Filter By:

Recent Blogs & Podcasts

165 Results for: "Dave Kennedy"

 



May 22, 2017 | Malware and Advanced Threats
By Dave Kennedy, IANS Faculty

 Dave Kennedy on WannaCry and the Future of Ransomware Attacks

IANS Faculty Dave Kennedy, president and CEO of TrustedSec and frequent guest on major news networks such as CNN and Fox, stops by the IANS studio to review the latest details surrounding the WannaCry attack and offer tips for thwarting future attacks, from disabling SMB-1 to implementing application whitelisting.

Read More »


September 8, 2016 | Password Management
By Chris Gonsalves, IANS Director of Technology Research

 Dave Kennedy on Passwords, Pen Tests, Purple Teams and DerbyCon

The inimitable Hacking Dave himself, IANS Faculty Dave Kennedy, joins us this week to talk about the recent password follies, ethical issues around vulnerability disclosures, and his advice for effective penetration testing and purple teaming. Dave also shares insights into the hyper-positive culture and vibe of DerbyCon and talks about witnessing the big win last June of his hometown Cleveland Cavaliers.

Read More »


January 12, 2018 | Vulnerability Assessment and Management
By Dave Kennedy, IANS Faculty

 Meltdown and Spectre: What to Do Now

The recently revealed Meltdown and Spectre chip vulnerabilities are leaving many security organizations scrambling to get a fix in place. In this Ask-an-Expert live interaction, IANS Faculty Dave Kennedy explains how attackers can leverage the flaws and why certain devices are more vulnerable than others. He also recommends taking a risk-based approach to patching them.

Read More »


August 23, 2017 | Architecture, Configuration and Segmentation
By Dave Kennedy, IANS Faculty

 Why Jump Servers Are Important

Developers and system administrators may not like using jump servers to access critical resources, but they are an important layer of security, especially when it comes to disrupting lateral movement. In this Ask-an-Expert written response, IANS Faculty Dave Kennedy explains how using - and configuring - jump servers correctly can slow down attackers and help prevent data loss.

Read More »


August 22, 2017 | Penetration Testing and Red Teaming
By Dave Kennedy, IANS Faculty

 Top 10 Ways Penetration Testers Break Into Organizations

Penetration-testers are great at uncovering critical vulnerabilities that give them unfettered access across entire organizations, but did you know that many rely primarily on 10 common (and easily mitigated) exploits? In this Ask-an-Expert written response, IANS Faculty Dave Kennedy details penetration-testers' top go-to methods and offers advice for shutting them down.

Read More »


August 16, 2017 | Security Awareness, Phishing, Social Engineering
By IANS Faculty, IANS Faculty

 Poll: Does Tagging External Email Promote Awareness?

With phishing and email spoofing attacks on the rise, many organizations are considering tagging all external emails to raise user awareness and bolster their defenses - but is it a good idea? In this report, IANS Faculty James Tarala, Mike Pinch, Dave Kennedy and Mike Saurbaugh weigh in on the practice and offer tips for ensuring success. 

Read More »


August 3, 2017 | Managed Security Services
By Dave Shackleford, IANS Faculty,
     Dave Kennedy, IANS Faculty

 How to Vet and Choose the Right MSSP for You

Most MSSPs claim to have the right staff and services in place to meet your every security need, but how can you be sure the one you pick will actually deliver on its promises? In this Ask-an-Expert written response, IANS Faculty Dave Shackleford and Dave Kennedy offer a shortlist of top vendors and offer advice for vetting, choosing, contracting with and managing the right MSSP. 

Read More »


July 31, 2017 | Incident Investigations, Handling and Tracking
By IANS Faculty, IANS Faculty

 Poll: Is It Better to Shut Down/Disconnect a Suspected Malware-Infected Device or Leave It Running?

When malware strikes, ensuring employees know and take the right steps immediately can make all the difference. In this report, IANS Faculty Mark Clancy, Dave Kennedy, Aaron Turner and Marcus Ranum weigh in on whether employees' first step should be to shut down the infected machine or contact security. 

Read More »


May 8, 2017 | Endpoints
By Dave Kennedy, IANS Faculty

 Weighing Traditional vs. Next-Gen Endpoint Protection

Traditional endpoint protection platforms (EPPs) like McAfee or Symantec tend to have rich feature sets, but are lagging in newer capabilities. Next-gen endpoint solutions, on the other hand, have cutting-edge features but don't offer a broad range of functionality. In this Ask-an-Expert live interaction, IANS Faculty Dave Kennedy compares the two spaces and offers recommendations for getting the best of both worlds.

Read More »


April 18, 2017 | Penetration Testing and Red Teaming
By Dave Kennedy, IANS Faculty

 Adversarial Simulations - Evolving Penetration Testing

Penetration testing has been given quite a few names over the past few years, including everything from “vulnerability scanning” all the way to “targeted and direct attacks” against organizations. This comes as attacker techniques themselves are shifting based on organizations adding more detection capabilities into their environments. In this webinar, IANS Faculty Dave Kennedy dives into some of the latest attack vectors and discusses why adversarial simulations are some of the most effective methods for building defenses within your organization. 

Read More »