Filter By:

Recent Blogs & Podcasts



September 21, 2017 | Threat Detection and Hunt Teaming
By Marcus Ranum, IANS Faculty

 Honeypots: Don’t Bar the Window; Be the Window

One of the best ways to detect someone climbing into your window is to instrument the window. It’s a different way of thinking about the problem of “too many alerts” in your operations center: narrow the alerts down to activities you don’t expect to see occur. In this report, IANS Faculty Marcus Ranum explains how to cut through the noise with targeted alerts and offers tips and tricks to ensure that your honeypot management doesn’t become a nightmare. 

Read More »

September 20, 2017 | Account Provisioning
By Aaron Turner, IANS Faculty

 Revoke Network Access Efficiently and Effectively

Depending on the human element and manual notifications to revoke network access when users leave the company is neither scalable nor dependable. In this Ask-an-Expert written response, IANS Faculty Aaron Turner suggests using some script-based workarounds to automate the process while evaluating the move to a newer, more automated IDAM platform for the future.

Read More »

September 18, 2017 | Malware and Advanced Threats

 GoldenEye Ransomware Attack

GoldenEye is fast-spreading ransomware that encrypts files and makes demands for Bitcoin payments to unlock data. It was first observed on June 27, 2017 and has infected more than 30,000 computers worldwide. 

Read More »

September 18, 2017 | Cloud Application and Data Controls
By Shannon Lietz, IANS Faculty

 M&A Playbook: Merging Domains in the Cloud

Mergers and acquisitions (M&As) are complicated enough without adding AWS instances to the mix. In this Ask-an-Expert live interaction, IANS Faculty Shannon Lietz provides a playbook for ensuring an acquired company's AWS environment is integrated quickly and securely.

Read More »

September 18, 2017 | Risk Management
By Rich Guida, IANS Faculty

 Infosec Risk Management: How to Focus on the Business Units

Information security professionals spend a lot of time doing risk management, but how do we know what the enterprise’s biggest risks are? How did we determine them? In this webinar, IANS Faculty Rich Guida discusses ways to ensure that business units (and their executive leaders) can be brought to the table and contribute meaningfully in risk identification and ranking, so when you ask for money to mitigate those risks, you have confidence that leadership has bought in to them.

Read More »

September 18, 2017 | Embedded Systems and Internet of Things
By Chris Poulin, IANS Faculty

 Poulin: The Economics of IoT Fear and Uncertainty

Information- (and now device-) security is an underappreciated field. It’s anti-climactic and difficult to justify the cost of building security in, bolting security on and implementing security controls for the operating environment. But it's up to us in the community to become early adopters and work with the manufacturers to make products as secure as possible for the general public. 

Read More »

September 15, 2017 | Data Breaches
By Kevin Beaver, IANS Faculty

 The Equifax Breach: What Happened and What to Do About It

The Equifax breach, which exposed the personal information of more than 143 million consumers, is one of the largest in recent history. In this Ask-an-Expert written response, IANS Faculty Kevin Beaver explains how the breach happened, what users need to do to protect themselves and how information security teams can ensure their organizations don't make similar mistakes - or headlines.

Read More »