ADS BY GOOGLE
From the Blogosphere

Is the cloud inherently insecure? Should we be yearning for the Good Old Days? Hackers and outages have certainly made sure it has rained on the cloud parade in recent months. Repeated attacks on Sony’s Playstation network have rekindled the debate about the security of the cloud as h...
IT security is all about trying to lower risks and increase the protection of your organization. With each new technology that comes along, there’s a new security challenge. Some of those technologies – like wireless networks or the Internet – have such an impact on security that they ...
Bob Gourley recently wrote about the dangers of a Maginot Line approach to network security in “The Maginot Line of Information Systems Security“, based on of the paper by Dr. Rick Forno. In the Second World War, the French relied on the Maginot Line, a string of fortifications along t...
People who are familiar with me know that there are two things I’m not forgiving about. The first is backups, the second is security. If backups interest you, perhaps we can discuss it some other time. This time we’re going to discuss security. I’m going to outline in the following a...
Military cyber defenders face a tough challenge. Many of them have been trained in warfighting specialties like aviation, infantry, amphibious operations, submarine warfare etc, then one day they wake up with orders to a unit with operational cyber defense responsibilities. I’ve seen ...
Is your stomach turning or does it feel a calm satisfaction halfway through 2011? What seemed like a relatively calm 2011 during the first couple months has turned into a banner year of breaches. The forecast could qualify as: In like a Lamb, out like a Lion as they say. When thinki...
Attacks are ongoing, constantly. They are relentless. Many of them are mass attacks with no specific target in mind, others are more subtle, planned and designed to do serious damage to the victim. Regardless, these breaches all have one thing in common: the breach was preventable. At ...
As mainstream cloud adoption picks up pace, concerns such as security and compliance have spurred growth in the private cloud sector. New offerings in this sector seek to balance the economies of scale that a public cloud can offer with the security and control that a private cloud off...
This is the second installation on my series about Computer Network Operations (CNO). The last blog explored the actions known as Computer Network Exploitation (CNE), and as always, please feel free to comment. Today, the topic switches from exploitation to defense. Computer Network...
Not that I really needed to point his out but, security attacks are moving ‘up the stack.’ 90% of security investments are focused on network security, yet according to Gartner, 75% of the attacks are focused at the application layer and ‘over 90 percent of security vulnerabilities ex...
For years, Security Information Event Management (SIEM) has been an effective tool for optimizing the identification of security threats. However, because it rarely leverages all IT information, SIEM is unable to comprehensively scale to address the other two cornerstones of the moder...
Botnets? Old school. Spam? So yesterday. Phishing? Don’t even bother…well, on second thought. Spaghetti hacking like spaghetti marketing, toss it and see what sticks, is giving way to specific development of code (or stealing other code) to breach a particular entity. In the pas...
Designing and creating secure software is absolutely critical. It requires training, experience, education and process. In the modern world software gets very complex, and doing it securely requires a scientific approach. A discipline has arose to meet this need. In this discipline a h...
Cloud security remains a top concern for enterprise cloud deployments. Unresolved policy and control issues make it difficult to meet the requirements of corporate security and networking teams. As a result, we frequently hear from our customers that they assume they can only put the l...
As every one knows the big hold up for Cloud computing is the issue of Trust, of a sense of insecurity of a remote hosting environment rather than one where you can go down the hall and cuddle the servers for a nice warm glow. The NIST Recommendations Document naturally therefore incl...
Congratulations and thank you to the winners and participants of the DocuSign Hackathon! I wanted to do a postmortem and share some of my observations. Let’s examine the characteristics of the successful teams...
A few years ago, a gentleman created a video showing how quickly an unpatched, unprotected Windows XP machine was infected once connected to the public Internet (the linked video is worth a watch, and is short). That video took the business community pretty much by storm, but was old n...
First-Ever eSignature Hackathon Awards $25,000 in Cash Prizes to Innovative Apps with Integrations on the DocuSign Application Programming Interface (API) We’re excited to announce the winners of the first-ever ESIGN Hackathon! Following 35 non-stop hours of heated competition, D...
Cloud and security still take top billing in many discussions today, perhaps because of the nebulous nature of the topic. If we break down security concerns in a public cloud computing environment we can separate them into three distinct categories of risk – the infrastructure, the app...
A few years ago, Washington D.C.’s Metropolitan Police Department revolutionized its patrols, the backbone of law enforcement, by installing laptops into squad cars, allowing officers to have true two-way communication with dispatchers, keep track of other calls and incidents in ...
Just kidding…partially. Have you seen the latest 2011 Verizon Data Breach Investigations Report? It is chock full of data about breaches, vulnerabilities, industry demographics, threats and all the other internet security terms that make the headlines. It is an interesting view into...
Wednesday morning I received new photographs of Sofia from the State Department in Washington, DC. Sofia remains in Syria since being abducted in July 2010. The day after my last tweet regarding the lack of any new information about my abducted daughter Sofia since March 4, I received ...
It has been a while since I wrote a Load Balancing for Developers installment, and since they’re pretty popular and there’s still a lot about Application Delivery Controllers (ADCs) that are taken for granted in the Networking industry but relatively unknown in the development world, I...
Note: While talking about this post with Lori during a break, it occurred to me that you might be thinking I meant “MS Windows”. Not this time, but that gives me another blog idea… And I’ll sneak in the windows –> Windows simile somewhere, no doubt. Did you ever ponder the history of ...
As part of federal CIO Vivek Kundra’s 25-point plan to reform federal IT management announced last December, federal agencies must adopt a “cloud-first” policy that requires them to move three applications to the “cloud” over the next 12 to 18 months. Agencies must identify the three “...
As we’ve seen with some of the recent high profile internet attacks, like HBGary, RSA, Google, Comodo and others, no one is immune from being a target and the perpetrators are exceedingly organized, exceptionally skilled and extremely well-funded. Often, the culprits might be better tr...
Last year I embarked on a blog series, lead by my trusty advisor CloudFucius, that evolved into an exploration of the numerous cloud computing surveys, reports, statistics and other feelings about the technology. At the time, 4-5 surveys a week were being released covering some aspect...
I read an article that lays out how to ensure your data is protected when you’re running IT on the Cloud. It brought up a few good points that I think can be added upon. For one, it urges organizations to select service options such as performance and capacity levels that best suit t...
Lack of data security is often due to corporate culture and the fear of change. Unfortunately, there are executives who believe IT security will hinder users’ business productivity. However, a culture of data security is not one that limits the ability to succeed in business, but one t...
Last week (see part 1, part 2 and part 3 here) we saw that a proper Log Management tool is a powerful tool to catch the bad guys. Advertise your use of such a tool and you will send a clear signal to would-be attackers that they will be caught, which will act as a powerful deterrent, ...
Denial-of-Service attacks are nothing new, and they’ve been a thorn in the side of data center managers and IT staff for decades now. For most organizations a decade ago, DOS attacks were often little more than an annoyance, and meant restricted email or Internet access for a short tim...
comScore always has some very interesting statistics when measuring the digital world and these recent reports are no different. The 2010 U.S. Digital Year in Review has great info both in understanding media trends and knowing what the end user is actually doing out there. The 2010 ...
Let’s review why logs are such a popular and powerful tool when performing forensics, and how to insure that investigators are working from a clean stream of data. Logs used in forensics have several distinct advantages. First, logs can be used not only to solve the IT crime, but als...
To ensure our customers continue to trust DocuSign for the fastest, easiest, most secure way to get a signature, it’s important that we put further safeguards in place to protect our multi-tenant data centers. While you have probably already heard through our webinars and certification...
The London Stock Exchange, Android phones and even the impenetrable Mac have all been malware targets recently. If you’re connected to the internet, you are at risk. It is no surprise that the crooks will go after whatever device people are using to conduct their life – mobile for ex...


ADS BY GOOGLE