Filter By:

Recent Blogs & Podcasts

Insights

\ Threats & Vulnerabilities 



September 21, 2017 | Threat Detection and Hunt Teaming
By Marcus Ranum, IANS Faculty

 Honeypots: Don’t Bar the Window; Be the Window

One of the best ways to detect someone climbing into your window is to instrument the window. It’s a different way of thinking about the problem of “too many alerts” in your operations center: narrow the alerts down to activities you don’t expect to see occur. In this report, IANS Faculty Marcus Ranum explains how to cut through the noise with targeted alerts and offers tips and tricks to ensure that your honeypot management doesn’t become a nightmare. 

Read More »


September 18, 2017 | Cloud Application and Data Controls
By Shannon Lietz, IANS Faculty

 M&A Playbook: Merging Domains in the Cloud

Mergers and acquisitions (M&As) are complicated enough without adding AWS instances to the mix. In this Ask-an-Expert live interaction, IANS Faculty Shannon Lietz provides a playbook for ensuring an acquired company's AWS environment is integrated quickly and securely.

Read More »


September 15, 2017 | Data Breaches
By Kevin Beaver, IANS Faculty

 The Equifax Breach: What Happened and What to Do About It

The Equifax breach, which exposed the personal information of more than 143 million consumers, is one of the largest in recent history. In this Ask-an-Expert written response, IANS Faculty Kevin Beaver explains how the breach happened, what users need to do to protect themselves and how information security teams can ensure their organizations don't make similar mistakes - or headlines.

Read More »


September 15, 2017 | Security Awareness, Phishing, Social Engineering
By Mike Saurbaugh, IANS Faculty

 Phishing Stories From the Wild

We all know phishing is a problem, but how can the security team best convey the breadth and depth of the issue to end users? In this Ask-an-Expert written response, IANS Faculty Mike Saurbaugh helps frame the threat by detailing several examples of real-world data breaches caused by phone-, text- and spear-phishing campaigns.

Read More »


September 6, 2017 | Risk Management
By Josh More, IANS Faculty

 Avoid the Pitfalls of Using FAIR for Risk Management

FAIR is an effective approach for rating complex, wide-ranging risks, but it has its downsides. In this Ask-an-Expert written response, IANS Faculty Josh More details the pitfalls of using FAIR to manage tactical risks such as vulnerability management and offers tips for ensuring success.

Read More »


August 28, 2017 | Security Awareness, Phishing, Social Engineering
By Mike Saurbaugh, IANS Faculty

 Build and Manage a Holistic Anti-Phishing Program

Phishing continues to be a top attack vector and all companies are targets, regardless of their size. In this report, IANS Faculty Mike Saurbaugh details how to build a comprehensive anti-phishing program from the ground up and explains the importance of focusing on the right behaviors, metrics and employee engagement to ensure everyone in the company becomes a strong security ally. 

Read More »


August 23, 2017 | Architecture, Configuration and Segmentation
By Dave Kennedy, IANS Faculty

 Why Jump Servers Are Important

Developers and system administrators may not like using jump servers to access critical resources, but they are an important layer of security, especially when it comes to disrupting lateral movement. In this Ask-an-Expert written response, IANS Faculty Dave Kennedy explains how using - and configuring - jump servers correctly can slow down attackers and help prevent data loss.

Read More »


August 22, 2017 | Penetration Testing and Red Teaming
By Dave Kennedy, IANS Faculty

 Top 10 Ways Penetration Testers Break Into Organizations

Penetration-testers are great at uncovering critical vulnerabilities that give them unfettered access across entire organizations, but did you know that many rely primarily on 10 common (and easily mitigated) exploits? In this Ask-an-Expert written response, IANS Faculty Dave Kennedy details penetration-testers' top go-to methods and offers advice for shutting them down.

Read More »


August 18, 2017 | Vulnerability Assessment and Management
By Josh More, IANS Faculty

 Take an Effort-Based Approach to Vulnerability Management

Traditional risk-only based approaches to vulnerability management often lead to conflicts between security and the business, each of which has difficulty understanding the priorities and motivations of the other. In this Ask-an-Expert written response, IANS Faculty Josh More explains how an effort-based approach can side-step such issues, improving security while fostering better relations with the business.

Read More »


August 17, 2017 | Vulnerability Assessment and Management
By Kevin Beaver, IANS Faculty

 Expand Vulnerability Scanning and Assessments in a Highly Regulated, Tightly Staffed Environment

Vulnerability management within a large, highly regulated environment is time-consuming and complicated. In this live Ask-an-Expert written interaction, IANS Faculty Kevin Beaver suggests leveraging a current MSSP relationship to improve visibility, expand capabilities and get a jump start on better managing the process.

Read More »