Today we published our third annual State of Network Security survey findings, which explore key risks in organizations’ security management practices and access to critical applications in the data center. Highlights include:
Over the past couple months we’ve seen a major shift in the way assessors are dealing with PCI-DSS and security. In speaking with some retail customers, one of the overarching themes I've heard is to make sure you use an assessor who understands the importance of first having a solid security program before worrying about compliance. In my conversations I've been told that QSA’s, and assessors in general, have started to shift their approach in how they review PCI-DSS since many QSA’s now have more skin in the game. Below are excerpts from a Q&A I did with a security engineer at an AlgoSec customer in the retail space:
This week's network security tip focuses on reducing complexity when it comes to firewall policy management. Our latest tip comes from our own James Dowell, a security engineer here at AlgoSec who suggests the following:
Following up on my last post on ensuring network security when working with third party vendors, to wrap up the discussion, we must examine data access levels, your incident response plan and the concept of cyber-insurance. Having an understanding and a plan around all of these can help you mitigate weak links in your security chain.
This week's network security tip focuses on simplifying your firewall rulebase. It's commonly discussed that complexity is a security killer. So going with that premise, before adding more policies, tools and layers into your security infrastructure, perhaps its worth taking a step back, examining what you have, what you think you need and then look for ways to simplify your overall security management. This exercise can help you improve your operations as well as security.
I recently had the opportunity to sit down with Conrad Menezes to discuss some of the current and future networking and security trends and challenges facing organizations. Conrad held senior executives roles spanning both security and networking at companies such as Sears and American Express. In our conversation, he provided some great insight on topics such as the modern threat landscape, dealing with application overload in the data center and what software-defined-networking (SDN) can mean for organizations.