Welcome!


From the Blogosphere

Dorothy the CIO was walking the yellow brick road of planning. She was on her way to the Emerald City to ask the great wizard of the agile data center for advice. Along the way she met two other CIOs who joined her on the journey, nicknamed Tin Man and Scarecrow. Their travels brought ...
Avito, a Russian eCommerce site and portal, uses big data technology to improve fraud detection, as well as better understand how their users adapt to new advertising approaches. This BriefingsDirect big data innovation discussion examines how Avito, a Russian eCommerce site and porta...
A network-centric systems approach to IoT has begun to dramatically affect physical security. The opportunity reaches well beyond simply connecting new sensors and information sources. Integration of sensors and controllers is a necessary step and serves as a foundation for generating ...
Gareau: In the past few months we have seen the proliferation of “commercialized cyber attack services,” notably Lizard Squad and the tool that they used to take down Xbox Live and Playstation during the Holidays. As these services become more popular, large-scale DDoS attacks will be ...
We found all manner of interesting practices and trends as it relates to cloud and security in our State of Application Delivery 2015 report. One of the more fascinating data points was a relationship between security posture and cloud adoption. That is, it appears that the more applic...
Our new assessment offering stems from our direct client experience and from critical data points garnered from our upcoming 2015 Global Threat Intelligence Report, which will be available next month (May 2015). The report, which was commissioned by our parent company NTT, found that t...
Privileged Identity Management (PIM) is the lowest common denominator in today’s most treacherous corporate and governmental security breaches. Or more accurately: Privilege Mismanagement. Sony, Target, Anthem, JP Morgan Chase, the city of San Francisco and many others succumbed to the...
The clamor surrounding enterprise cybersecurity is to be expected, of course, with all the breaches – ahem, “incidents” – over the last year or so. Home Depot. Target. Anthem. The list goes on and on. And with breaches come enterprise dollars, frantically swirling over the proverbial b...
Twitchell: We actually dynamically shuffle the location of data blocks across different geographic locations to radically improve data security and integrity while improving network performance. Dispersive™ SDS underpins DispersiveStorage™; this new solution works seamlessly with Dispe...
The average length of time in the commercial sector between a network security breach and when the detection of that breach is more than 240 days, according to Gregory Touhill, deputy assistant secretary of Cybersecurity Operations and Programs for the Department of Homeland Security. ...
Web application security. Everyone knows how important it is (and if they don't, they should) and yet the complexity of managing services that provide it often result in, shall we say, less than holistic coverage of applications. At least that seems to be the case given some rather dis...
SYS-CON Events announced today that WHOA.com, an ISO 27001 Certified secure cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 16th International Cloud Expo® New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. WHOA.com is a le...
In recent years, the US government has become a leading advocate for continuous monitoring of security threats and vulnerabilities. But how effectively are departments and agencies in implementing these programs? And how do we measure success? Moving Towards Continuous Monitoring Tho...
For most C-level executives (and most of the rest of the planet too), the concept of ‘risk’ is generally first perceived as a negative. The notion of risk as a business positive (or a ‘business enabler’ even) is fanciful, flaky and fraught with fallibility – isn’t it? This proposition...
What keeps an IT manager up at night? Ghosts, goblins and ghouls? Guess again. It takes more than a few measly monsters to cause a lack of sleep in today’s IT department. IT used to exist primarily to monitor and maintain systems, protect against data breaches and malware attacks, an...
Recently, we released the results from the cloud edition of our 2015 Insider Threat Report. My colleagues Andy Kicklighter and CJ Radford delved into the results in their blog posts from March 24 and March 26, and I’ve gone into a bit more detail about the findings below. But, the purp...
This book does a great job of covering all the security topics you need to know about to work successfully in a decent size enterprise. This book is a beast!!! It is 100% textbook, with a lot of exercises at the end of the chapters. If your class uses this book, get ready for a fire h...
One of the most difficult things to do today is to identify a legitimate user. Part of the problem is that the definition of a legitimate users depends greatly on the application. Your public facing website, for example, may loosely define legitimate as "can open a TCP connection and s...
Keeping data from getting out into the wild or being damaged by cyber attackers is what keeps CISOs, the executive team and boards of directors up at night. To protect organizations, cybersecurity needs to be automated and real-time, it needs to learn contextually like we do and it nee...
If you have a Network Operations Center (or NOC, as the kids call it), you have a skilled set of eyes monitoring your system and alerting your engineers when things go wrong. (If you have something like a NOC, such as a first tier team that processes tickets, we’re looking at you, too)...
With recent high profile data breaches companies should ensure they have the five following file governance policies in place in their company to secure their file assets. Ensure that an Identity Management policy is in-place, is clear, and if one exists that it is validated and check...
I’ve been travelling recently. To places and fields that have limited to no mobile connectivity and this can be a challenge when a challenge arises. Immediately following Mobile World Congress in Barcelona earlier this month, my family embarked on a multi-week European vacation. After...
At the recent Mobile World Congress 2015 (MWC) in Barcelona, we heard operators and vendors discuss the future of mobile network connectivity around the globe. While we look forward to new updates on this subject (and updates from these major players), the conference was also ripe with...
Throughout the enterprise there are security personnel using a variety of processes and tools to conduct their incident response, network defense, and threat and risk analysis. Security team efforts haven’t been integrated, or if they are integrated, it is only through rudimentary tech...
After an application crash, we know how important it is to figure out what went wrong and plan so it doesn’t happen again. In this post, we’ll look at some common causes of major website crashes, along with preventive measures you can take to avoid them in the future. With this extra k...
At some point in the near future, our alarm clock will ring when the biometric scanner monitoring our sleep indicates we have achieved optimum rest. Our clock will connect with the coffee maker, and a steaming cup of brew will be waiting, while the lighting system in our home gradually...
A virtual Chief Information Security Officer (CISO) can be an invaluable asset to your company. The virtual CISO provides your business with a person that will be in charge of the electronic security aspects of your company. You will have an executive in place that will not only overse...
Health Shared Services BC in Vancouver implemented one of the healthcare industry’s first Service Asset and Configuration Management Systems to help them optimize performance of their IT systems and applications. We'll explore how HSSBC has successfully implemented one of the healthca...
A new report sponsored by CA Technologies examines how IT and business leaders aim to sync the security and mobile user experience. CA Technologies’ latest research determines that though top concerns of IT Security practices include the elimination of breaches, data protection and ide...
This year has brought big news, significant changes and increased awareness of the adoption of cloud computing in Government. In fact Cloud computing may be the biggest and most overhyped term in Government information technology today. It is also the most discussed topic in agency s...
The GoDaddy customer breaches didn’t have to happen and don’t have to happen to you. Cisco threat researchers recently reported a dramatic uptick in Angler Exploit Kit-based attacks connected to compromised GoDaddy domain registry accounts. GoDaddy, which manages nearly a third of al...
Like DDoS attacks, aggressive screen scraping can create huge spikes in traffic, cause brownouts, and even take you down for extended periods of time. Web scraping doesn’t make the headlines and most people aren’t aware of the damage it can cause to your website’s success. Thieves an...
Application troubleshooting survey reveals integrated tools lead to significant response time improvements Thirty-seven percent of developers rely on user notifications to identify issues, yet integrated tools reduce customer impact by 62%. See the Infographic below or download the c...
When it comes to cybersecurity initiatives, the U.S. government has not taken a back seat. Perhaps owning to the number of high profile breaches and damaging insider attacks that have occurred in the past few years, this White House in particular has been very vocal about the federal g...
A discussion from The Open Group San Diego 2015 examining the both need and outlook for Cybersecurity standards among supply chains. The latest discussion, examining the both need and outlook for Cybersecurity standards among supply chains, is moderated by Dave Lounsbury, Chief Techno...
If you’ve ever watched a submarine movie like The Hunt for Red October, Crimson Tide, or U-571 you’ll notice that these scripts always include running a surprise drill soon after getting underway from port. When a submarine submerges after a long port call one of the first things a cap...
Where were you on February 3, 2015 at 3:40 p.m. PST? Snowed in? Desperately trying to refresh Netflix? If so, you weren’t alone. It turns out even best and biggest companies experience failure from time to time. Despite the success of their Chaos Monkey approach to operations, the Inte...
Some times our customers would prefer to use SSH to connect from the server our XL Deploy is running on and their targets. By default Windows does not support SSH, but XebiaLabs’ tools do support SSH on windows. The tricky part is that most implementations of SSH for Windows also req...
FedRAMP defines the requirements for cloud service providers’ security controls, including vulnerability scanning, incident monitoring, logging, and reporting. CSPs in use at federal agencies or in acquisition must meet the cloud computing requirements defined by FedRAMP. Whether o...
Over the last several weeks, we’ve examined the risks of using the public cloud in the enterprise workplace. From unauthorized file access to regulatory noncompliance, the potential scenarios vary from dire to more dire – and it’s up to decision makers to take control of their organiza...