May 18, 2015 | Javvad Malik

Tweetchat about Threat Intelligence: The Final Analysis

Twitter can be both an extremely fun and infuriating medium to communicate via. Limited to 140 characters, one has to resort to creative ways to make a point succinctly. Last week, we thought we’d kick the proverbial hornets nest with a tweet chat on the topic of threat intelligence. As expected, the conversation flowed fast and furious and often down…

May 14, 2015 | Mike Schwartz

OAuth2 as the solution for Three IoT security challenges

Ideas on managing IoT in your house While participating on the Open Interconnect Consortium Security Task Group, I offered to describe a use case for Internet of Things (IOT) security that would illustrate how OAuth2 could provide the secret sauce to make three things possible that were missing from their current design: (1) leveraging third party digital credentials (2) centrally managing access…

Get the latest
security news
in your inbox.

Subscribe via email

  RSS  

May 13, 2015 | Javvad Malik

When Bad Things Happen in Good Software

When I was 9, I left school one day to see my mum was not there to pick me up. I thought she may be a few minutes late so spent some time playing with friends in the playground until each and every one of them were picked up and I was left alone in school. Minutes felt like hours as…

May 13, 2015 | Javvad Malik

Ethics, security and getting the job done

Security professionals can sometimes find themselves caught up in dilemmas. On one hand processes and procedures are put in place to ensure the security of systems whilst maintaining accountability - these very same principles can become barriers at times when getting the job done is imperative. It can put a professional in a tough spot where adhering to the principles…

May 12, 2015 | Garrett Gross

A New Cedar Fever for Your Web Server

Checkpoint recently published a report detailing a new attack campaign, dubbed ‘Volatile Cedar’, targeting environments across the globe. While some of the known targets have been larger environments (including defense contractors, telcos, and educational institutions), there is no evidence that would indicate that these attacks are aimed at any specific industry or company size. The actors involved in…

May 7, 2015 | Richard Kirk

There’s a Cuckoo in my Nest. Time to talk about security for the Internet of Things

As the Internet of Things rapidly becomes mainstream, I often wonder whether or not security is a primary concern for the product designers and developers. Time to market is a priority, and “quick and dirty” development leads to technical debt and vulnerabilities in the code. In addition, design of a successful product is top of mind. While this…

May 5, 2015 | Garrett Gross

Overcoming Challenges of IT Security in K-12 Environments

Council Rock School District is the 12th largest district in Pennsylvania. It includes 18 buildings, 5 municipalities, and 10 IT employees supporting over 13,000 users, including students and employees. For the security aspect of IT, Council Rock School District relies on a one-man team: Matthew J. Frederickson. Matthew is CISSP certified and has more than 25 years in IT. Being solely responsible for the security…

May 4, 2015 | Javvad Malik

50 Shades of Threat Intelligence

What is threat intelligence? Walking the expo halls of RSA this year, threat intelligence and its many variations were touted by a significant percentage of the 500+ exhibitors. While some offerings had impressive visualisations, others promised to provide context, actionability or provided attribution. Whilst providers of threat intelligence have their own definitions and understanding of what it constitutes - asking the…

May 1, 2015 | Kate Brew

Fortune Cookies IT People Wish They’d Get

We surveyed SpiceHeads in Spiceworks to find out what kind of fortunes they’d like to get in their next fortune cookie. The answers were fun, so we decided to share them! Technical Fortunes If your fortune does not work, please close this cookie and then open it again This cookie has experienced an illegal operation and will now…

April 29, 2015 | Kate Brew

Getting Companies to Work Together on Application Security: OpenSAMM

Getting Traction for the OWASP Initiative John Dickson of Denim Group gave a great presentation at the Austin OWASP chapter meeting on 4/28/15, “Using OpenSAMM for Benchmarking and Software Security Improvement,” to a large and very interested crowd. The OpenSAMM platform, with broad-based support from industry leaders, promises to greatly improve application security. While AlienVault’s Open Threat Exchange (OTX), is…

April 28, 2015 | Holly Barker

RSA 2015 Recap!

Last week we attended the RSA conference in San Francisco at the Moscone Center, April 20-24th. The energy at the conference was amazing! AlienVault had a booth at the very front entrance of Moscone South. People really seemed to love the booth. We even got a shout out in ZDNet about our booth! Our SEs did non-stop demos showing…

April 22, 2015 | Javvad Malik

RSA Day 2: The Numbers Are In

Captains log, star date 0421.15. The alien exploration of RSAC continues and we've noticed some anomalies. One of the most prominent features of RSA is the sheer size of it. The number of talks, exhibitors, attendees, parties and everything else is on a different level to almost anything else. Just over 500 security vendors are exhibiting this year which, when you think…