Articles

 

  • Tip Toeing Through Cyber Insurance

    “If you took all the men and women employed in the U.S. insurance industry and laid them head to toe, starting on New York’s William or John Street – the little-talked-about insurance industry equivalents of neighboring Wall Street – they would stretch up the West Side Highway, head to toe, over the George Washington Bridge into N.J., down the N.J. Turnpike to the Pa. Turnpike, across Pa. into Ohio, through Ohio along Interstate 80 past Chicago, past Des Moines, past Lincoln, Nebraska – still head to toe, one after another – past Cheyenne, Wyoming to someplace just shy of Salt Lake City.”

  • Compliance-as-a-Service

    When my kids were small, there was this torturous jingle on Sesame Street that combined the letters of the English alphabet into a jumbled melody.

  • Weaving Behaviors into the Next-Generation SIEM

    In my private files, I have a note from Dorothy Denning saying that she enjoyed my 1998 book on intrusion detection. If you live in the security industry, then you’ll know that this is like having Einstein tell you he liked your physics paper. Professor Denning was the first, for example, to show that activity timelines could identify anomalies from normal behavior. Her 1987 IDES paper remains iconic reading for all students studying cyber security.

  • TAG Cyber Industry Analysis: Imperva's Acquisition of Prevoty

    Perhaps more than any other analyst in our industry, I’ve been bullish on the prospects for run-time application self-protection (RASP). And I’ve been covering (and admiring) RASP solution provider Prevoty for almost three years. So, when I read that Imperva had acquired Prevoty earlier this year, I was pleased on several fronts – but primarily, because I believe that the broad application security sector must begin to consolidate – and fast.

  • Integrating Isolation with Analytics

    One of my PhD thesis advisors at the Stevens Institute of Technology was a mathematician named Steve Bloom. Among the late, great Dr. Bloom's amazing research accomplishments include mathematical analysis of computational structures and equational properties of fixed point operations.

  • DMARC for Email: An Interview with Ravi Khatod, CEO of Agari

    Back in the early 1980's, we used a tool in Bell Labs called Unix-to-Unix Copy (UUCP) to share files. We soon became aware, however, of a better protocol originated by the late, great Jon Postel called Simple Mail Transfer Protocol or SMTP.

  • Predictive AI for Endpoints

    Here is a quote from Elon Musk that surfaced about a year ago: "With artificial intelligence, we are summoning the demon." In contrast, around the same time, my good friend Stuart McClure, CEO of Cylance, offered the following comment on his blog: "I ask you to look beyond the robot uprising media memes and consider AI as the problem-solving technology that it is." For the record, I agree with Stuart.

  • What to Tell Your Boss About Supermicro

    Everyone I know believes Supermicro is guilty. The story, which you know by now, is that during the assembly process at this $2B company, oft-called the Microsoft of hardware, a rice-sized Trojan chip was placed onto their motherboards, which are manufactured in San Jose.

  • IoT Micro-Security

    I remember wandering into a conference talk several years ago, where some spy-consultant was explaining how you bug a conference table with a UHF transmitter. Most of the talk didn't stick with me, but I remember that the bug design involved a quick burst of data, followed by a period of quiet.

  • Security Ethics for Robots

    I first heard about Twitter directly from Jack Dorsey. He and I were standing backstage about a decade ago in New York City, chatting about his new service. Hugh Thompson, now CTO of Symantec, was also there, and after Jack rushed off to prepare for his on-stage interview, I made one of the dumbest comments in the history of technology: "Hugh," I said confidently, "I don't see how that Twitter thing can be successful." There - I admit it.

  • The Simplest GRC Tool

    In a wonderful reflection written thirty years ago, the great Edsger Dijkstra described an automatic tool that helped him with his groundbreaking work on a compiler for Algol 60, a precursor programming language to just about every language we've had since: "I then allowed myself the luxury of a portable typewriter," he explained, "which I still have. It had square brackets. It had braces too. I could also type - > and = >."

  • Why CISOs Need Private Coaches

    A few years ago, I had the opportunity to spend a delightful afternoon with the great Lou Holtz. I was the warm-up speaker for him at one of the annual General Services Administration (GSA) Conferences in DC.

  • Cyber File Surgery

    Roughly two decades ago, I participated in a cool project with the White House to construct a Y2K Coordination Center. The center, which was situated on I Street in Washington, had the mission to solicit and ingest data, information, and gossip from around the world via fax, email, phone, and web.

  • Cyber Attribution for Enterprise

    In perhaps the greatest scene of any movie ever, Harrison Ford as Indiana Jones watches an expert swordsman on the streets of Cairo swiftly brandish his weapon in advance of an epic fight.

  • Software-Defined Firewalls

    Truly original concepts in cyber security are few and far-between. Instead, our purported advances are usually just incremental improvements on existing solutions.