Understanding and Selecting RASP: 2019
Posted under: Heavy Research During our 2015 DevOps research conversations, developers consistently turned the tables on us, asking dozens of questions about embedding security into their development process. We were surprised to discover how much developers and IT teams are taking larger roles in selecting security solutions, working to embed ... Read More
What We Know About the Capital One Data Breach
Posted under: Research and Analysis I’m not a fan of dissecting complex data breaches when we don’t have any information. In this case we do know more than usual due to the details in the complaint filed by the FBI. I want to be very clear that this post isn’t ... Read More
Apple Flexes Its Privacy Muscles
Posted under: Research and Analysis Apple events follow a very consistent pattern that rarely changes beyond the details of the content. This consistency becomes its own language. Attend enough events and you start to pick up the deliberate undertones that Apple wants to communicate, but not directly express. They are ... Read More
DisruptOps: The Security Pro’s Quick Comparison: AWS vs. Azure vs. GCP
Posted under: Research and Analysis I’ve seen a huge increase in the number of questions about cloud providers beyond AWS over the past year, and especially in recent months. I decided to write up an overview comparison in a post over at DisruptOps. This is going to be part of ... Read More
Selecting Enterprise Email Security: The Buying Process
Posted under: Research and Analysis To wrap up the series, we are going to bring you through a process of narrowing down the shortlist and then testing the products/services in play. With email, it’s less subjective since a malicious email is… well, malicious. But given the challenges of doing policy ... Read More
Selecting Enterprise Email Security: Scaling to the Enterprise
Posted under: Research and Analysis As we continue down the road of Selecting Enterprise Email Security, let’s hone in on the “E” word – Enterprise. Email is a universal application, and scaling up protection to the enterprise is all about managing the email security in a consistent way. So in ... Read More
Selecting Enterprise Email Security: Detection Matters
Posted under: Research and Analysis As we covered in the introduction to the Selecting Enterprise Email Security series, even after over a decade of trying to address the issue, email-borne attacks are still a scourge on pretty much every enterprise. That doesn’t mean that the industry hasn’t made progress, it’s ... Read More
Selecting Enterprise Email Security: Introduction
Posted under: Research and Analysis It’s 2019, and we’re revisiting email security. Wait; what? Did we step out of the time machine and end up in 2006? Don’t worry; you didn’t lose the past 13 years in a cloud of malware (do you see what we did there?). But before ... Read More
The ELEVENTH Annual Disaster Recovery Breakfast: Is that you Caesar?
Posted under: General Things have been good in security. Really good. For a really long time. We can remember when there were a couple hundred people that showed up for the RSA Conference. Then a couple thousand. Now over 40,000 people descend on San Francisco to check out this security ... Read More
Quick Wins with Data Guardrails and Behavioral Analytics
Posted under: Research and Analysis This is the third (and final) post in our series on Protecting What Matters: Introducing Data Guardrails and Behavioral Analytics. Our first post, Introducing Data Guardrails and Behavioral Analytics: Understand the Mission we introduced the concepts and outlined the major categories of insider risk. In ... Read More
