Filter By:

Type

Topic

Recent Blogs & Podcasts

Insights Portal

 



May 23, 2018 | Threat Detection and Hunt Teaming
By Ondrej Krehel, IANS Faculty

 Mature Your Threat Hunting Program

How sophisticated is your threat hunting program? No matter your level, the key to success is in collecting and analyzing the right data sets with the right tools, people and processes. In this report, IANS Faculty Ondrej Krehel explains the different levels of threat hunting maturity and offer tips for moving up the scale and incrementally improving your program.

Read More »


May 22, 2018 | Security Information and Event Management (SIEM) and Log Management
By Michael Pinch, IANS Faculty

 Help Operations Understand the Importance of Log Monitoring

Faced with the log monitoring prowess of mature cybersecurity teams, some IT operations staffers are starting to believe they no longer need to participate in log management/monitoring. In this Ask-an-Expert written response, IANS Faculty Mike Pinch explains why this is a mistake, citing both IT operational excellence frameworks and the need for a layered defense.

Read More »


May 21, 2018 | Security Information and Event Management (SIEM) and Log Management
By Jake Williams, IANS Faculty

 Train the Team on the SIEM Basics

Bringing SIEM duties in-house after an outsourcing arrangement requires in-house staff be brought up to speed quickly. In this Ask-an-Expert written response, IANS Faculty Jake Williams suggests focusing training on three areas: configuration/maintenance, log management and alert management.

Read More »


May 17, 2018 | Threat Intelligence and Modeling
By Jake Williams, IANS Faculty

 Threat Modeling: Three Basic Approaches to Consider

With so many threat modeling approaches available, how do you choose the right one for your particular environment? In this Ask-an-Expert written response, IANS Faculty Jake Williams recommends three approaches designed to help model threats against PaaS and IaaS cloud assets, in addition to a range of other attacks.

Read More »


May 16, 2018 | Networking and Network Devices
By Dave Shackleford, IANS Faculty

 Five Secure Email Gateways Compared

Secure email gateways come in a variety of form factors and vary in terms of features, ease of integration, scalability and more. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford details the pros and cons of offerings from five vendors: Barracuda Networks, Cisco, Microsoft, Symantec and Trend Micro.

Read More »


May 15, 2018 | Security Policies and Strategy
By Aaron Turner, IANS Faculty

 Ensure Employees Follow Acceptable Use Guidelines

In the age of social media, ensuring employees know and follow acceptable use guidelines for corporate assets is both more difficult and more critical. In this Ask-an-Expert written responses, IANS Faculty Aaron Turner says behavior-driven policies and frequent reminders about data monitoring, storage and disclosure obligations are key.

Read More »


May 14, 2018 | Encryption, Digital Signatures, Certificates, Tokenization

 EFAIL Vulnerability Exposes Encrypted Email

On May 14, 2018, security researchers tweeted details and launched a website (efail.de) explaining how attackers could exploit “EFAIL” vulnerabilities to extract plain text from encrypted emails. The vulnerability impacts both the Pretty Good Privacy (PGP) and S/MIME methods of email encryption, which are commonly used in Microsoft Outlook. 

Read More »