Of all the strategies and tactics available to prevent breaches, deter data
leakage and theft, control access and secure beyond the so-called network
perimeter, the one that is emerging as an achievable and affordable best
practice is that of unified security from the cloud.
But if you look across the web, you will no doubt come across various
versions of what constitutes “unified,” what is “protected,” and,
what is “security from the cloud?” Luckily this means that the concept of
unified security from the cloud is becoming more and more of a best practice.
In general, the practice of unified security is the centralization of all
security functions under one umbrella across the enterprise. This means more
than ensuring data encryption. It means more than access policies. It means
more than intrusion detection, malware blocking, data review. It’s more
than ensuring ... (more)
The modern enterprise is a fluid entity. As an IT construct it expands and
contracts (sometimes simultaneously), and many of the moving parts (like
users and applications) are themselves evolving and changing. This creates
unique challenges in operational efficiencies, core competency support,
compliance observance and risk management. The central theme to all these
challenges is establishing and maintaining control of applications which
serve as gateways to all the valuable data (personal, trade secrets and other
IP) on which an enterprise exists. Many companies have turned to ... (more)
Last month, I published an article about a new unified security platform
called REACT (Realtime Event & Access Correlation Technology). All in all,
it received some very positive notices, but also raised some questions as to
what exactly the platform is, and why it should matter.
Simply put, REACT is an approach whereby an organization leverages the
capabilities of several security solutions into one central correlated
repository of security intelligence. For instance, key information from an
Access Management tool (such as SaaS SSO logins or views of/modifications
For all the right reasons, your company has been thinking about deploying
SIEM…to create an alert system when those with less than good intentions
come knocking; to remediate potential network threats; to comply with
federal, state or industry regulations; and identify the risks and
vulnerabilities throughout the enterprise IT infrastructure and architecture.
If you maintain even a modest (SMB -> Fortune 1000) organization that has any
online identity, SIEM should be the cornerstone of your asset protection
First and foremost, SIEM (and to a certain extent log manageme... (more)
“Don’t care how…I want it now!”
-Veruca Salt (Willy Wonka and the Chocolate Factory)
We live and work in a world of immediate gratification. In the name of
greater productivity if you need to check inventory from a supplier’s
warehouse…click there it is. Share a file on Dropbox, no problem. Add
detail about a meeting in the sales database… click! Update your Facebook
or LinkedIn status. Email a white paper to a potential client...click, click.
Want to see that flying pig meme…well, you get the picture.
Now that’s not necessarily a bad thing…unless you’re an IT professional
and th... (more)