The Computer Science department at Florida State University is offering free computer security class lectures. You can find the entire CIS4930 and CIS5930 courses online HERE. These are the Spring 2014 classes so the content is pretty current. There are 26 lessons ranging from lock picking to launching attacks with Metasploit. Videos include lecture slides to download. Continue reading
Cisco announced yesterday that they intend to acquire Neohapsis. Neohapsis is a security, risk and compliance company, which is a very interesting move by Cisco. Many people not only want data from security reports, but also desire how that data will impact their business. This means how changes or risk can impact compliance to mandatory regulations as well as how much impact could a vulnerability have to a system. Neohapsis is a services based company so this seems to be a security services play yet could also trickle in Cisco products.It would be really cool to see more compliancy based reporting in future Cisco products as an outcome of this acquisition.
You can find more about Neohapsis HERE.
The official announcement from Cisco can be found HERE.
The Internet Security Research Group (ISRT) along with Mozilla Corporation, Cisco Systems, Akamai Tech, Electronic Frontier Foundation and IdenTrust will be offering a new free certificate authority service this up coming 2015 summer (learn more HERE). The concept is the Internet is a dangerous place and enabling protection is a hassle for many businesses. The reason behind this is enabling basic server certificates can be painful involving multiple steps and a cost. Lets Encrypt is offering the following principles to simplify the process. Continue reading
The people at Information Is Beautiful created a very interesting visual representation of the worlds biggest data breaches found HERE. The criterial to make this list is being a company that experienced losses greater than 30,000 records during a data breach. Each bubble represents a company and can be clicked to bring up data about the breached as well as a link to the original report covering the incident. The next examples show clicking the recent Home Depot breach to pull up the quick info and detailed article. There is a filter on the right used to tune into what you want to view. Pretty cool little tool. Continue reading
There are many reasons people invest in security. The best reason is having the desire to avoid being breached however sometimes wanting the best security doesn’t justify the investment. Many decision makers have to juggle improving the infrastructure, investing in the latest flashy technology such as high end video, etc. along with keeping things secure. Usually the flashy stuff outshines security until something with teeth forces the focus back on security. A prime example is meeting mandated regulatory compliance. Being out of compliant to many regulations could mean pricy fines as well as possibly litigation actions. This is good news for the IT guy that wants to get his security budget requests placed at the top of the stack.
Sarah Williams wrote a great article on my buddies blog about a recent breach in cloud security storage that exposed naked photographs of famous actors. The original post can be found at drchaos’s website HERE.
The Cloud storage option is fast becoming one of the most popular and effective methods of storing essential data that you definitely can’t afford to lose. From small to medium-sized business, cloud storage has helped owners save time and money in their businesses when it comes to IT.
But exactly how safe is the cloud? Though most reliable cloud service providers have cutting edge security, many IT experts say the cloud system is not entirely safe. Continue reading
NSS Labs just released a new set of reports covering Web Application Firewalls. Those reports can be found at NSS labs website HERE. There is a cost for these reports however it is worth the investment if you are looking to purchase a new firewall. Also, Palo Alto tested poorly and due to the back and forth between both companies, NSS labs is offering the Palo Alto report for free. Continue reading
Detecting threats on endpoints like laptops and mobile devices is important but not enough to defend against the threats we see against our users. Reason why is Anti-Virus and host IPS/IDS can only scan for so many signatures and leverage so many behavior checks before they must let the traffic go through or it will impact the user experience. This is why many users get compromised by clicking the wrong email, accessing the wrong website, share the wrong USB drive and so on. Detection needs to extend beyond the doorway and look at files that have breached a host’s defense to determine if that system has been compromised as well as offer a method to remediate the entire outbreak. Continue reading