Filter By:

Type

Topic

Recent Blogs & Podcasts

25 Results for: "Marcus Ranum"

 



January 31, 2018 | Vulnerability Assessment and Management
By Marcus Ranum, IANS Faculty

 Structure a Low-Profile Bug Bounty Program

While Google's bug bounty program is well designed and provides rich rewards, not every organization can operate at that high level. In this Ask-an-Expert live interaction, IANS Faculty Marcus Ranum describes how to build a well-structured, low-profile program that encourages participation using a more realistic reward scale. 

Read More »


December 14, 2017 | Security Policies and Strategy
By Marcus Ranum, IANS Faculty

 Communicate Cybersecurity Vulnerabilities Effectively

Communicating cybersecurity vulnerabilities to customers can sometimes feel like more of an art than a science. In this Ask-an-Expert live interaction, IANS Faculty Marcus Ranum offers a clear blueprint for communicating effectively to ensure customers are protected and the organization does not face undue risk.

Read More »


October 18, 2017 | Configuration and Change Management
By Marcus Ranum, IANS Faculty

 Configuration Management: Driving the Future of Security

Strong configuration management not only eases operational tasks like desktop and server deployments, but it also helps improve security, especially as organizations move to newer on-demand and software-defined networking environments. In this report, IANS Faculty Marcus Ranum details the vital role configuration management plays in today's environments, and offers tips for building a comprehensive program that will help drive security well into the future.

Read More »


September 21, 2017 | Threat Detection and Hunt Teaming
By Marcus Ranum, IANS Faculty

 Honeypots: Don’t Bar the Window; Be the Window

One of the best ways to detect someone climbing into your window is to instrument the window. It’s a different way of thinking about the problem of “too many alerts” in your operations center: narrow the alerts down to activities you don’t expect to see occur. In this report, IANS Faculty Marcus Ranum explains how to cut through the noise with targeted alerts and offers tips and tricks to ensure that your honeypot management doesn’t become a nightmare. 

Read More »


July 17, 2017 | Incident Response Planning
By Marcus Ranum, IANS Faculty

 Best Practices for Dynamic Business Unit Isolation

When malware strikes, many companies rush to isolate their critical business units from potentially infected corporate resources, but what are the best ways to go about this? In this Ask-an-Expert live interaction, IANS Faculty Marcus Ranum suggests scaling the separation level to match the threat, and pre-positioning key tools to ease after-separation monitoring and response.

Read More »


July 14, 2017 | Endpoints
By Marcus Ranum, IANS Faculty

 Navigate the Changing Landscape of ‘Next-Gen’ Antivirus and Endpoint Protection

From OSX to iOS and Windows XP to Windows 10, there is a very broad expanse of territory that has to be covered from an endpoint security perspective these days. In this report, IANS Faculty Marcus Ranum offers suggested investments in endpoint security over the next 24 months, and gives tips for evaluating all of the new “next-gen AV” products on the market today. 

Read More »


May 16, 2017 | Threat Detection and Hunt Teaming
By Marcus Ranum, IANS Faculty

 Building a Low-Interaction Honeypot on Linux

A low-interaction honeypot is a great threat detection tool, but it can be difficult to create and configure. In this Ask-an-Expert written response, IANS Faculty Marcus Ranum steps through the process of building a Linux-based honeypot with specific services, such as Telnet, SSH, etc.

Read More »


March 10, 2017 | Architecture, Configuration and Segmentation
By Marcus Ranum, IANS Faculty,
     Ron Dilley, IANS Faculty

 Securing Your Network With Overlapping Controls

Many security practitioners complain about being flooded with alerts and vulnerabilities, because they don't get to design their systems so that the alerts are useful. Segmentation is one of many techniques these practitioners can use to manage alerts and reduce breach
impact. In this webinar, IANS Faculty Marcus Ranum and Ron Dilley describe a model for administratively breaking your network apart into management "zones" that can be analyzed and secured separately.

Read More »


June 24, 2016 | Risk Management
By Marcus Ranum, IANS Faculty,
     Aaron Turner, IANS Faculty,
     Kevin Beaver, IANS Faculty

 Poll: Can a FICO Score for Enterprise Security Work?

We are all familiar with the FICO score for rating consumer credit-worthiness, but what about a FICO score for enterprise security? In this report, IANS Faculty Marcus Ranum, Aaron Turner and Kevin Beaver discuss whether FICO's plans to leverage its QuadMetrics acquisition to produce such a metric makes sense.

Read More »


June 2, 2016 | Networking and Network Devices
By Marcus Ranum, IANS Faculty

 From Tools to Understanding: Reinventing Security

Let’s face it: Current security practices just aren't working. Patching – and playing whack-a-mole with malware – is an endless, grinding failure. In this report, IANS Faculty Marcus Ranum introduces a completely new model for building secured networks from the ground up and uses real-world examples to show how putting in some hard work upfront can pay big security dividends.

Read More »