Filter By:

Recent Blogs & Podcasts



May 18, 2017 | Cloud Application and Data Controls
By Dave Shackleford, IANS Faculty

 Security-as-Code: A Key to Cloud Security

Businesses are moving faster to the cloud and DevOps is accelerating scale and pushing automation. But how do we secure DevOps and cloud deployments? In this report, IANS Faculty Dave Shackleford explores the concept of security-as-code and details how security teams must fully assess their threats, collaborate with DevOps and automate scanning and configuration to ensure a secure migration to the cloud. 

Read More »

May 16, 2017 | Threat Detection and Hunt Teaming
By Marcus Ranum, IANS Faculty

 Building a Low-Interaction Honeypot on Linux

A low-interaction honeypot is a great threat detection tool, but it can be difficult to create and configure. In this Ask-an-Expert written response, IANS Faculty Marcus Ranum steps through the process of building a Linux-based honeypot with specific services, such as Telnet, SSH, etc.

Read More »

May 15, 2017 | Data Classification
By Kevin Beaver, IANS Faculty

 Sensible Approaches to Data Classification

Most organizations want to protect their sensitive electronic assets, yet effective data classification programs are all but nonexistent. You certainly can’t secure what you don’t properly acknowledge, and that’s a big reason why many security organizations struggle in this area. In this webinar, IANS Faculty Kevin Beaver details an approach to data classification that involves taking a few basic steps early on and periodically moving the program forward.

Read More »

May 12, 2017 | Malware and Advanced Threats
By Joff Thyer, IANS Faculty

 Blocking Adware to Reduce Risk and Improve Browser Performance

Adware is more than a nuisance; it's often a clever delivery mechanism for spyware and malware. How can organizations block it effectively without impacting the business? In this Ask-an-Expert written response, IANS Faculty Joff Thyer explains how adware works and recommends taking a multi-layered approach to mitigating the risk.

Read More »

May 12, 2017 | Application Development and Testing
By Jason Gillam, IANS Faculty

 Outsourcing Application Security Testing

Outsourcing dynamic application security testing (DAST), especially since it involves automated tools like AppScan and Burp, should be relatively straightforward. That is, until you consider the importance of the human element. In this Ask-an-Expert live interaction, IANS Faculty Jason Gillam suggests staff augmentation and developer training as more cost-effective and efficient ways to free up internal staff.

Read More »