Welcome!


Latest Blogs from Web Security Journal
While organizations spend the next few days and weeks patching OpenSSL vulnerabilities, the realization is setting in that we may never know the full extent of the damage caused by Heartbleed. Although Heartbleed was only announced in early April, it has actually been present in OpenS...
Appthority is an app risk management company with a Software-as-a-Service solution that analyzes mobile apps for hidden behaviors that pose privacy and security risks. Our main customers are large organizations and we provide them with the first all-in-one App Risk Management service t...
Last week was a crazy week for information security. That's probably also the understatement of the year. With the public exposure of Heartbleed, everyone was talking about what to do and how to do it to help customers and the Internet, in general, deal with the ramifications of such a...
This past weekend, like many of you, I started getting the blood curdling password resets from a bunch of OpenSSL affected sites. I also got a few emails from sites indicating that I had nothing to worry about. Bad news, good news. Probably the biggest security story thus far for 2014 ...
When I visit clients to talk about DevOps, I usually ask them what their monitoring strategy is. Too often, the answer I hear is "We use Nagios". I think Nagios is a great tool, but it sure is not a strategy. Nagios does a good job of monitoring infrastructure. It will alert you when y...
There are a variety of opinions on the seriousness of Heartbleed being put forth ranging from "it's not the end of the world" to "the sky is falling, duck and cover." Usually the former cites the relatively low percentage of sites impacted by Heartbleed, pegged at about 17% or 500,000 ...
Despite claims that there exists (or will, look out!) a mythical "god box" for the enterprise data center, capable of performing every data center function imaginable, it remains, well, mythical. Efforts to effectively secure the data center and the applications it delivers therefore r...
The industry often talks about how the data center perimeter is expanding,necessarily, due to technological shifts such as cloud and mobility and BYOD. But that isn't really the case. If you look closely, you'll see that the perimeter is actually shrinking, getting tighter and tighter...
The combination of cloud computing and big data is a match made in heaven. Big data requires a flexible compute environment, which can scale quickly and automatically to support massive amounts of data. Infrastructure clouds provide exactly that. But whenever cloud computing is discuss...
I am the CEO and founder of GovCloud Network, LLC. In a consultative role, I help companies develop and execute targeted media strategies via social media channels to over 1.5 million professionals across 20 industry verticals. With a specialty in cloud computing, we and our partners a...
When large enterprises move to a public infrastructure cloud (such as Amazon Web Services or others), it is a gradual, and often times, carefully measured process. Large enterprises strive for 100 percent certainty that the migration process will not impact the business; therefore, the...
"In Greek mythology, Atlas (/ˈætləs/; Ancient Greek: Ἄτλας) was the primordial Titan who held up the celestial sphere. He is also the titan of astronomy and navigation." (Wikipedia, Atlas) How apropos, then, that DNS should be much like the Atlas of the Internet, responsible for guidin...
Perhaps not as popular as its brothers and sisters I, P and S, Network-As-A-Service or NaaS has slowly started to appear in industry press, articles and presentations. While sometimes associated with a hypervisor based overlay solution, its definition is not very clear, which is not at...
A recent joint study from IDC and the National University of Singapore (NUS) predicts that companies around the globe will spend around $491 billion in 2014 for fixes and recovery from data breaches and malware. The sponsor, Microsoft, also noted that pirated software tweaked with inte...
One of the most common phrases heard when new technology is introduced is that it's going to "bridge the gap" between X and Y. X and Y are almost always one of three IT groups: development, operations and networking. And while that goal is admirable (and indeed there are techno-cultura...
I see and read a lot of IT articles almost demanding that organizations must do certain things to ensure that some piece of their infrastructure is secure, highly available, fault tolerant, agile, flexible, scalable, recoverable, cloud’able, whatever the silo needs or face the dire cir...
There are a few ‘The ______ of Our Lives’ out there: Days. Time. Moments. Love. They define who we are, where we’ve been and where we are going. And today, many of those days, times, moments and loves interact with applications. Both the apps we tap and the back end applications used t...
Once you learn the definition of shadow IT, it shouldn’t be too shocking to learn how widespread it is at companies large and small all over the world. I hate to assume, but the odds are, that you yourself have used a non-IT approved SaaS option for the same reason as everyone else, m...
It used to be called a business plan. But management-speak and a few decades of PC-fueled innovation changed that simplistic approach. Bill Gates famously entitled his first book The Road Ahead and although this didn’t officially help coin or endorse the phrase “roadmap,” it didn’t do...
Skyhigh Networks releases their second edition of the Cloud Adoption and Risk Report. As with the first edition of the report, the purpose of the report is to provide hard data on the actual use of cloud services within enterprises of all sizes. This report summarizes data from approxi...
Avalanche NEXT combines Spirent Avalanche's performance testing with Spirent Studio's threats and application emulation capabilities. It produces traffic with authentic payloads based on actual usage for realistic security, load and functional testing. It combines Spirent Avalanche's ...
Today PerspecSys announced the results of a survey conducted at the 2014 RSA Conference concerning the attitudes and policies of organizations towards cloud-based security. After polling 130 security professionals on the show floor of the RSA Conference, PerspecSys found that "an overw...
Disaster recovery is about being able to get your business back up and running as quick as you can after the disaster happens. Throughout this series, my teammates have focused on the Infrastructure side of the house, servers, virtual machines, etc. You can see the full series here: D...
The so-called Bring Your Own Device (BYOD) phenomenon has gone hand in hand with the consumerization of IT trend. Both of which sound like strangely disconcerting and confusing terms if taken out of context or presented to a layman or novice for the first time. Of course all we are ta...
I’ve been traveling the last few weeks shooting some videos for VMware PEX and RSA. When that happens, my browser tabs get crowded with the various stories I’m interested in but will read later. This time they all seemed to hover around Identity Theft. When I got home, in my awaiting p...
The Network Centric Operations Industry Consortium (NCOIC) has begun offering an open process that will enable governments, agencies and businesses to create and manage a secure, hybrid IT computing environment quickly and cost effectively. Known as the NCOIC Rapid Response Capability...
When considering the major benefits of modern cloud computing, the lower operational overhead of the cloud should be high on anyone’s list. But when it comes to sensitive data — such as healthcare, finance, retail or government data — security measures are needed to ensure privacy and ...
Looking back to one of my predictions for 2014, I had posited that traditional storage solutions labeled cloud will no longer fly this year, and some of the big-iron vendors will be forced to offer their wares as pay-as-you-go services. Perhaps this was stating an obvious eventuality a...
If you thought that cyber security threats were troubling in 2013, then you should brace yourself for the onslaught that's very likely in 2014. A new generation of security threats stemming from progressive business technology trends -- such as BYOD, mobility and cloud services adoptio...
Application developers are aware (you are aware, aren't you?) that when applications are scaled using most modern load balancing services that the IP address of the application requests actually belong to the load balancing service. Application developers are further aware that this me...
Crazy that this is the 20th installment of the Outtakes. We shot 10 videos this week and often, it did not go as planned. Here are our mistakes, flubs and fun.
AlephCloud has developed proprietary technology that enables secure collaboration without the need for a trusted third party. This “zero knowledge” model makes sure only authorized parties are privy to the information exchanged and stored, while nobody else has visibility, not even Ale...
I wrap it up from RSA 2014. Special thanks to F5’ers Mark DiMinico, Joel Moses, Ken Bocchino, Bob Blair, Corey Marshall and Michael Koyfman along with Chris Thomas of CARFAX and Jeremiah Grossman of WhiteHat Security. Also thanks to Eric, Mark, Jay, Cecile and Natasha for their camera ...
We are at it again! For the 4th year in a row, Jeremiah and I chat in our annual RSA video catch up. I get some interesting security insight from WhiteHat Security Founder & CEO Jeremiah Grossman. We touch on web vulnerabilities, mobile apps, why SQLi and XSS is still a problem for org...
While protecting employees from rogue sites and productivity hogs is critical, the employee’s ability to access SaaS applications is also critical for productivity. Sr. Global Security Solutions Architect Michael Koyfman shows how to layer SAML federated identity to Secure Web Gateway....
A lot of security-minded folks immediately pack up their bags and go home when you start talking about automating anything in the security infrastructure. Automating changes to data center firewalls, for example, seem to elicit a reaction akin not unlike that to a suggestion to putting...
Financial Services companies operate in a difficult environment. Many of their applications are absolutely vital to the proper workings of the global economy. They are one of the most heavily regulated industries in the world, and they are a constant target of hackers. Their systems ne...
“Edward Snowden’s leaks have heightened awareness of the risks in cloud. However, the word is still not viral yet that it’s now possible to apply Searchable Strong Encryption – that delivers AES -256- bit encryption, the highest commercially available level to protect data in cloud app...
With software defining everything these days, Corey Marshall, F5 Security Solution Architect, discusses F5 API’s and how they integrate with other technology solutions. He talks about iCall, iRules, iControl and iApps and where each is applicable. BIG-IP Programmability.
With the hum of a VIPRION as a backdrop, Chris Thomas, Network Manager for CARFAX, stops by F5′s RSA booth to talk about how CARFAX uses BIG-IP to secure their data, consolidate their infrastructure, and helps Chris sleep at night. CARFAX is the most trusted provider of vehicle history...