Author: Johna Till Johnson

The National Security Agency (NSA) recently issued a set of guidelines for configuring IPsec VPNs. You can read the guidelines here; the key points are the following: Reduce the VPN gateway attack surface Verify that cryptographic algorithms are Committee on National Security Systems Policy (CNSSP) 15-compliant ...

In Nemertes’ 2019-2020 IoT research study, we found that 68% of participants were in proof-of-concept (POC) or early production (less than 25% complete) stages of their IoT rollouts. Half of those expected both device counts and project counts to grow at 25% or more per...

On January 6, 2020, NYC-based private equity firm Insight Partners acquired the Israeli IoT cybersecurity  firm Armis for an eye-popping $1.1 billion. Armis is privately held, so it doesn't publish revenue numbers, but estimates are on the order of $30 million annually--meaning this is not only...

Last week I wrote about the threat that nation-state actors pose to enterprise organizations, and included a brief taxonomy of attackers. This week, the FBI alerted cybersecurity folks of two compromises, likely by APT27, in 2019. I'd like to highlight two interesting facts about the attacks. First, they...

When I talk about the cybersecurity threats posed by nation states, I can almost see the inner eye-roll, and hear my listener thinking, "Come on! What's she going on about now?" They view the entire issue as something out of science fiction; scary in some alternate...

Industrial IoT processes increasingly base IoT implementations on the ISA-95 standard, which means organizations must understand what the standard does and doesn't define. Anyone involved in developing industrial IoT (IIoT) products should be familiar with ISA-95, the standard from the 74-year-old International Society of Automation (ISA),...

If your organization is moving to cloud, you're not alone. In our most recent Cloud and Cybersecurity research study, we note that 2019 is "the year of cloud". Specifically, 56% of workloads are now in cloud, versus 44% on prem, either within data centers, or...

Should you outsource your SOC? As in so many things, the answer depends. In our most recent Cloud and Cybersecurity research study, we looked at which factors correlated to a cybersecurity organization's success, as measured by Mean Total Time to Contain (MTTC) security incidents.  We divided...

We spend a lot of time at Nemertes nailing down the metrics that define "success" for a particular initiative. To be useful, a success metric must be: Quantitative. If you can't measure it in numbers, it doesn't serve to measure progress. And if it's not something...

When it comes to cybersecurity, what differentiates highly successful enterprise technology organizations from their less successful counterparts can often be found in the metrics. Extremely effective cybersecurity organizations can detect a potential attack, determine whether it is or isn't an attack, and contain the damage...