Skip to main content

Security Issues : Agencies Are From Venus -- Legislators Are From Mars

About two weeks ago I had the privilege of briefing legislative staff members in Washington DC on a variety of cyber security issues. I met with staffs from the offices of three senators and one congressional office. Some of the meetings were one-on-one and others were in a group setting. I went as part of group of cyber security experts lead by the Institute for Critical Infrastructure Technology (ICIT). Their goal is to bridge the[…]

Topics: CUSTOMERS, SECURITY

What's Wrong With Today's Security Technologies and Processes?

In general, today’s security operations center (SOC) monitors security alerts and alarms from security products and threats indicated by a security information and event management system (SIEM). These alerts and threats turn into cases that funnel into a workflow system in use by the security team. After initial review to determine if the alert is a false positive, additional data is gathered so that analysis can take place. To put it another way, the security[…]

Topics: LIFE AT EXABEAM, SECURITY

The Cyber Security Personnel Shortage, Identity Theft & Fraud at the IRS

Question: What do a wave of baby boomer retirements and a trend toward outsourcing have in common? Answer: The inability of state and local governments to fill cyber security jobs and increased risk of data theft. It’s clear that years of wage and hiring freezes have made retirement or a move to the private sector an easy choice for cyber security pros in the public sector. From a recent article titled, States struggle to hire[…]

Topics: CUSTOMERS, SECURITY

Security Breaches and the “Crown Jewels” of Creativity and Research

The resent data breach at Penn State was a reminder to me of how much research and intellectual property is created at America’s universities. Research in quantum computing, materials science, and missile propulsion systems are a tiny fraction of the intellectual property and research being worked on by universities under contract with and a wide variety of defense agencies or waiting for commercialization. This isn’t limited to the US. In the UK the Guardian reports,[…]

Topics: LIFE AT EXABEAM, SECURITY

Dyer Malware Updated to Defeat Malware Sandboxing Solutions

Is this the beginning of the end of effectiveness for malware sandboxing solutions? Many organizations have invested heavily in malware sandboxing solutions as a way to detect malware that gets past anti-virus products. For many, this is the most advanced weapon they have for detecting and preventing a data breach. Yet, it now seems evident that enough organizations have these in place for attackers to have noticed and taken a few steps of their own.[…]

Topics: SECURITY, TIPS AND TRICKS

With the RSA 2015 Security Conference Behind Us, What do I do Now?

Observations Before long, RSA will be a distant memory. This was the year that people started to realize that spending additional dollars on yesterday’s solutions to address today’s new security problems isn’t a winning strategy. Several keynote addresses (that seemed somewhat controversial) reflected this reality. Some of the larger vendors at RSA that have been hyping evolutionary advances on top of traditional technologies actually took to the stage to tell everyone else that security mindsets[…]

Topics: CUSTOMERS, LIFE AT EXABEAM, SECURITY

Meritalk's Cyber Security Survey: Too Much Data and No Complete Story

A recent survey of federal, state and local agencies by Meritalk tells a very interesting story. Five key facts stand out: 68% of cyber pros say their organization is overwhelmed by the volume of security data and 76% believe their security team is often reactive instead of proactive. 78% say at least some of their security data goes unanalyzed due to a lack of time and/or skill from their team. 9 out of 10 cyber[…]

Topics: CUSTOMERS, SECURITY

Attack of the Cyber Vampires--phishing at the White House

OK — my apologies up front for the headline but the analogy is too apt not to use. In Bram Stoker’s 1897 book Dracula, there’s a famous scene where Dracula is outside a castle window looking into the character Mina’s bedroom. He uses his powers to wake her from an erotic dream and still in a trance she walks to the window. Dracula is pretty happy because the only way a vampire can enter the[…]

Topics: LIFE AT EXABEAM, SECURITY

The Expanding Attack Surface: A Common Sense Security Approach

Recently, I had the pleasure of reading Jon Olsik’s opinion piece on The Increasing Cybersecurity Attack Surface. I agree with many of the opinions put forward in the piece. Those business advancements that leverage the Internet to offer new services to customers, streamline business processes, or create virtual supply chains have risk trade-offs. The need to adopt technologies to generate greater profits has always been placed ahead of the potential risk of implementation. Meanwhile, security[…]

Topics: LIFE AT EXABEAM, SECURITY

The Case of the Missing Laptop

Missing (or stolen) laptops are a big deal, but, they are an even bigger deal in the heathcare vertical. The HIPAA/HITECH act essentially updated HIPAA in 2009 to take into consideration electronic health records (EHR) data as the industry continues to move from paper to electronic recordkeeping. The HITECH Act now imposes data breach notification requirements for unauthorized uses and disclosures of “unsecured PHI.” These notification requirements are similar to many state data breach laws[…]

Topics: CUSTOMERS, LIFE AT EXABEAM, SECURITY
2017