Filter By:

Recent Blogs & Podcasts



May 11, 2017 | Cloud Application and Data Controls
By Aaron Turner, IANS Faculty

 Securing Cloud Assets Using Federated Identities

Whether you view the cloud as infrastructure-, platform- or application-as-a-service, identity is the only control that exists universally across all cloud environments. Unfortunately, identity lifecycle management for cloud-based systems is not as mature as we need it to be. In this report, IANS Faculty Aaron Turner details how to make wise investments in a federated identity strategy that can scale to even the most complex cloud technology models.

Read More »

May 10, 2017 | Desktop Virtualization (VDI)
By James Tarala, IANS Faculty

 Securing a Virtual Desktop Infrastructure (VDI) Environment

While securing a VDI environment is not very different from securing a distributed PC environment, it does require some extra thought to ensure optimal performance, incident response and access control. In this Ask-an-Expert live interaction, IANS Faculty James Tarala recommends strategies to ensure the deployment is both secure and successful.

Read More »

May 10, 2017 | Authentication
By Aaron Turner, IANS Faculty

 Implementing Contactless MFA across a PKI Environment

Implementing contactless multifactor authentication (MFA) across an entire organization is difficult enough, without the added stress of getting it operational by year end to meet the tight deadline of DFARS compliance. In this Ask-an-Expert written response, IANS Faculty Aaron Turner recommends taking a phased approach to ensure a seamless rollout. 

Read More »

May 10, 2017 | Incident Investigations, Handling and Tracking
By Ken Van Wyk, IANS Faculty

 Van Wyk: Targeted Attacks Require Much Deeper Analysis

In the world of information security, intentions matter greatly, but they’re only a starting point. Apart from simple intentions, though, is the matter of whether or not an attack is targeted. In fact, when we can establish whether an attack is targeted, we often come to a vital decision point in an incident response operation. A targeted attack can change everything.

Read More »

May 8, 2017 | Endpoints
By Dave Kennedy, IANS Faculty

 Weighing Traditional vs. Next-Gen Endpoint Protection

Traditional endpoint protection platforms (EPPs) like McAfee or Symantec tend to have rich feature sets, but are lagging in newer capabilities. Next-gen endpoint solutions, on the other hand, have cutting-edge features but don't offer a broad range of functionality. In this Ask-an-Expert live interaction, IANS Faculty Dave Kennedy compares the two spaces and offers recommendations for getting the best of both worlds.

Read More »

May 4, 2017 | Enterprise and IT Compliance Management
By Josh More, IANS Faculty

 Allocating the Right Resources for SOX Compliance

The optimal head count and cost structure for a Sarbanes-Oxley (SOX) compliance program varies widely depending on industry vertical, organization complexity, maturity and more. In this Ask-an-Expert written response, IANS Faculty Josh More details typical program requirements and offers recommendations for ensuring appropriate resources get allocated.

Read More »

May 4, 2017 | Threat Intelligence and Modeling
By Adam Shostack, IANS Faculty

 Threat Modeling in an Agile Environment

Threat modeling can be seen as a heavy, complex set of tasks that gets cast aside as we move at the speed of Agile, but in reality, it helps make the shift faster. In this report, IANS Faculty Adam Shostack explains why threat modeling is important, addresses concerns about fitting threat modeling practices into an Agile world and highlights some traps to avoid along the way.

Read More »

May 3, 2017 | Enterprise and IT Compliance Management
By Dave Shackleford, IANS Faculty

 Deploying the Right Controls for DFARS Compliance

The deadline for DFARS compliance is coming fast, but many organizations are finding the requirements vague and difficult to implement. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford explains how most companies are interpreting specific rules around cryptographic, cloud and session termination controls. 

Read More »

May 3, 2017 | Security Analytics and Visualization
By Stephen McHenry, IANS Faculty

 Applying User and Entity Behavioral Analytics (UEBA) to Improve Security

As the market for user and entity behavioral analytics (UEBA) solutions continues to evolve, the need for these types of solutions will increase. At the same time, UEBA also poses challenges related to privacy, data security, policy and deployment/storage options. In this report, IANS Faculty Stephen McHenry examines the current state of the UEBA marketplace and offers some scenarios in which it could prove effective for organizations today and in the future. 

Read More »