SecMon State of the Union: Focusing on Use Cases

Posted under: Research and Analysis As we revisited the Security Monitoring Team of Rivals, it’s obvious that the overlap between SIEM and security analytics is past the point of no return. Thus with a Civil War brewing, the key goal is to determine what will be your strategic platform for ... Read More

The Security Profession Needs to Adopt Just Culture

Posted under: Research and Analysis Yesterday Twitter revealed they had accidentally stored plain-text passwords in some log files. There was no indication the data was accessed and users were warned to update their passwords. There was no known breach, but Twitter went public anyway, and was excoriated in the press ... Read More

SecMon State of the Union: Revisiting the Team of Rivals

Posted under: Research and Analysis Things change. That’s the only certainty in technology today, and certainly in security. Back when we wrote Security Analytics Team of Rivals, SIEM and Security Analytics offerings were different and not really overlapping. It was more about how can they coexist, as opposed to choosing ... Read More

Complete Guide to Enterprise Container Security *New Paper*

Posted under: Research and Analysis The explosive growth of containers is not surprising because the technology (most obviously Docker) alleviates several problems for deploying applications. Developers need simple packaging, rapid deployment, reduced environmental dependencies, support for micro-services, generalized management, and horizontal scalability – all of which containers help provide. When ... Read More
Firestarter-3-19

Firestarter: Auditors, Assessors, and Cloud.. Oh My!

Posted under: Firestarter This week the gang discusses Rich’s recent discussions with some clients struggling to deal with auditors and assessors who don’t really understand cloud computing. Watch or listen: - Rich (0) Comments Subscribe to our daily email digest ... Read More

Evolving to Security Decision Support: Laying the Foundation

Posted under: Research and Analysis As we resume our series on Evolving to Security Decision Support, let’s review where we’ve been. The first step in making better security decisions is ensuring you have full visibility of your enterprise assets, since if you don’t know the assets exist you can’t really ... Read More
The TENTH Annual Disaster Recovery Breakfast: Are you F’ing Kidding Me?

The TENTH Annual Disaster Recovery Breakfast: Are you F’ing Kidding Me?

Posted under: General What was the famous Bill Gates quote? “We always overestimate the change that will occur in the next two years and underestimate the change that will occur in the next ten.” Well, we at Securosis actually can gauge that accurately given this is the TENTH annual RSA ... Read More

Evolving to Security Decision Support: Data to Intelligence

Posted under: Research and Analysis As we kicked off the Evolving to Security Decision Support series, the point we needed to make is the importance of enterprise visibility to the success of your security program. Given all the moving pieces in your environment, including the usage of various clouds (SaaS ... Read More
Old School and False Analogies

Firestarter: Old School and False Analogies

Posted under: Old School and False Analogies This week we skip over our series on cloud fundamentals to go back to the Firestarter basics. We start with a discussion of the week’s big acquisition (like BIG considering the multiple). Then we talk about the hyperbole around the release of the ... Read More

Best Practices, Unintended Consequences, Negative Outcomes

Posted under: Research and Analysis Information Security is a profession. We have job titles, recognized positions in nearly every workplace, professional organizations, training, and even some early degree programs. I mean none of that sarcastically, but I wouldn’t necessarily say we are a mature profession. We still have a lot ... Read More
Loading...