Secure Configuration in Cloud – IaaS, PaaS and SaaS Explained

| | Cloud, cloud services, IaaS, paas, SaaS
If I asked you what security products you had in place to manage your risk within your IT organisation 10 years ago, you’d probably have been able to list a half dozen different tools and confidently note that most of your infrastructure was covered by a common set of key ... Read More

Psychological Tricks of the Malware Trade

As a Professional Services Consultant, I have the pleasure of traveling all around the globe meeting clients and talking to a wide variety of IT security professionals who form the front line of defence against malware. One of my favorite topics is how people got their start in their careers ... Read More

Adding to the Toolkit – Some Useful Tools for Cloud Security

With more business applications moving to the cloud, the ability to assess network behavior has changed from a primarily systems administration function to a daily security operations concern. And whilst sec-ops teams are already familiar with firewall and network device log tools, these can be of limited used in a ... Read More

How Do You Measure Your Investment in Security?

When evaluating enterprise security tools for their effectiveness, it can be challenging to find the right model for best calculating your “Return on Security Investment” (ROSI). Just a few years ago, the potential cost attributed to a security breach was likely to be primarily related in the assessed financial cost ... Read More

Achieve Security Through Compliance in the Cloud

| | CIS, Cloud, Compliance
Digging through my cupboards recently, I came across my old collection of 3½ floppy disks. It’s been quite some time since I’ve had a need to plug in my trusty USB floppy drive, so upon making this great archaeology discovery, I was left simply to ponder about their content and ... Read More

Lessons to Learn from Armored Cars in the Era of Cloud Computing

| | Cloud, cloud computing, DEVOPS
We employ a lot of militaristic terms in the IT security sector, and the language of defense is robust in part because it draws upon a rich history of technical innovations. When we talk about the future of IT, it’s hard not to think about cloud infrastructure, so when we’re ... Read More

Read All About It: The Breaches That Won’t Make the Headlines

It’s been a busy few months for those tracking cybersecurity breaches. Considering that this quarter alone has seen headlines for British Airways identifying additional victims behind its already significant breach, Facebook’s massive messaging leak and Yahoo’s significant payout related to earlier data breaches, there are plenty of high profile cases ... Read More

Catching Configuration Changes that Can Lead to Data Exposure

Amazon’s new security issue, which came to light just days before one of its biggest sale events of the year, is making recent headlines. And whilst it probably won’t stop the online retail giant from achieving a profitable Black Friday and Cyber Monday this year, it certainly will make many ... Read More

Turning Malware Trends into Proactive Behaviors

Most of the industry agrees: malware is on the rise. My news feed rarely manages a week without an incident making the headlines. Here are some of the most recent events I’ve seen: Online retailer Newegg suffered a data breach at the hands of the same threat actor that’s responsible ... Read More

Is Your Security Dashboard Ready for the Cloud?

The ability to feed key security information onto a big screen dashboard opens up many new opportunities for managing the day-to-day security and maintenance workload as well as providing a useful method of highlighting new incidents faster than “just another email alert.” Most Security Operation Centres I’ve visited in recent ... Read More