Current Topics and Information

Focused on the ever-changing information security landscape

Sub-header Photo

ACCUVANT BLOG

Addressing Insider Cybercrime

In a previous blog post, I discussed what triggers insider threat within an organization. Understanding these threats is important so that your organization can take the necessary steps to prevent insider cybercrime. To help minimize the risk, organizations should [...] Read more

Read more

Detecting Shellshock with SIEM Solutions

At the end of September, a serious vulnerability (CVE-2014-6271 and CVE-2014-7169) came to light affecting Linux/Unix and Apple OS X. The seriousness of the Bash Shellshock vulnerability is that it allows unauthenticated, arbitrary code execution remotely. [...] Read more

Read more

Thoughts after a Month With Blackphone

About a month ago, I decided to order a Blackphone. The product web site makes some tall claims about security, even calling it "A secure smartphone." This kind of proclamation is rather bold, perhaps even disingenuous, and often leads to intense scrutiny in the security community. [...] Read more

Read more

What is the Bash Shellshock Bug?

It has been discovered that vulnerability exists within the Bash command-line shell, which has been around for years, is now being actively exploited. What is being dubbed the “Shellshock” bug is a flaw that affects all Linux and UNIX operating systems including Mac OS X. [...] Read more

Read more

The Key to a Strong IT Security Program

Over the years, I have worked in top positions in the security departments of several major enterprises, which has given me insight into what separates a really strong IT security organization from one that’s just average. I’ve learned that there are key characteristics that IT security managers should try to implement into their organization to build more successful security programs. [...] Read more

Read more

Your Network: An Asset or Liability?

The recent breaches at major retailers show that a network and Internet connectivity is not only an asset for an organization, but can also be a liability. To be more specific, a network that provides services to unauthorized parties is a liability to an organization. Continuing from my post from earlier this week, using a next generation firewall as a gateway between segments increases the visibility of network traffic patterns. [...] Read more

Read more

Next Generation Network Design

In my previous blog post, I discussed the basic level of network segmentation. While segmentation creates separate compartments between different areas of the business, as with the Titanic, it does not make it unsinkable. Diving deeper into the world of network segmentation, past virtual local area network (VLAN) segmentation, having compartments between different parts of the network is not enough. [...] Read more

Read more

A CISO Needs a Plan

I had the opportunity to talk with Tim Wilson on Dark Reading Radio recently. The topic we discussed is one that cannot be overemphasized these days given the number and magnitude of data breaches that have been disclosed in recent months: building security programs for large enterprises. [...] Read more

Read more

Endpoint Security: What Are the Options?

In today’s security world, organizations have countless options when it comes to choosing vendors and securing their data and network. Now break that down into each component of that security program, from firewalls to wireless, and there are more choices. However, what about endpoint security? [...] Read more

Read more
(131 Results)