Future-Proof Security into DevOps

future proof

If you don’t think about security when you start going down the DevOps path you’re going to get caught by surprise when someone tells you that what you’re doing is insecure. At that point you’ll have to retrofit security into the process – and that’s painful.

Who’s Connecting to Your Network?

Dos and Don’ts for Managing External Connectivity

Are you really sure your external connections are secure and compliant? Are you really sure they are not inadvertently creating holes in your network and exposing your organization to cyber criminals? The Target breach – and many others like it – should at least make you double check your practices.

Top 10 Common Firewall Flaws: What You Don't Know Can Hurt You!

firewall mistakes

Do you really know what vulnerabilities currently exist in your enterprise firewalls? Your vulnerability scans are coming up clean. Your penetration tests have not revealed anything of significance. Therefore, everything’s in check, right? Not necessarily. Here are my top 10 common firewall vulnerabilities that you need to be on the lookout for.

Bringing Security into DevOps

enterprise-collaboration

Traditionally security was not part of the DevOps process. But I’m now starting to see companies begin to integrate security into the DevOps process – often now renamed DevSecOps.

Migrating Business Applications to AWS? Tips on Where to Start

cloud migration 2

I recently sat down with Avishai Wool, our CTO, and asked him for some tips for companies who are considering migrating their business applications to Amazon Web Services (AWS).

How to Use Decoy Deception for Network Protection

dwf_03_z

According to Sun Tzu to gain an advantage on your opponent you need to catch him off guard – make him believe you’re something you’re not, so that you can leverage this opportunity to your advantage. As security practitioners we should all supplement our security practices with this timed and tested decoy technique against cyber attackers.

Survival Tips For The Security Skills Shortage

Help-Wanted

No matter how you slice it, creating a security professional with 10 years of experience takes, well, 10 years. Here are six suggestions for doing more with less.

How to Model Your Security Risks: 5 Tips

threat modelling

Taking a risk first approach, where you analyze what you need to protect and what the consequences are if you’re unable to protect these assets, is a must more strategic and long term approach to security. Once you have this mapped out you’ll then be able to start looking for the right products to fill the holes and protect you against relevant threats to your organization.

Ever Wish You Could Get Inside your QSA’s Head Before Your Next PCI Audit?

pci webinar

A few weeks ago, Adam Gaydosh, a certified QSA with Anitian, and Nimmy Reichenberg, our VP of Strategy here at AlgoSec presented an educational webinar on the top PCI audits pitfalls, and how to avoid them. You can view the full presentation is here, but for those of you who don’t have the time and want the readers digest version here are some of the highlights from the webinar.

Hazardous Network Segmentation: When More Isn’t Better

09_390X390_icon

Welcome to the last blog post in our special series, Mitigating Gartner’s Network Security Worst Practices. Under and over-segmentation of networks is among Gartner’s “Dirty Dozen” Network Security Worst Practices. We know that these two extremes pose different challenges to organizations, and finding the right balance is essential to providing security while supporting business agility….Read More

Change Management, Auditing and Compliance in an AWS Hybrid Environment

thumb-pci-cloud-hosting

In this lesson Professor Wool reviews AWS’s own auditing tools, CloudWatch and CloudTrail, which are useful for cloud-based applications. However if you are running a hybrid data center, you will likely need to augment these tools with solutions that can provide reporting, visibility and change monitoring across the entire environment. Professor Wool provides some recommendations for key features and functionally you’ll need to ensure compliance, and tips on what the auditors are looking for.

Who Put That in Here? (And Who's Going to Take It Out)

07_390X390_icon 2

In this post we’ll cover the worst practice of “Uncoordinated Policy Management” which Gartner also nicely referred to as “firewall roach motel — rules go in, but they don’t come out“. Helping organizations improve security policy management is obviously at the heart of what we do here at AlgoSec.