Filter By:

Type

Topic

Recent Blogs & Podcasts

173 Results for: "Dave Kennedy"

 



January 12, 2018 | Vulnerability Assessment and Management
By Dave Kennedy, IANS Faculty

 Meltdown and Spectre: What to Do Now

The recently revealed Meltdown and Spectre chip vulnerabilities are leaving many security organizations scrambling to get a fix in place. In this Ask-an-Expert live interaction, IANS Faculty Dave Kennedy explains how attackers can leverage the flaws and why certain devices are more vulnerable than others. He also recommends taking a risk-based approach to patching them.

Read More »


August 23, 2017 | Architecture, Configuration and Segmentation
By Dave Kennedy, IANS Faculty

 Why Jump Servers Are Important

Developers and system administrators may not like using jump servers to access critical resources, but they are an important layer of security, especially when it comes to disrupting lateral movement. In this Ask-an-Expert written response, IANS Faculty Dave Kennedy explains how using - and configuring - jump servers correctly can slow down attackers and help prevent data loss.

Read More »


August 22, 2017 | Penetration Testing and Red Teaming
By Dave Kennedy, IANS Faculty

 Top 10 Ways Penetration Testers Break Into Organizations

Penetration-testers are great at uncovering critical vulnerabilities that give them unfettered access across entire organizations, but did you know that many rely primarily on 10 common (and easily mitigated) exploits? In this Ask-an-Expert written response, IANS Faculty Dave Kennedy details penetration-testers' top go-to methods and offers advice for shutting them down.

Read More »


August 3, 2017 | Managed Security Services
By Dave Shackleford, IANS Faculty,
     Dave Kennedy, IANS Faculty

 How to Vet and Choose the Right MSSP for You

Most MSSPs claim to have the right staff and services in place to meet your every security need, but how can you be sure the one you pick will actually deliver on its promises? In this Ask-an-Expert written response, IANS Faculty Dave Shackleford and Dave Kennedy offer a shortlist of top vendors and offer advice for vetting, choosing, contracting with and managing the right MSSP. 

Read More »


May 22, 2017 | Malware and Advanced Threats
By Dave Kennedy, IANS Faculty

 Dave Kennedy on WannaCry and the Future of Ransomware Attacks

IANS Faculty Dave Kennedy, president and CEO of TrustedSec and frequent guest on major news networks such as CNN and Fox, stops by the IANS studio to review the latest details surrounding the WannaCry attack and offer tips for thwarting future attacks, from disabling SMB-1 to implementing application whitelisting.

Read More »


May 8, 2017 | Endpoints
By Dave Kennedy, IANS Faculty

 Weighing Traditional vs. Next-Gen Endpoint Protection

Traditional endpoint protection platforms (EPPs) like McAfee or Symantec tend to have rich feature sets, but are lagging in newer capabilities. Next-gen endpoint solutions, on the other hand, have cutting-edge features but don't offer a broad range of functionality. In this Ask-an-Expert live interaction, IANS Faculty Dave Kennedy compares the two spaces and offers recommendations for getting the best of both worlds.

Read More »


April 18, 2017 | Penetration Testing and Red Teaming
By Dave Kennedy, IANS Faculty

 Adversarial Simulations - Evolving Penetration Testing

Penetration testing has been given quite a few names over the past few years, including everything from “vulnerability scanning” all the way to “targeted and direct attacks” against organizations. This comes as attacker techniques themselves are shifting based on organizations adding more detection capabilities into their environments. In this webinar, IANS Faculty Dave Kennedy dives into some of the latest attack vectors and discusses why adversarial simulations are some of the most effective methods for building defenses within your organization. 

Read More »


August 23, 2016 | Intrusion Prevention/Detection (IPS/IDS)
By Dave Kennedy, IANS Faculty

 Detailing the Benefits of Network- and Host-Based IDS/IPS Solutions

Both network- and host-based IDS solutions are critical for organizations when it comes to quickly identifying threats. In this Ask-an-Expert written response, IANS Faculty Dave Kennedy breaks down the advantages and limitations of each and offers recommendations for organizations to get the most out of their IDS/IPS solutions.

Read More »


October 29, 2015 | Security Policies and Strategy
By Dave Kennedy, IANS Faculty

 Maintaining Physical/Door Security in an Emergency

During an emergency, safety is always the primary concern, but how can organizations ensure their critical areas remain secure as well? In this Ask-an-Expert written response, IANS Faculty Dave Kennedy explains which areas should have fail-safe and fail-secure doors and explains the important role that security guards and camera systems can play in protecting sensitive locations.

Read More »


October 27, 2015 | Security Information and Event Management (SIEM) and Log Management
By Dave Kennedy, IANS Faculty

 Best Practices for Monitoring Security Events

When building a threat monitoring and detection program, the first step for security teams is to define what, exactly, they want to monitor. In this Ask-an-Expert written response, IANS Faculty Dave Kennedy explains that following that initial phase of defining attack vectors and high-value assets within the business, the next step is to create and add rules, from pass the hash detection to honeypots and honeyfiles.

Read More »