As we discussed in Defining TI, threat intelligence can help detect attacks earlier by benefiting from the misfortune of others and looking for attack patterns being used against higher profile targets. This is necessary because you simply cannot prevent everything. No way, no how. So you need to get better and faster at responding. The first step is improving detection to shorten the window between compromise and discovery of compromise.
Rich, Mike, and Adrian each pick a trend they expect to hammer us in 2015. Then we talk about it, probably too much. From threat intel to tokenization to SaaS security.
We are pleased to announce the availability of our Monitoring the Hybrid Cloud: Evolving to the CloudSOC paper. As the megatrends of cloud computing and mobility continue to play out in technology infrastructure, your security monitoring approach must evolve to factor in the lack of both visibility and control over the infrastructure. But senior management isn’t in the excuses business so you still need to provide the same level of diligence in protecting critical data. This paper looks at why…
As we looked back on our research output for the past 2 years it became clear that threat intelligence (TI) has been a topic of interest. We have written no less than 6 papers on this topic, and feel like we have only scratched the surface of how TI can impact your security program.
Rich here.
Last weekend I ran a local half-marathon. It wasn’t my first, but I managed to cut 11 minutes off my time and set PRs (Personal Record for you couch potatoes) for both the half and a 10K. I didn’t really expect either result, especially since I was out of running for nearly a month due to a random foot injury (although I kept biking).
Over halfway through January (already!), how are those New Year’s resolutions going? Did you want to lose some weight? Maybe exercise a bit more? Maybe drink less, or is that just me? Or have some more fun? Whatever you wanted to do, how is that going?
Yes, people, the disclosure debate is still alive and kicking. But now it is basically a pissing match between two of the largest tech companies. With Google setting rigid deadlines, and Microsoft stuck on their rigid schedule, who will win? Grab the popcorn as we talk about egos, internal inconsistencies, and why putting the user first is so damn hard.
I could probably write a book on AWS security at this point, except I don’t have the time, and most of you don’t have time to read it. So I wrote a concise paper on the key essentials to get you started – including the top four things to do in the first five minutes with a new AWS account.
Testing tags
Rich here,
First a quick note. I will be giving a webcast onmanaging SaaS security later this month. I am about to start writing more on the Cloud Security Gateway market and new techniques for dealing with SaaS.