While at RSA last week I had the pleasure of attending the T.E.N breakfast which brought together CISOs from Aetna, Cox Automotive, SunTrust Bank, Target, and The Coca-Cola Company. During this highly informative and entertaining session, these leading influencers provided some great insight into their security challenges, trends and observations. Severe shortage of skilled security staff. Every…Read More
According to the recently released Verizon 2015 Compliance Report “27% of organizations that suffered a data breach in 2014 were compliant with Requirement 1 at the time of their breach.” And, a“there is strong correlation between a badly configured firewall and the likelihood of a security breach”. In this post I’d like to discuss Verizon’s findings and its recommendations to help companies comply with Requirement 1.
If you’re going to the RSA Conference in San Francisco next week, make sure to drop by AlgoSec’s booth (2115) and say hello. We’d love to see you!
As business demands increase and network complexity grows, it’s easy—and dangerous—to get overwhelmed as a firewall administrator. With all the security risks facing networks today, the last thing your business needs is for you to be so distracted by the hundreds of little things that pop up each week that you miss the critical responsibilities of your job. Here are some tips to help you manage your day-to-day work that can help you stay on top of the really important things, get more done, and keep your sanity.
It’s no surprise that most security gaps are already known by the security team, but have not been addressed because of other priorities. But claiming that its “not my job” that you don’t have the time to address security gaps is not good enough anymore and isn’t going to hold water when you’ve been breached or when a critical business application suffers an outage –as many CIOs who have recently lost their jobs will testify.
Organizations are using a variety of technologies to empower their businesses to run faster and perform better: virtualization, more multi-tenant systems, better application delivery methodologies, and of course – more mobility. But through it all, where does security really fit in? How can you deliver proactive security across so many systems that enables the business rather than hinders it? Here are a few tips from an experienced director of IT.
In this new educational video, Professor Wool identifies common missteps when creating security zones, and provides practical recommendations for designing and managing your network for better security and protection.
Most often, when we hear people say that they’re going to “save their data to the cloud” they’re referring to the SaaS (Software as a Service) model. This is a very popular consumer-facing model, normally publicly accessible over the internet. Salesforce.com, Dropbox, and Googe Drive are typical examples of these types of SaaS applications. When…Read More
In this latest post in our ‘Mitigating Gartner’s Network Security Worst Practices Blog Series’ we’ll discuss my thoughts on Gartner’s worst practice of “suboptimal branch architecture”. Global organizations today have some big challenges when it comes to figuring out the best architecture for their networks. On the one hand they need to get their applications…Read More
I am a big advocate of examining solutions from both a processes and a tools perspective. Although AlgoSec is a software provider, I am the first to acknowledge that a good tool will not fix a bad process. On the flip side, a good process which can’t be enforced will not go very far either. This blog post examines what you can do from a process perspective to address organizational misalignment.
A Zero Trust network abolishes the quaint idea of a “trusted” internal network demarcated by a corporate perimeter. Instead it advocates microperimeters of control and visibility around the enterprise’s most sensitive data assets and the ways in which the enterprise uses its data to achieve its business objectives. In this webinar, guest speaker John Kindervag,…Read More
Breaches are always going to happen unfortunately. In some instances they are caused by negligence or a user mistakes. In other cases there is criminal intent. Either way, there are some absolute musts when it comes to securing your environment: