Filter By:



Recent Blogs & Podcasts

Insights Portal


April 10, 2018 | Malware and Advanced Threats
By Mike Saurbaugh, IANS Faculty

 IANS Vulnerability and Breach Update: Q1 2018

Vulnerabilities and breaches are mainstream news regularly. With a new vulnerability seemingly discovered daily, which should be taken more seriously (i.e., patch now!) and which are overhyped? In this quarterly research report, IANS Faculty Mike Saurbaugh updates clients on the top vulnerabilities and breaches from the past quarter and provides some real-world context and perspective.

Read More »

April 9, 2018 | Intrusion Prevention/Detection (IPS/IDS)
By Jake Williams, IANS Faculty

 Choose the Best IDS/IPS for a New Wide-Area Network

An IDS/IPS is a critical WAN security control, but choosing the right one for your environment requires some research. In this Ask-an-Expert written response, IANS Faculty Jake Williams details the key criteria to consider and suggests evaluating solutions from four main vendors: Check Point, Cisco, McAfee and WatchGuard.

Read More »

April 5, 2018 | Encryption, Digital Signatures, Certificates, Tokenization
By Aaron Shi, IANS Director of Web Development & Security

 Ensure Your User IDs Are Encrypted

In the wake of the Equifax breach and other high-profile incidents, organizations are enforcing encryption across all PII and passwords, but what about user IDs? In this Ask-an-Expert written response, IANS Director of Web Development and Security Aaron Shi explains why user IDs are often left in the clear and offers a simple way to bring them into the encryption fold.

Read More »

April 4, 2018 | Threats & Incidents

 Business Interruption Viewed as Biggest Consequence of Cyber Attacks

Three-quarters of respondents cited business interruption (BI) as one of the most worrisome consequences of a cyber attack, while another 59 percent cited reputational damage. Breach of customer information, data or software damage and extortion were also listed among the most concerning consequences of a cyber attack.

Read More »

April 4, 2018 | Threats & Incidents

 Bug Bounty Programs: 2017 Payouts by Industry

Given the number of IoT/hardware targets in the auto industry, it’s no surprise that the automotive industry had the largest average bug bounty program payout in 2017 at $1,514 per vulnerability.

Read More »

April 4, 2018 | Cloud Network and Host Controls
By Dave Shackleford, IANS Faculty

 IANS Cloud Security Update: Q1 2018

As organizations continue to move services and computing assets into cloud service provider environments, the need for adequate security controls grows as well. In this quarterly research report, IANS Faculty Dave Shackleford updates IANS’ clients on the new developments occurring in the cloud security arena.

Read More »

April 3, 2018 | Budgeting

 Winning the Battle of the Budget

Our Winning the Battle of the Budget research began with two goals: Determine key obstacles (or battlefronts) in enterprise security budgeting, and identify methods and best practices used by successful infosec leaders to grease the budget skids. What we discovered along the way is an uneven battlefield, a place where winning and losing is tied to infosec support across the organization. Regardless of size, maturity or corporate heft, the approach to security budgeting looks different in organizations that inherently value information security and those that do not.

Read More »

April 2, 2018 | Threat Intelligence and Modeling
By Jake Williams, IANS Faculty

 Build a More Formal, Automated CTI Program

Moving from an ad hoc, manual cyber threat intelligence (CTI) program to one that is more formal and automated is not complicated, as long as you follow the right steps. In this Ask-an-Expert written response, IANS Faculty Jake Williams explains the five-step CTI lifecycle and details key pitfalls to avoid.

Read More »

March 29, 2018 | Threats & Incidents

 Bug Bounty Programs: An Example of a Robust Corporate Program

Breaking down the payouts, Google paid out $1.1 million in rewards for vulnerabilities discovered in Google products, and roughly the same amount to the researchers who reported security bugs in Android. With the bug bounties awarded for Chrome flaws added in, a total of $2.9 million was paid throughout the year.

Read More »