Research Blogs

The past few weeks have seen a spate of infrastructure-related cybersecurity vulnerabilities. On March 8th,  Apache released a critical vulnerability alert (CVE) regarding a significant vulnerability in its Struts 2.0 opensource enterprise Java framework, which is widely used in enterprise deployments.  The vulnerability permits remote code execution (RCE) in the framework; recommended mitigation strategies include upgrading the framework or changing implementations.

Infosec professionals are well familiar with the phenomenon of Transport Layer Security (TLS) interception. For everyone else, some background: TLS is the successor to SSL, once the default encryption protocol. TSL provides the underpinnings for many common security protocols, including secure HTTP (HTTPS). Protocols like TLS...

Moving more work into the cloud makes IT revisit the question: Leverage vendor-specific platform services or give up leverage for control and portability. Haven't We Been Here Before We are just about to launch our latest round of benchmarking the enterprise's use of emerging technology in cloud and data...

Everybody Automates Whether it's Perl or Python or PowerShell,  bash or Ruby or Salt, scripts and recipes are everywhere. And, they are layered: scripts run other scripts, sometimes many layers deep (and sometimes recursively!), or runbook automation tools from the likes of IBM or BMC run...

People have been claiming to have a private cloud for six or seven years, even though (as we discussed recently here) they didn't and don't, really. Why don't they have a private cloud yet? Private Cloud is Hard To be their own Amazon Web Services (or Microsoft Azure, or...

[vc_row][vc_column][vc_column_text]Does security awareness training really matter, or is it a frill? Consider this: Last week, DefensePoint Security, a Virginia-based government cybersecurity contractor, announced its employees’ W-2 tax data had been compromised. But the company wasn’t hacked. It turns out that someone inside the company fell...

Earlier this week I discussed the three top mistakes that companies make when assessing cybersecurity insurance. Now it’s time to take a look at what to consider when assessing insurance coverage. As noted previously, the best way to conduct this review is for the CISO and...

We've been wrestling with this one at Nemertes for many years.  Early on in our research around enterprise cloud use (back around 2010) we asked whether folks had a private cloud and got sensible answers, overwhelmingly in the negative. Almost nobody said they had a...

One of the great challenges of the present moment in IT and specifically for the WAN is resolving the disconnect between application and service architecture on the one hand, and the architecture of the WAN on the other.  In a nutshell: the continuing shift of work...

Executive Summary A relatively new type of communications application has gained a rapidly expanding foothold inside the modern enterprise: Team chat. These applications (also called team messaging, team collaboration, persistent messaging, and workstream communications) enable individuals to communicate within teams or workgroups in context within persistent...