Articles

 

  • Embedded IoT Cyber Solutions: An Interview with Bill Diotte of Mocana

    Internet of Things. One can’t help but imagine the discussion where such an awkward moniker emerged as the winning entry: Internet of Devices? (Too specific). Internet of Systems? (Too general). Internet of Embedded Components? (No way). The logic of this progression led to the wildcard compromise: Things. And such a naming challenge is a useful hint that identifying security solutions for IoT is similarly difficult.

  • UK Flunks Huawei

    Regarding Chinese tech companies like Huawei, Americans are told the following: Trojans that have been expertly dissolved into the product code allow for remote control of networks by the Chinese Government. From our boardrooms in Midtown, to member offices on Capitol Hill, this narrative is rarely questioned. Even our diplomats repeat the warning: Ambassador Grenell recently told Berlin to steer clear of Huawei for 5G – or else.

  • Network Security as a Service

    Many TAG Cyber customers are wasting their money. And yes, I hear you laughing—but no, they are not wasting money on our services. Instead, they are wasting money doing technology tasks others could do better. Sometimes this involves running servers. Other times it involves coding apps. But it almost always involves trying to manage – and secure – data networks with insufficient staff, budget, and resources. We see this every day.

  • Active and Integrated Email Defense

    I just received a purchase order from Midwest Library Service for a textbook I wrote on intrusion detection many years ago. That old book focused on passive intrusion detection as a prompt for subsequent management action in a SOC. I’d hoped that detection of indicators would result in alarms that could then initiate rapid mitigation. Subsequent evolution of IDS included some things that I expected, but also many that I didn't. (Don’t tell Midwest).

  • Gary Hayslip Weighs in on the CISO’s Role in Helping the Enterprise Reach its Future-State Goals

    In recent years, as enterprise security has captured the interest and attention of the CEO and the Board of Directors, the role of the CISO has continued to evolve and become ever-more strategic. Case in point: More than 9 out of 10 (91%) of enterprise-wide digital transformation initiatives include security and/or privacy personnel as stakeholders, according to PwC’s 2018 Digital Trust Insights Report.

  • Seeing a Phish

    Let’s start with CNN – and no, not that CNN, but rather convolutional neural networks. This class of deep neural networks is the workhorse for computer vision, and is one of the underlying forces behind recent advances in artificial intelligence. Their design is inspired by the image processing done in the visual cortex of the animal brain. When you see one of those cat recognition demos by an AI system, a CNN is likely doing most of the work.

  • Why Cyber Teams Must Focus on Cybersecurity Basics

    Cyber threats are becoming more widespread and nefarious. 6.4 billion fake emails are being sent each day, according to EY. Meanwhile, 1.9 billion personal and sensitive data records have been compromised between January 2017 and March 2018 at an average cost of $3.62 million per organization.

  • Securing Your Workload Mesh

    Andrew Carnegie once said this: 'The way to become rich is to put all your eggs in one basket and then watch that basket.' While this quip from the industrialist might have been useful folksy advice for Grandma and Grandpa, it is terrible guidance for the modern computing and application system designer. A much better mental image in computer science today involves distribution – and the correct unit for scattered computation is the workload.

  • Security Conference Boothonomics

    With the RSA Conference at T-minus two weeks, I wanted to share some heartfelt advice with those of you now doing vendor booth planning. My advice comes from many years of standing on either side (seller and buyer) of that little porto-table with its stacks of data sheets and bowls of Hershey kisses. My hope is that this advice will help you to maximize the ROI for your little slice of exhibitor heaven in Booth 7002 of the South Expo.

  • Man, these passwords. We need AI.

    While waiting to go on-camera last week at Yahoo Finance, I was mulling about, chatting up the other guests outside the studio. A woman was seated nearby with her laptop, and when I introduced myself as a cyber security professional, she summarized her view of my life’s work in three words: Man, these passwords. And then, she offered a concise and entirely correct solution to the problem – also in just three words: We need AI.

  • VM Security from an Unexpected Source

    Much of what you learned in Operating Systems 101 is no longer applicable to modern computing – and virtualization lies at the root (ahem) of this change. The core principle is that physical host machines are now used to run multiple guest virtual machines (VMs) to optimize the use of memory, bandwidth, and CPU.

  • Open Work Spaces Considered Harmful

    Arguably the best moment of my career was reaching Distinguished Member of Technical Staff at Bell Labs. The award was given during a fancy ceremony, and my wife got a pretty corsage and a bonus check. But what was the real gift that came with this wonderful award? What did the greatest American tech company of all time – the one that brought us lasers, and transistors, and Unix – consider a suitable award? Well, they gave me a private office.

  • One-Stop ERP-Sec

    The two most prominent providers of enterprise resource planning (ERP) security have now merged: Boston-based Onapsis announced this week that they have acquired Heidelberg-based Virtual Forge. While the deal terms were undisclosed, we do know that the resulting company will have three hundred staff, which creates a solid global base on which to drive growth. Led by Mariano Nunez, this newly-combined team looks formidable.

  • Making MSPs into MSSPs

    The Wikipedia entry for managed services has its first reference to security at Word 345 of the narrative. When you Google 'managed services', the People-Also-Searched-For box lists cloud computing, data center, IT service management, outsourcing, and Software-as-a-Service, with no references to security. Suffice it to say, managed services from MSPs are viewed as broader and largely distinct from managed security services from MSSPs.

  • Five Cyber Security Hopes for 2019

    Fifty years ago, the surprisingly political Smothers Brothers convinced CBS to let Pete Seeger perform on their show his anti-war protest song, Waist Deep in the Big Muddy. The famous song’s perfect title reflects its basic Vietnam-era premise – namely, that our country was stuck in a terrible situation with no obvious solution. And like the sad hero of the song, once you get stuck deep enough in the mud, there might be no escape.