Today's is a cautionary tale. One that you've probably heard before, but I
promise a new spin on making sure it won't happen again.
It's a true story. It recently happened to a colleague's friend's business.
But it is not an isolated incident. Because the information is sensitive and
the wounds still raw, I have changed the names to protect the innocent and
It was a dark and stormy night...
Dan is the CEO and CTO of a privately owned business that develops software
tools to manage lease lifecycles and other financial information. His primary
customer is commercial real estate agencies across the country. For the past
12 years, it has been highly successful despite some of the economic
battering the housing market took over the past several years. The company
clears somewhere in the neighborhood of 30-50 million per year. He employs
about 150 p... (more)
Last month, I published an article about a new unified security platform
called REACT (Realtime Event & Access Correlation Technology). All in all,
it received some very positive notices, but also raised some questions as to
what exactly the platform is, and why it should matter.
Simply put, REACT is an approach whereby an organization leverages the
capabilities of several security solutions into one central correlated
repository of security intelligence. For instance, key information from an
Access Management tool (such as SaaS SSO logins or views of/modifications
So much is written about the events outside your perimeter; those nefarious
and shadowy individuals and offshore syndicates who are looking to steal
technology or personal data or piggyback on your servers to peddle everything
from pirated products to pornography, implant botnets or viruses, or simply
to create corporate chaos. With all that weighing on our collective IT asset
protection strategies, it is easy to miss what a new Carnegie Mellon report
is pointing to as one of the fastest growing threats…insider breaches. Even
KPMG says this threat has tripled since 2007.
They co... (more)
I was chatting with an IT professional about the benefits of cloud-based
security and he kept referring to a recent risk assessment he performed. (And
if you haven’t done this lately, you should) But what got the gears in my
head turning is how interchangeably he used the terms “risk” and
Now on the surface they seem like the same component of security management.
I tend to disagree. In its simplest of terms, risk the probability or
frequency of doing harm while threat is the actual or attempted infliction of
that harm. Tomato, tomahto? Splitting hairs? It’s all about ... (more)
I recently came across an article regarding the difficulty of separating log
data from actionable events. The issue at hand is a network is pinged
potentially millions of times a day. Most of it innocuous-the legitimate log
on and off of employees, genuine transactions of data, etc… But what gets
lost amidst all this “white noise,” are the red flags that indicate
breaches or worse malicious activities.
It can be overwhelming. In fact, the article Struggling to Make Sense of Log
Data, points out a study by the SANS Institute that the biggest critical
concern for security is the a... (more)