How to Use Decoy Deception for Network Protection


According to Sun Tzu to gain an advantage on your opponent you need to catch him off guard – make him believe you’re something you’re not, so that you can leverage this opportunity to your advantage. As security practitioners we should all supplement our security practices with this timed and tested decoy technique against cyber attackers.

Survival Tips For The Security Skills Shortage


No matter how you slice it, creating a security professional with 10 years of experience takes, well, 10 years. Here are six suggestions for doing more with less.

How to Model Your Security Risks: 5 Tips

threat modelling

Taking a risk first approach, where you analyze what you need to protect and what the consequences are if you’re unable to protect these assets, is a must more strategic and long term approach to security. Once you have this mapped out you’ll then be able to start looking for the right products to fill the holes and protect you against relevant threats to your organization.

Ever Wish You Could Get Inside your QSA’s Head Before Your Next PCI Audit?

pci webinar

A few weeks ago, Adam Gaydosh, a certified QSA with Anitian, and Nimmy Reichenberg, our VP of Strategy here at AlgoSec presented an educational webinar on the top PCI audits pitfalls, and how to avoid them. You can view the full presentation is here, but for those of you who don’t have the time and want the readers digest version here are some of the highlights from the webinar.

Hazardous Network Segmentation: When More Isn’t Better


Welcome to the last blog post in our special series, Mitigating Gartner’s Network Security Worst Practices. Under and over-segmentation of networks is among Gartner’s “Dirty Dozen” Network Security Worst Practices. We know that these two extremes pose different challenges to organizations, and finding the right balance is essential to providing security while also supporting business…Read More

Change Management, Auditing and Compliance in an AWS Hybrid Environment


In this lesson Professor Wool reviews AWS’s own auditing tools, CloudWatch and CloudTrail, which are useful for cloud-based applications. However if you are running a hybrid data center, you will likely need to augment these tools with solutions that can provide reporting, visibility and change monitoring across the entire environment. Professor Wool provides some recommendations for key features and functionally you’ll need to ensure compliance, and tips on what the auditors are looking for.

Who Put That in Here? (And Who's Going to Take It Out)

07_390X390_icon 2

In this post we’ll cover the worst practice of “Uncoordinated Policy Management” which Gartner also nicely referred to as “firewall roach motel — rules go in, but they don’t come out“. Helping organizations improve security policy management is obviously at the heart of what we do here at AlgoSec.

Tips on How to Protect Outbound Traffic in an AWS Hybrid Environment


In this lesson Professor Wool, highlights the limitations and consequences of leaving the default rules in place, and provides recommendations on how to define outbound rules in AWS Security Groups in order to securely control and filter outbound traffic and protect against data leaks.

Tips for Creating a Security Architecture for the Mobile Enterprise

secure mobile enterprise

Enterprise mobility security must now involve the end-user, how content is consumed, how efficiently it’s being delivered, security and compliance as well as the end-point device itself. While the overall goal of mobile communications is to enable and empower the mobile workforce to give them greater freedom of access to information and resources, it must be done securely.

The Fundamentals of AWS Security Groups – A New Professor Wool Educational Video


In this lesson, Professor Wool provides an overview of Amazon Web Services (AWS) Security Groups and highlights some of the differences between Security Groups and traditional firewalls. The lesson continues by explaining some of the unique features of AWS and the challenges and benefits of being able to apply multiple Security Groups to a single instance.

Two Factor Authentication: Why, When and How


This blog post will discuss two factor authentication – when you should use it, and what techniques are available to help prevent the theft of credentials and protect against unauthorized access.

Top PCI Audit Pitfalls and How to Avoid Them: The QSA’s Perspective


Ever wish you could get inside your QSA’s head before your next PCI audit? Get the inside scoop on what QSAs are looking for when they audit you. Aimed at security and networking professionals, this webinar will provide insider tips and tricks to help you prepare for and pass your audit – wherever your credit card data is stored – and remain continuously compliant even if you’re breached.