-
How Modern Encryption Standards May Impact Your Security Strategy
infosecAs modern encryption continues to evolve, so do security strategies centered around monitoring, detecting, and stopping malicious traffic. With Transport Layer Security (TLS) version 1.3 becoming the next thing, how might your security program be impacted? According to the Internet Engineering Task Force, about 30% of the current traffic by the major web browsers is utilizing TLS 1.3. TLS version 1.3 brings several improvements over previous versions, including increased performance and mandatory Perfect Forward Secrecy, among other features. Understanding encryption standards by reading the RFC can be daunting, so let us demystify version 1.3 and talk about how it could impact your organization.
Read more... -
Building A Comprehensive Vulnerability Management Program
infosecIn the security industry, we consistently hear the same mantra: “keep your software patched.” It is absolutely an essential part of securing an enterprise, and it is a clear enough goal, but when you dive deeper, most find it is just not that simple. Caveats, exceptions, and conflicts plague the patching process. Vendor and legacy software dependencies do not get patched. The difficulty of vulnerability management scales with the size and complexity of your environment. What is the best way to navigate these challenges and build an effective program? There is no single, “silver-bullet” answer, but let us go through some talking points on what makes a good vulnerability management program.
Read more... -
Why It Is Time To Move Siem To The Cloud
infosecThe 2019 Verizon Data Breach Investigations Report reveals that there is a trend shift towards a broader range of sectors targeted by bad actors. It’s no longer just Financial, Healthcare, and SCADA as the big targets. Now, and more than ever, almost all sector organizations that utilize technology must be aware of their IT risk and find ways to reduce it. A primary control in most cases involves using some form of SIEM to provide the visibility necessary to stop threats and detect breaches. But like everything else, the times are changing.
Read more... -
Intro To Developing Effective Security Orchestration And Automation Processes
infosecSecurity Orchestration, Automation, and Response (SOAR) has been a prominent buzzword in the information security community for a while. But what does it actually mean? I think it can mean different things for different organizations. As teams consume more data, the ability to process it becomes more difficult. Time, personnel, and skill restraints can affect the ability to respond timely to incidents, and routine tasks can suck away the more important time that your teams need. Automating portions of your incident response process can save valuable time and decrease your dwell time. I want to share how we are approaching SOAR and why, and then dive into the “how”.
Read more...