If you don’t think about security when you start going down the DevOps path you’re going to get caught by surprise when someone tells you that what you’re doing is insecure. At that point you’ll have to retrofit security into the process – and that’s painful.
Are you really sure your external connections are secure and compliant? Are you really sure they are not inadvertently creating holes in your network and exposing your organization to cyber criminals? The Target breach – and many others like it – should at least make you double check your practices.
Do you really know what vulnerabilities currently exist in your enterprise firewalls? Your vulnerability scans are coming up clean. Your penetration tests have not revealed anything of significance. Therefore, everything’s in check, right? Not necessarily. Here are my top 10 common firewall vulnerabilities that you need to be on the lookout for.
Traditionally security was not part of the DevOps process. But I’m now starting to see companies begin to integrate security into the DevOps process – often now renamed DevSecOps.
I recently sat down with Avishai Wool, our CTO, and asked him for some tips for companies who are considering migrating their business applications to Amazon Web Services (AWS).
According to Sun Tzu to gain an advantage on your opponent you need to catch him off guard – make him believe you’re something you’re not, so that you can leverage this opportunity to your advantage. As security practitioners we should all supplement our security practices with this timed and tested decoy technique against cyber attackers.
No matter how you slice it, creating a security professional with 10 years of experience takes, well, 10 years. Here are six suggestions for doing more with less.
Taking a risk first approach, where you analyze what you need to protect and what the consequences are if you’re unable to protect these assets, is a must more strategic and long term approach to security. Once you have this mapped out you’ll then be able to start looking for the right products to fill the holes and protect you against relevant threats to your organization.
A few weeks ago, Adam Gaydosh, a certified QSA with Anitian, and Nimmy Reichenberg, our VP of Strategy here at AlgoSec presented an educational webinar on the top PCI audits pitfalls, and how to avoid them. You can view the full presentation is here, but for those of you who don’t have the time and want the readers digest version here are some of the highlights from the webinar.
Welcome to the last blog post in our special series, Mitigating Gartner’s Network Security Worst Practices. Under and over-segmentation of networks is among Gartner’s “Dirty Dozen” Network Security Worst Practices. We know that these two extremes pose different challenges to organizations, and finding the right balance is essential to providing security while supporting business agility….Read More
In this lesson Professor Wool reviews AWS’s own auditing tools, CloudWatch and CloudTrail, which are useful for cloud-based applications. However if you are running a hybrid data center, you will likely need to augment these tools with solutions that can provide reporting, visibility and change monitoring across the entire environment. Professor Wool provides some recommendations for key features and functionally you’ll need to ensure compliance, and tips on what the auditors are looking for.
In this post we’ll cover the worst practice of “Uncoordinated Policy Management” which Gartner also nicely referred to as “firewall roach motel — rules go in, but they don’t come out“. Helping organizations improve security policy management is obviously at the heart of what we do here at AlgoSec.