Nimmy Reichenberg
Nimmy Reichenberg heads global marketing for AlgoSec and surprisingly actually understands what he markets. Originally a software engineer with security focus, Nimmy designed and developed security products before switching over to the dark side and becoming a marketeer. Nimmy has published several articles in security publications such as SC Magazine and ISSA journal and has spoken on various security topics in leading security conferences.

When he is not brainwashing you to buy AlgoSec products, Nimmy can be found Kite Surfing at the nearest beach where the wind is blowing over 15 knots, and spending time with his wife and two boys.

A Sneak Preview of Our Network Segmentation Webinar next Week

businessman over stretched

businessman over stretchedI am psyched to have Mark Wolfgang, expert penetration tester from ShoreBreakSecurity join us for our webinar on network segmentation next Tuesday.

Mark will share really cool information from his pen tests – including how he was able to gain control to the entire facility of major metropolitan by exploiting a single server. How is this possible? Well, as Mark will share – once an attacker gets control of a PC he or she are really in the dark – and one of the first things an attacker does is run a scan of all endpoints which are accessible from the compromised machine to see what is around. In Mark’s words, nothing is more frustrating to an attacker than realizing he can’t really get anywhere because of effective network segmentation.

Read more on A Sneak Preview of Our Network Segmentation Webinar next Week…

The Neglect of Security Basics

basic

basicLast week we held a webinar with our good friends from Qualys (you can view the recording here). The webinar discussed the integration between Qualys and AlgoSec that enables Application-Centric Vulnerability Management. One of the questions from the audience asked what happened to device hardening? Why is everyone only talking about things such as advanced threat prevention when it comes to security practices.

Read more on The Neglect of Security Basics…

Network Security Tip of the Week

tip-of-the-week1

This week's network security tip goes back to the core of defining your firewall policy:

"Create a rule before the last rule that blocks broadcasting without logging. It resolves huge logging issues in firewall management.”

Read more on Network Security Tip of the Week…

Conversation with a CISO on Networking and Security Trends

security cloud

security cloudI recently had the opportunity to sit down with Conrad Menezes to discuss some of the current and future networking and security trends and challenges facing organizations. Conrad held senior executives roles spanning both security and networking at companies such as Sears and American Express.  In our conversation, he provided some great insight on topics such as the modern threat landscape, dealing with application overload in the data center and what software-defined-networking (SDN) can mean for organizations.

Read more on Conversation with a CISO on Networking and Security Trends…

Security Policy Management Maturity Model and the Benefits from Moving Up the Ladder: The Final Chapter (Part 4 of 4)

maturity model level 4

maturity model level 4In our final post on the security policy management maturity model (if you've missed the others in our series, please check out Part 1- Initial, Part 2- Emerging and Part 3- Advanced), we look at the best-in-class or "Visionary" organization. An organization at this level takes a different approach to looking at its security infrastructure. Instead of looking at devices from strictly a firewall/security perspective, visionary organizations are making decisions from the perspective of critical business applications in the data center. All key stakeholders across security, network operations and application teams have visibility of the business requirements and the security implications and are aligned through streamlined and automated business processes. Characteristics of an organization taking an application-centric approach include:

Read more on Security Policy Management Maturity Model and the Benefits from Moving Up the Ladder: The Final Chapter (Part 4 of 4)…

Security Policy Management Maturity Model and the Benefits from Moving Up the Ladder: Part 3 of 4

maturity model level 3

maturity model level 3In my previous post on the security policy management maturity model, we examined what an Emerging organization (level 2) looks like. Steps to automate security policy analysis and audits were implemented, but the security policy was only optimized, compliant, etc. at a point-in-time, because changes continue to introduce risk and policy bloat.

Read more on Security Policy Management Maturity Model and the Benefits from Moving Up the Ladder: Part 3 of 4…