While you’re standing on the ramparts of your enterprise perimeter, scanning for bad guys, there may well be a threat right in your blind spot: Insiders. Maybe it’s someone truly malicious, like a spy. Maybe it’s someone pilfering for profit, the modern equivalent of someone stealing office supplies. Either way, the threat from trusted insiders…Read More
I am a big advocate of examining solutions from both a processes and a tools perspective. Although AlgoSec is a software provider, I am the first to acknowledge that a good tool will not fix a bad process. On the flip side, a good process which can’t be enforced will not go very far either. This blog post examines what you can do from a process perspective to address organizational misalignment.
Welcome to the fourth blog in our special series, Mitigating Gartner’s Network Security Worst Practices (a complimentary copy of Gartner’s research, Avoid these “Dirty Dozen” Network Security Worst Practices is available for viewing from AlgoSec’s website.) In this post we’ll cover the worst practice of “Insufficient Focus on Users and Business Requirements” which Gartner also fondly…Read More
In this blog we’ll cover “The Culture of No”. According to research by Gartner, “Many Gartner clients make statements along the lines of “those IT folks prevent us from doing our jobs.” They specifically cite that security departments implement policy and controls without regard for business function.” Does this sound familiar?
Welcome to our special blog series: Mitigating Gartner’s Network Security Worst Practices. Over the course of more than 3,000 client interactions in the past year, Gartner has observed several common network security “worst practices.” The result is this great research paper titled “Avoid These “Dirty Dozen” Network Security Worst Practices”, and a complimentary copy is available…Read More
Managing ever-growing network security policies is not getting any easier. We are facing more threats, greater complexity and increased demand for both security and application connectivity. However, many companies are failing to update their approach to security policy management to keep up with these challenges. In my years of interactions with companies across pretty much…Read More
For years, organizations have focused most of their network security efforts on the perimeter. First there were firewalls, then intrusion prevention systems came along followed by web proxies, and recently advanced malware detection (AKA sandboxing) solutions. This perimeter-focused approach is often referred to as the M&M Strategy – a hard crunchy outside and soft chewy…Read More
One of the more interesting phenomena I have observed when working with companies on their network security challenges is that every company feels that their challenges are unique. While this is true to some extent, there are many more similarities than differences between companies. One such similarity is the existence of “Network Ned”. Who is…Read More
Why is it that virtually all aspects of IT operate at near real time EXCEPT security? You can spin up a new server on demand or create a new database in a couple of minutes, but anything that has to do with the security policy can take weeks—or longer. It all goes back to a…Read More
According to a recent survey, two thirds of organizations are currently deploying or planning to deploy business applications on a public cloud infrastructure. If your organization is among them consider this: two-thirds of the organizations we surveyed are struggling to figure out how to extend their security policy across the hybrid environment. It a little daunting,…Read More
This situation may sound familiar – your CEO, CIO, or another executive outside of the security organization summons you to a meeting. “We have decided to move [Enter unreasonable number here] of our business applications to the public cloud by [Enter impossible timeframe here] he announces. “And don’t tell us that security is an issue…Read More
In September, a critical bug in the open source Bourne-Again Shell (BASH) that’s ubiquitous in Unix-based systems, including Linux and Mac OS X, displaced Heartbleed as the top network security threat. Called Shellshock, the bug allows hackers to insert code into the shell and hijack an operating system through the internet. From there, they can…Read More