Protecting What Matters: Defining Data Guardrails and Behavioral Analytics
Posted under: General Title: Protecting What Matters: Defining Data Guardrails and Behavioral Analytics This is the second post in our series on Protecting What Matters: Introducing Data Guardrails and Behavioral Analytics. Our first post, Introducing Data Guardrails and Behavioral Analytics: Understand the Mission we introduced the concepts and outlined the ... Read More
Building a Multi-cloud Logging Strategy: Issues and Pitfalls
Posted under: Heavy Research As we begin our series on Multi-cloud logging, we will start with why some of the traditional approaches to logging won’t work. I generally don’t like to start on a negative tone, but we think it is import to point out some of the challenges and ... Read More
DAM Not Moving to the Cloud
Posted under: Incite I’ve come to the conclusion that nobody is using Database Activity Monitoring (DAM) in public Infrastructure or Platform as a Service. I never see it in any of the cloud migrations we assist with. Clients don’t ask about how to deploy it or if they need to ... Read More
Cloudera and Hortonworks Merge
Posted under: News I’ve been planning to do a blog post on the recent announcement of the planned merger between Hortonworks and Cloudera, as there area number of trends I’ve been witnessing with the adoption of Hadoop clusters, and this merger I feel reflects them in a nutshell. But catching ... Read More
Building a Multi-cloud Logging Strategy: Introduction
Posted under: Heavy Research Logging and monitoring for cloud infrastructure has become the top question we are being asked. Even general conversations about moving applications to the cloud always seem to end up with clients asking how to ‘do’ logging and monitoring of cloud infrastructure. Logs are key for security ... Read More
Introducing Data Guardrails and Behavioral Analytics: Understand the Mission
Posted under: Research and Analysis After over 25 years of the modern IT security industry, breaches still happen at an alarming rate. Yes, that’s pretty obvious, but clearly disappointing given the billions spent every year to remedy the situation. Over the past decade, the mainstays of security controls have undergone ... Read More
Making an Impact with Security Awareness Training: Quick Wins and Sustained Impact
Posted under: Research and Analysis In our last post, we explained the concept of Continuous Contextual Content as a means to optimize the effectiveness of the security awareness program. It’s the acknowledgment that users won’t get it, not at first anyway. So that means you need to reiterate the lessons ... Read More
Making an Impact with Security Awareness Training: Continuous Contextual Content
Posted under: Research and Analysis As we discussed in the first post of our Making an Impact with Security Awareness Training series, organizations need to architect training programs around a clear definition of success, both to determine the most appropriate content to deliver, and also to manage management expectations. The ... Read More
Making an Impact with Security Awareness Training: Structuring the Program
Posted under: Research and Analysis We’ve long been fans of security awareness training. As evidenced in our 2013 paper Security Awareness Training Evolution, employees remain the last line of defense, and in a lot of cases, those defenses have failed. We pointed out many challenges facing security awareness programs, and ... Read More
Scaling Network Security: The Scaled Network Security Architecture
Posted under: Research and Analysis After going into the challenges with existing network security architectures (RIP Moat), we laid out a number of requirements for the new network security. This includes the need for scale, intelligence and flexibility. This sounds all good and well, but how do you get there? ... Read More
