Filter By:

Recent Blogs & Podcasts



August 18, 2017 | Vulnerability Assessment and Management
By Josh More, IANS Faculty

 Take an Effort-Based Approach to Vulnerability Management

Traditional risk-only based approaches to vulnerability management often lead to conflicts between security and the business, each of which has difficulty understanding the priorities and motivations of the other. In this Ask-an-Expert written response, IANS Faculty Josh More explains how an effort-based approach can side-step such issues, improving security while fostering better relations with the business.

Read More »

August 17, 2017 | Vulnerability Assessment and Management
By Kevin Beaver, IANS Faculty

 Expand Vulnerability Scanning and Assessments in a Highly Regulated, Tightly Staffed Environment

Vulnerability management within a large, highly regulated environment is time-consuming and complicated. In this live Ask-an-Expert written interaction, IANS Faculty Kevin Beaver suggests leveraging a current MSSP relationship to improve visibility, expand capabilities and get a jump start on better managing the process.

Read More »

August 16, 2017 | Security Awareness, Phishing, Social Engineering
By IANS Faculty, IANS Faculty

 Poll: Does Tagging External Email Promote Awareness?

With phishing and email spoofing attacks on the rise, many organizations are considering tagging all external emails to raise user awareness and bolster their defenses - but is it a good idea? In this report, IANS Faculty James Tarala, Mike Pinch, Dave Kennedy and Mike Saurbaugh weigh in on the practice and offer tips for ensuring success. 

Read More »

August 15, 2017 | Application Development and Testing
By Andrew Carroll, IANS Faculty

 Help Developers Understand the Importance of Least Privilege

Developers usually push to access any data they want anytime they want it, but unfettered access can open the whole organization up to unnecessary audit, financial and reputational risks. In this Ask-an-Expert written response, IANS Faculty Andrew Carroll suggests educating developers on the risks, implementing least privilege and layering on controls to ensure compliance.

Read More »

August 14, 2017 | AppDev Frameworks
By Adam Shostack, IANS Faculty

 Shostack: Learning From npm's Rough Few Months

The node package manager (npm) is having a bad few months. Organizations need to look at their controls for identification, protection and detection around package management, and if they make a package manager, threat model the heck out of it. 

Read More »

August 14, 2017 | Embedded Systems and Internet of Things
By Aaron Turner, IANS Faculty

 The Internet of Criminal Things: How Technology Commoditization Has Driven Our Current IoT Nightmares

Just like all technologists, criminals have taken advantage of the low costs of high-performance components such as Bluetooth and cellular modems. In this webinar, IANS Faculty Aaron Turner discusses how enterprises can use a diverse set of technologies to monitor for the presence of “Criminal Things” and what kinds of controls are available to help solve the problem in the long term.

Read More »

August 11, 2017 | Threat Detection and Hunt Teaming
By Joff Thyer, IANS Faculty

 Detect Attackers Pivoting in the Network

We all know attackers are likely already on our networks, but what are the best ways to flush them out as they pivot and try to exfiltrate critical data? In this Ask-an-Expert live interaction, IANS Faculty Joff Thyer details several key pivot detection strategies, including monitoring for specific processes and behavior on endpoints, and establishing honey tokens.

Read More »

August 10, 2017 | Application Development and Testing
By Jason Gillam, IANS Faculty

 Take a Hybrid Approach to Testing Modern Web and Mobile Applications

Many organizations are considering completely automating their web and mobile application testing, but the increasing complexity of application technology stacks is testing the limits of such automation. In this report, IANS Faculty Jason Gillam recommends taking a hybrid approach to application testing and explains which testing activities should be done manually instead. 

Read More »