In this conversation, MIAX Options CSO John Masserini discusses the threat detection and response space with AlienVault President and CEO Barmak Meftah.
An early adopter of threat intelligence, Masserini notes its challenges and asks Meftah what AlienVault is seeing in the market and how threat intelligence is being integrated into companies’ security organizations.
Meftah describes AlienVault’s crowdsourcing approach and how it is helping SMBs centralize and simplify their threat detection and response. They were speaking in this sponsored podcast at the Black Hat Conference in Las Vegas earlier this month.
Mahon speaks with Podcast Host David Cass, Global CISO IBM Cloud & SaaS
David Mahon, CenturyLink Chief Security Officer discusses what he sees as two of today’s critical security issues and how to tackle them with host David Cass, Global CISO IBM Cloud & SaaS.
Mahon points to phishing and ransomware as the most prevalent types of attacks he is seeing in the industry.
The two executives talk about the importance of security awareness training and Mahon provides tactical approaches to reduce the likelihood of a successful breach. They also discuss metrics, ROI and best practices for reporting to the board.
By Randy Marchany
Virginia Tech CISO
No network is impenetrable, a reality that business executives and security professionals alike must accept. The traditional perimeter focused approach to cybersecurity has often failed to prevent intrusions, especially in an application-focused paradigm.
While prevention is crucial, timely incident detection of anomalous behaviors for data ex-filtration are key. Continuous monitoring assumes the attackers are already inside of the network and using the right tools, data, and strategies to interrupt the attackers communication channels are needed to mount a successful breach.
By David Sheidlower
Global Media and Advertising CISO
Is that news? No, of course it isn’t. In fact, deterrence (fear) may seem like an odd concept for cybersecurity. Arguably, except for highly visible physical access controls, virtually all other cybersecurity controls are designed to keep an incident from happening (i.e. protective/preventive) or detect and then respond/recover when it has.
A guard with a gun. That’s deterrence. An armed guard standing next to a metal detector between the thief and the elevators to your office may convince the thief to try the building down the street.
By Mitch Parker
In this three-part series, Academic Health care CISO Mitch Parker shares his insights on ransomware, incident response and best practices for building a world class prevention program.
Ransomware has been the buzzword du jour for the past year in computer security. This mostly unsophisticated attack type uses deception and already-existing means of communication to destroy the integrity of systems and shut down businesses by holding their critical assets for cryptocurrency ransom via encryption.
In my opinion, there has been little thought to either mitigating the risks caused by ransomware attacks, or an overall attempt to use products to fix what a good incident management process should.
In addition, newer versions of ransomware are utilizing more sophisticated means to cloak themselves, bypass defenses, and cause damage, propelling this threat as one of the industry’s most critical.
The first important item to keep in mind is that most computers are based on the Von Neumann architecture, where memory holds both data and the programs that manipulate it. Therefore, it is always possible to manipulate data to affect stored programs, and vice versa. One doesn’t need Phrack 49, Smashing the Stack for Fun and Profit, to tell you that.
Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.
Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.
A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower
In this podcast, host David Cass speaks with Spirent Communications John Weinschenk
David Cass, IBM cloud & SaaS global CISO and John Weinschenk, Spirent Communications general manager enterprise and network application discuss the potential hacking of medical devices and automated cars.
In this Spirent-sponsored podcast, Weinschenk explains how they worked with a surgeon to hack a medical device. He also talks about a second hack they conducted on an autonomous car that allowed them to take control of the systems and vehicle itself.
They discuss what needs to be done to secure these Internet of Things (IoT) devices and how manufacturers need to start thinking about how these systems can be exploited.