Cybersecurity and Risk Management

Edge computing is vital not just to the burgeoning world of real-time responsive IoT, but to enterprise network security, as these IoT systems multiply and spread. Edge computing creates a distributed infrastructure with centralized management and lights-out -- or remote -- operations built on private cloud infrastructure. Edge...

Everything is different now. That's true for all of us, as we cope with the enduring presence and lingering aftereffects of the Covid-19 pandemic. But it's particularly true for enterprise technologists, who are witnessing a once-in-a-generation set of paradigm shifts that are transforming how companies and...

The concept of threat-informed defense is near and dear to my heart, given that it aligns with three themes I've been preaching about for years: the importance of matching cybersecurity investments (in both technology and operations) with risk;  the value of aligning one's cybersecurity practices...

In the past few years, there has been an explosion of cloud service offerings to match the wide variety of industry cloud infrastructure needs. Today, the average enterprise uses external clouds to deliver more than 56% of its workloads. Plus, nearly all organizations operate multi-cloud...

According to Nemertes' Cloud and Cybersecurity 2019-2020 Research Study, 2019 was the year the average enterprise for the first time found more than half its IT workloads running outside the data center. This ongoing shift of enterprise IT work into cloud environments -- whether SaaS,...

The ultimate end state of software-defined network security is what we at Nemertes Research call deep segmentation. The term refers to the ability to finely control what entities can see, who they communicate with and how they do this, end to end across the enterprise network. With...

In my previous post, I pointed out that the Twitter hack was just an example of a phishing scam--the same old scam that's been around since the dawn of the Internet. The basic flaw is gullible (if smart) humans trusting people they shouldn't, for stupid...

  "Water, water, every where, nor any drop to drink." This line from Samuel Taylor Coleridge's The Rime of the Ancient Mariner could just as easily apply to CIOs seeking to fill crucial spots in their IT organizations. The world may seem full of systems engineers, network specialists...

The big news tonight is that Twitter was hacked, and the accounts of various celebrities (Elon Musk, President Obama, Warren Buffett, Kanye West, and many others) sent out bogus requests for Bitcoin to their followers. As of right now the damage is $10 million and...

As described in Security Magazine, "In recognition of the growing convergence of cyber and traditional financial crimes, the U.S. Secret Service is formally merging its Electronic Crimes Task Forces (ECTFs) and Financial Crimes Task Forces (FCTFs) into a single unified network, which will be known...

Almost since the inception of the commercial Internet, security compromises exploiting the ability to hijack dynamic code content have plagued us.  I think cross-site scripting, a form of client-side attack, has been on OWASP's annual top 10 web security threat list since the list's creation. ...

The National Security Agency (NSA) recently issued a set of guidelines for configuring IPsec VPNs. You can read the guidelines here; the key points are the following: Reduce the VPN gateway attack surface Verify that cryptographic algorithms are Committee on National Security Systems Policy (CNSSP) 15-compliant ...