Filter By:

Recent Blogs & Podcasts

Insights

\ Faculty Report  



November 15, 2017 | Authentication
By Aaron Turner, IANS Faculty

 Correlate Real-World Users to Digital Identities

From ERP systems to Active Directory, digital identities are spread throughout our digital infrastructures. Unfortunately, most large organizations have no good way of correlating those digital identities to actual humans, a situation that both opens security holes and makes moving to new technologies like cloud and mobile much more difficult than it needs to be. In this report, IANS Faculty Aaron Turner shows how three key identity management building blocks can be used to effectively correlate real-world users to digital identities and improve enterprise security.

Read More »


November 1, 2017 | Security Awareness, Phishing, Social Engineering
By Mike Saurbaugh, IANS Faculty

 Ensure Your Security Awareness Program Fosters Behavioral Change

Security awareness training can easily become a compliance checkbox that isn’t beneficial to the organization, particularly as many users view security simply as a necessary evil that restricts their ability to get things done. In this report, IANS Faculty Mike Saurbaugh steps you through the process of ensuring security training gets employees to stop undesired behaviors (e.g., clicking on phishing links) and start desired ones (e.g., reporting suspicious emails to security), so that your training program can actually meet its ultimate goal: securing the business. 

Read More »


October 25, 2017 | Cloud Network and Host Controls
By Dave Shackleford, IANS Faculty

 Hybrid Cloud Security: Know the Fundamentals

While hybrid clouds offer more visibility and control than cloud-only environments, they also require smart architecture and security designs to keep data safe and the business as a whole up and running. In this report, IANS Faculty Dave Shackleford details the key fundamentals of hybrid cloud security, including automation, continuous monitoring and shift-left strategies designed to ensure your hybrid cloud workloads remain secure today - and over time. 

Read More »


October 18, 2017 | Configuration and Change Management
By Marcus Ranum, IANS Faculty

 Configuration Management: Driving the Future of Security

Strong configuration management not only eases operational tasks like desktop and server deployments, but it also helps improve security, especially as organizations move to newer on-demand and software-defined networking environments. In this report, IANS Faculty Marcus Ranum details the vital role configuration management plays in today's environments, and offers tips for building a comprehensive program that will help drive security well into the future.

Read More »


October 11, 2017 | Encryption, Digital Signatures, Certificates, Tokenization
By Aaron Turner, IANS Faculty

 The Future of Enterprise Encryption: Prioritizing What Matters

Encryption is a hard technology to understand and an even harder one to deploy in a consistent, reliable way. In this report, IANS Faculty Aaron Turner explains how enterprises should be re-prioritizing their encryption technologies, staffing and investments to handle the increasingly larger role encryption is set to play in today's (and tomorrow's) information security programs.

Read More »


October 6, 2017 | Malware and Advanced Threats
By Mike Saurbaugh, IANS Faculty

 IANS Vulnerability and Breach Update: Q3 2017

Vulnerabilities and breaches are mainstream news regularly. With a new vulnerability seemingly discovered daily, which should be taken more seriously (i.e., patch now!) and which are overhyped? In this quarterly research report, IANS Faculty Mike Saurbaugh updates clients on the top vulnerabilities and breaches from the past quarter and provides some real-world context and perspective.

Read More »


October 5, 2017 | Cloud Network and Host Controls
By Dave Shackleford, IANS Faculty

 IANS Cloud Security Update: Q3 2017

As organizations continue to move services and computing assets into cloud service provider environments, the need for adequate security controls grows as well. In this quarterly research report, IANS Faculty Dave Shackleford updates IANS’ clients on the new developments occurring in the cloud security arena.

Read More »


September 29, 2017 | Vulnerability Assessment and Management
By Dave Shackleford, IANS Faculty

 Toning Up the Vulnerability Management Core

When it comes to safeguarding your organization, it's the security basics, not the shiny new widgets, that get the job done. In this report, IANS Lead Faculty Dave Shackleford details the fundamental technology controls required to tone up your vulnerability management core, including inventory management/maintenance, patch management and implementing rigorous configuration controls that meet or exceed industry best practices. 

Read More »


September 27, 2017 | Security Policies and Strategy
By David Kolb, IANS Faculty

 Getting the Board on Board

Information security is no longer a cursory topic embedded in a quarterly discussion of organizational risk; it’s now an uncomfortably frequent topic on many board agendas. In this report, IANS Faculty David Kolb offers tips to ensure that when summoned to the board, you are prepared and succinct, and use the opportunity to build trust, deepen organizational understanding and get the support you need to provide excellent information security. 

Read More »


September 21, 2017 | Threat Detection and Hunt Teaming
By Marcus Ranum, IANS Faculty

 Honeypots: Don’t Bar the Window; Be the Window

One of the best ways to detect someone climbing into your window is to instrument the window. It’s a different way of thinking about the problem of “too many alerts” in your operations center: narrow the alerts down to activities you don’t expect to see occur. In this report, IANS Faculty Marcus Ranum explains how to cut through the noise with targeted alerts and offers tips and tricks to ensure that your honeypot management doesn’t become a nightmare. 

Read More »