Current Topics and Information

Focused on the ever-changing information security landscape

Sub-header Photo


Host Based Antivirus Near Its End

I read an article the other day where Symantec's information security chief declares the traditional antivirus is "dead" and "doomed to failure." With recent stories like this in the news, it is apparent that an organization’s security strategy has to include more than just host based antivirus. Antivirus has been seen as a checkbox item organizations [...] Read more

Read more

Navigating a Successful SIEM Strategy

It’s been my experience that deploying a successful SIEM strategy is like the “jump program” from The Matrix. Left on one’s own, without the help of the experienced experts, nearly all first attempts at SIEM fail. But, the good news is there are some steps you can take that will help ensure your organization achieves [...] Read more

Read more

Plaid CTF 2014 harry_potter Challenge

Accuvant sponsored the annual Plaid CTF event this year. It is one of our favorite events of the year for several reasons. First, we believe heavily in the lessons that these exercises teach. The time limits bring a motivating pressure; the result is often amazing feats of hacking that will be remembered for years to [...] Read more

Read more

The Blackstone Acquisition: Why It’s Exciting News

It’s official! The Blackstone acquisition of Accuvant closed yesterday and I’m extremely excited about what it means to our company, our clients, our employees, our partners and the information security industry at large. This new partnership is going to allow Accuvant to really step up and take a much bigger role protecting the way people, organizations [...] Read more

Read more

Drawing Parallels Between Non- IT and Security Engineering Principles (Part 2 of 2)

Continuing on from my last blog post; I was considering non-IT engineering/architecture principles I read in 101 Things I Learned in Architecture School by Matthew Frederick and how they apply to security engineering. Principle #4: As the design process advances, complications inevitably arise.* Architecture is great, however it is only architecture. When moving into design and engineering/implementation [...] Read more

Read more

Heartbleed Bug: Vendor Compensating Controls

A critical vulnerability in OpenSSL (CVE-2014-0160) known as the Heartbleed Bug was recently disclosed, affecting servers running OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows arbitrary memory readout, compromising the integrity of the secure channel, potentially exposing personal information such as passwords, credit card information and emails. Yesterday, we published a white paper on the Heartbleed Bug, [...] Read more

Read more

Newly Discovered Heartbleed Security Flaw Affects Many Internet Applications

The recently discovered Heartbleed Bug represents a serious vulnerability within the OpenSSL cryptographic library (CVE-2014-0160) used to encrypt communications between web applications, email exchanges, instant messaging clients and some SSL-based virtual private network connections. We’ve just released a detailed paper that provides more information on the Heartbleed Bug, its implications and recommendations for remediation. You [...] Read more

Read more

The DDoS Smash-And-Grab: Be Prepared

Enterprises and governments connected to the Internet today must treat distributed denial-of-service (DDoS) attacks as an everyday occurrence. DDoS technology is not new, but unlike the old days of "low and slow," the current toolsets widely available to attackers allow even inexperienced users to execute sophisticated attacks with ease. As hacker tools become easier to get [...] Read more

Read more
(119 Results)