Security Now - Security challenges come in many forms


ABTV Application Cloud Endpoint Infrastructure IoT/Embedded Mobile Network Operational Security Management
Sign up for our weekly newsletter! REGISTER NOW

News & Views Finding Tools for DevSecOps Curtis Franklin Security Editor, \| 8/18/2017 When DevSecOps are defined it can begin a process. But ultimately process requires tools to become practice. Where do you go to find tools to use when an organization wants to move beyond theory adding security to DevOps? Post a Comment \| READ () Questions of Colors Curtis Franklin Security Editor, \| 8/18/2017 In the spirit of our parent publication Light Reading, a Friday Security Haiku. Post a Comment \| READ (1 Comment) Latest comment: According to a recent SecurityNow poll (on the right side of the screen and still... Cybercrime Is North Korea's Biggest Threat Andy Patrizio Technology Journalist, \| 8/17/2017 With the media doing its best to scare the daylights out of Americans over the North Korean nuclear threat, it's missing out on the real menace that is causing real damage: Kim Jong-un's brigade of hackers and cyber thieves. Post a Comment \| READ () Digital Identity Will Drive Revenue & Reduce Risk Michael Lynch Chief Strategy Officer, InAuth, \| 8/17/2017 Digital Identity has many definitions. Digital identity is known to be the online representation of a person's civil and personal identity. Some of the newer ways of describing digital identity also describe it as the entire collection of data associated with a person's interactions online. In certain scenarios, the device or application the person is ... Post a Comment \| READ (1 Comment) Latest comment: "The right content at the right moment entices consumers to want to spend more time... Rackspace Strengthens Its Managed Security Story Curtis Franklin Security Editor, \| 8/17/2017 Rackspace has added Privacy and Data Protection (PDP) to the latest version of its managed security offerings. PDP provides enhanced encryption, data access and compliance monitoring for customers. Post a Comment \| READ (1 Comment) Latest comment: "..where PDP fits into the company's overall security strategy, and how customers... Magical Thinking Drives the Myth of AI Solving Security Willy Leichter Vice President of Marketing, Virsec Systems, Inc., \| 8/16/2017 Touring the Black Hat show recently in Las Vegas, I was struck by how the cybersecurity and Vegas entertainment industries seem to be converging: They both seem to love magic shows. While the IT versions aren't as glitzy, vendors continually pitch the next generation of technology as the magic cure to our growing cybersecurity challenges. Post a Comment \| READ (6 comments) Latest comment: Willy - -- There are some good predictive analytics and machine learning tools that... Will GDPR Be the Death of Big Data? Andy Patrizio Technology Journalist, \| 8/16/2017 The Law of Unintended Consequences says there are unforeseen, unintended outcomes to purposeful actions. Companies working in Europe are about to get a lesson in that when the General Data Protection Regulation (GDPR) goes into effect in May 2018. Post a Comment \| READ (1 Comment) Latest comment: "This means keeping all of the data in a single, centralized store, and big data... Voice of Security Radio: Finding Flaws in the IoT Curtis Franklin Security Editor, \| 8/15/2017 The Internet of Things is a huge "thing" in the world of enterprise IT. Sure, it brings lots of neat capabilities with its distributed sensors and controllers, but it brings lots of security vulnerabilities as well. Finding and fixing those security vulnerabilities is a critical issue for security; that's why it's the topic on this week's Voice of ... Post a Comment \| READ () DevSecOps: Security in the Process Curtis Franklin Security Editor, \| 8/15/2017 Can security come with speed? More to the point, can security come via the agile methodology, or via agile's logical successor, DevOps? Those are questions that were addressed at last week's Agile 2017 conference in Orlando, Fla., and the subjects of several conversations that SecurityNow.com held during the conference. Post a Comment \| READ (1 Comment) Latest comment: I think when it comes to agility and security, there has to be a trade-off involved.... Looking Back on Security: The Week of August 7, 2017 Larry Loeb Author, \| 8/14/2017 The upfront: This now-biweekly column is going to focus on security. But, the scope is going to be beyond just telling you about what the latest ransomware variant does. While that kind of focus is important, the optics of security reporting of late has gotten rather limited. The context of security has at the same time grown ever wider, rising from just ... Post a Comment \| READ () Obscurity Hampers Security: The Latest Survey Curtis Franklin Security Editor, \| 8/11/2017 "Security through obscurity" says that you can't attack what you can't see. In far too many cases, though, it's the defenders who are flying blind when it comes to the configuration and status of their own network. "Visibility" was one of the five words that defined this year's Black Hat conference, and its importance to security professionals is ... Post a Comment \| READ (1 Comment) Latest comment: It's great you mention there are many organizations where there is still confusion... Friday Haiku: On the Path Curtis Franklin Security Editor, \| 8/11/2017 In the spirit of our parent publication Light Reading, a Friday Security Haiku. Post a Comment \| READ (2 comments) Latest comment: Would you considerContinuous deliv'ryConstantly secure? Load More Articles + All Articles All Video All Slide Shows All Articles discussion board Susan Fourtané , 8/20/2017 5:42:01 AM Magical Thinking Drives the Myth of AI Solving Security Re: Re: Fear of the unknown Willy - -- There are some good predictive analytics and machine learning tools that AI vendors can combine with historical analytics and prescriptive analytics in order to get better results when applying their solutions. However, I agree with... Post Your Reply Susan Fourtané , 8/20/2017 5:39:15 AM Magical Thinking Drives the Myth of AI Solving Security Re: Re: Fear of the unknown Willy - Thank you for having taken the time to respond. I think to fear the unknown is bad when it's a constant that can paralize. When one is paralized the reaction to external stimuli is slower. Therefore, it takes longer to react and act.... Post Your Reply Susan Fourtané , 8/19/2017 4:12:14 AM Questions of Colors Re: Hats According to a recent SecurityNow poll (on the right side of the screen and still open), the order of colours is: black, all, white, and grey. With some poll takers not being able to keep their own hats straight. :D Have a look: https://www... Post Your Reply Willy Leichter, 8/18/2017 12:29:23 PM Magical Thinking Drives the Myth of AI Solving Security Re: Re: Fear of the unknown I think fear of the unknown is always there and not necessarily a bad thing. But to take constructive action I think the key thing is to narrow the scope and tackle finite problems. I dispute the claims of AI vendors that they can now accurately... Post Your Reply Susan Fourtané , 8/18/2017 5:31:34 AM Magical Thinking Drives the Myth of AI Solving Security Re: Re: Fear of the unknown Taimoor - Do you think a company can really progress if its core decisions are based on fear of the unknown? Post Your Reply Susan Fourtané , 8/18/2017 4:03:23 AM Magical Thinking Drives the Myth of AI Solving Security Re: Vulnerabilities that go unnoticed "WannaCry exploited the SMBv1 vulnerability that had existing unnoticed for 16 years, and flew under the radar of most security products until massive damage was done." - Isn't that the scary thing, when vulnerabilities are unnoticed for long... Post Your Reply TaimoorZubair, 8/17/2017 6:56:40 PM DevSecOps: Security in the Process Re: Trade off I think when it comes to agility and security, there has to be a trade-off involved. A complete secure environment will require a compromise on agility and the speed to launch, whereas a complete agile setup will offer significant security... Post Your Reply TaimoorZubair, 8/17/2017 6:44:01 PM Will GDPR Be the Death of Big Data? Re: Gather data together when needed "This means keeping all of the data in a single, centralized store, and big data doesn't work that way. It frequently keeps multiple data stores from multiple sources. You don't have to change your data storage methods with GDPR but it sure... Post Your Reply TaimoorZubair, 8/17/2017 6:35:44 PM Magical Thinking Drives the Myth of AI Solving Security Re: Fear of the unknown "The fundamental problem is that the world of known bad stuff, while growing, is infinitely smaller than the realm of present and future unknown bad. While AI may deliver exponential progress in expanding our catalog of known bad stuff, the... Post Your Reply TaimoorZubair, 8/17/2017 6:24:57 PM Rackspace Strengthens Its Managed Security Story Re: Engaging external organization for security "..where PDP fits into the company's overall security strategy, and how customers are working with service providers such as Rackspace to secure their applications and data." I think it'd be interesting to see how an organization engages another... Post Your Reply TaimoorZubair, 8/17/2017 5:52:07 PM Digital Identity Will Drive Revenue & Reduce Risk Re: Device intelligence and user experience "The right content at the right moment entices consumers to want to spend more time on your site or application. And as they grow to be part of your customer base, knowing their behaviors such as frequency of visits, their likes and interests,... Post Your Reply batye, 8/16/2017 12:25:32 AM How to Panic Over IT Security Re: Re: Response Action Plan @LarryLoeb security never fun, always hard work of learning new things :) never ends... Post Your Reply Next 5 messages + All messages All messages Chat 8/17/2017 4:05:53 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: thank you! klogan453 Keeper 8/17/2017 4:05:41 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: Excellent discussion all. I'm glad you had so much to say! So many excellent points & secure-type things to consider :) Michelle Keeper 8/17/2017 4:05:30 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: @Curt: If you can get him to return, I look forward to it! Joe Stanganelli Guardian 8/17/2017 4:04:02 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: Thanks guys. Good show. mrobuck Keeper 8/17/2017 4:03:38 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: Thank you, Casey! I really appreciate you taking the time to share your insights today!(...and thanks to Curt and the gang, too!) Joe Stanganelli Guardian 8/17/2017 4:03:19 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: Already took the flash poll, and am looking forward to the results! Joe Stanganelli Guardian 8/17/2017 4:02:52 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: OTOH, I can see both sides of the equation from this particular perspective. Manufacturers' responsibility -- laws and regulations or not -- is even greater in this regard. It is perfectly reasonable to expect and allow for people to be self-interested,... Joe Stanganelli Guardian 8/17/2017 4:02:48 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: Everyone, go follow Casey on Twitter and read his blog posts. In addition, please take our Flash Poll (if you haven't already done so) and plan to be back with us again next week on Voice of Security Radio. Thank you for being a superb audi... Curt Franklin Keeper 8/17/2017 4:02:29 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: Cheers folks, and thanks very much @curt for having me on! Stay in touch https://twitter.com/caseyjohnellis and https://blog.bugcrowd.com CaseyEllis Keeper 8/17/2017 4:01:42 PM Voice of Security Radio: Finding Vulnerabilities on the IoT: re: "Casey -- Finding bugs is one thing, but do manufacturers have much incentive to fix them? I'm thinking of the Mirai botnet... which is more a password issue than a bug issue, but the point is: Nobody who sells or buys web cameras is actually... CaseyEllis Keeper Next 5 chats +		Flash Poll All polls Radio Shows ARCHIVED \| August 17, 2017, 3pm EDT Voice of Security Radio: Finding Vulnerabilities on the IoT Join us for an interview with Casey Ellis, CEO of Bugcrowd UPCOMING \| August 24, 2017, 3pm EDT Voice of Security Radio: Vulnerabilities Hidden in Applications UPCOMING \| August 31, 2017, 3pm EDT Voice of Security Radio: A Security Partnership with Machine Learning ARCHIVED SHOWS DOWNLOAD TO CALENDAR Information Resources • Redefining the Enterprise Security Perimeter • Next Generation Managed Security Services • Session Border Controllers for Dummies • Securing Real-Time Communications for Dummies • 2017 North American Enterprise Session Border Controller Company of the Year Award • Debunking the Top 4 Myths About DDoS • Is the Future of Enterprise Security in Managed Services • DDoS Protection Strategies: Choosing the Right Model • The Perimeter: An Identity Crisis • Key Considerations In Deploying an SSL Solution All resources Video Facebook has introduced new measures that will enable users to secure access to their accounts using a physical 'key' application. All Videos Twitter Feed Tweets by Security_Now_ like us on facebook