malicious, like a spy. Maybe it’s someone pilfering for profit, the modern equivalent of someone stealing office supplies. Either way, the threat from trusted insiders…Read More

Tips for Filtering Traffic within a Private Cloud: New Professor Wool Educational Video

cloud-puzzle

In this new educational whiteboard video, Professor Wool provides the example of a virtualized private cloud which uses hypervisor technology to connect to the outside world via a firewall. If all worksloads within the private cloud share the same security requirements, this set up is adequate. But what happens if you want to run workloads with different security requirements within the cloud? Professor Wool explains the different options for filtering traffic within a private cloud, and discusses the challenges and solutions for managing them.

My Impressions from the Cisco Partner Summit 2015: Security, IoE, and Cloud

CiscoPartnerSummit2015_thumb

According to the 2015 Accenture Technology Vision Report, Digital Business Era:  Stretch Your Boundaries, 81% of executives believe that “industry boundaries will dramatically blur as platforms reshape industries into interconnected ecosystems”. Furthermore – according to the report – 60% of organizations are now planning to engage new digital partners within their respective industries. This means…Read More

What's in a Plan? Tips from a Security Expert on How to Develop an Effective Security Plan

planning

In this post Matt Pascucci provides invaluable advice for CISOs and Security and Compliance Officers on security planning, including the value of a security plan, what should be included in a security plan, when and how to maintain and update it.

We Need a Better Mousetrap: Insights on Security from Key CISOs at RSA

iStock_000014491423_Small

While at RSA last week I had the pleasure of attending the T.E.N breakfast which brought together CISOs from Aetna, Cox Automotive, SunTrust Bank, Target, and The Coca-Cola Company. During this highly informative and entertaining session, these leading influencers provided some great insight into their security challenges, trends and observations. Severe shortage of skilled security staff. Every…Read More

Firewalls, Breaches and the 2015 Verizon PCI DSS Report

img_PCISummary_cover2015

According to the recently released Verizon 2015 Compliance Report “27% of organizations that suffered a data breach in 2014 were compliant with Requirement 1 at the time of their breach.” And, a“there is strong correlation between a badly configured firewall and the likelihood of a security breach”. In this post I’d like to discuss Verizon’s findings and its recommendations to help companies comply with Requirement 1.

Hope to See You at RSA

rsa2015

If you’re going to the RSA Conference in San Francisco next week, make sure to drop by AlgoSec’s booth (2115) and say hello. We’d love to see you!

Secrets of a Successful Firewall Administrator

secret-of-my-success

As business demands increase and network complexity grows, it’s easy—and dangerous—to get overwhelmed as a firewall administrator. With all the security risks facing networks today, the last thing your business needs is for you to be so distracted by the hundreds of little things that pop up each week that you miss the critical responsibilities of your job. Here are some tips to help you manage your day-to-day work that can help you stay on top of the really important things, get more done, and keep your sanity.

Mind the Security Gap – It Is Your Job

08_390X390_icon

It’s no surprise that most security gaps are already known by the security team, but have not been addressed because of other priorities. But claiming that its “not my job” that you don’t have the time to address security gaps is not good enough anymore and isn’t going to hold water when you’ve been breached or when a critical business application suffers an outage –as many CIOs who have recently lost their jobs will testify.