According to Sun Tzu to gain an advantage on your opponent you need to catch him off guard – make him believe you’re something you’re not, so that you can leverage this opportunity to your advantage. As security practitioners we should all supplement our security practices with this timed and tested decoy technique against cyber attackers.
No matter how you slice it, creating a security professional with 10 years of experience takes, well, 10 years. Here are six suggestions for doing more with less.
Taking a risk first approach, where you analyze what you need to protect and what the consequences are if you’re unable to protect these assets, is a must more strategic and long term approach to security. Once you have this mapped out you’ll then be able to start looking for the right products to fill the holes and protect you against relevant threats to your organization.
A few weeks ago, Adam Gaydosh, a certified QSA with Anitian, and Nimmy Reichenberg, our VP of Strategy here at AlgoSec presented an educational webinar on the top PCI audits pitfalls, and how to avoid them. You can view the full presentation is here, but for those of you who don’t have the time and want the readers digest version here are some of the highlights from the webinar.
Welcome to the last blog post in our special series, Mitigating Gartner’s Network Security Worst Practices. Under and over-segmentation of networks is among Gartner’s “Dirty Dozen” Network Security Worst Practices. We know that these two extremes pose different challenges to organizations, and finding the right balance is essential to providing security while also supporting business…Read More
In this lesson Professor Wool reviews AWS’s own auditing tools, CloudWatch and CloudTrail, which are useful for cloud-based applications. However if you are running a hybrid data center, you will likely need to augment these tools with solutions that can provide reporting, visibility and change monitoring across the entire environment. Professor Wool provides some recommendations for key features and functionally you’ll need to ensure compliance, and tips on what the auditors are looking for.
In this post we’ll cover the worst practice of “Uncoordinated Policy Management” which Gartner also nicely referred to as “firewall roach motel — rules go in, but they don’t come out“. Helping organizations improve security policy management is obviously at the heart of what we do here at AlgoSec.
In this lesson Professor Wool, highlights the limitations and consequences of leaving the default rules in place, and provides recommendations on how to define outbound rules in AWS Security Groups in order to securely control and filter outbound traffic and protect against data leaks.
Enterprise mobility security must now involve the end-user, how content is consumed, how efficiently it’s being delivered, security and compliance as well as the end-point device itself. While the overall goal of mobile communications is to enable and empower the mobile workforce to give them greater freedom of access to information and resources, it must be done securely.
In this lesson, Professor Wool provides an overview of Amazon Web Services (AWS) Security Groups and highlights some of the differences between Security Groups and traditional firewalls. The lesson continues by explaining some of the unique features of AWS and the challenges and benefits of being able to apply multiple Security Groups to a single instance.
This blog post will discuss two factor authentication – when you should use it, and what techniques are available to help prevent the theft of credentials and protect against unauthorized access.
Ever wish you could get inside your QSA’s head before your next PCI audit? Get the inside scoop on what QSAs are looking for when they audit you. Aimed at security and networking professionals, this webinar will provide insider tips and tricks to help you prepare for and pass your audit – wherever your credit card data is stored – and remain continuously compliant even if you’re breached.