Filter By:

Type

Topic

Recent Blogs & Podcasts

Insights Portal

\ Faculty Reports 



April 18, 2018 | Threat Detection and Hunt Teaming
By Marcus Ranum, IANS Faculty

 Honeypots: Are You Up to the Challenge?

Honeypots have a bad rap in infosec circles, and that's unfortunate. Implemented correctly, honeypots are virtually free tools that can help security easily and quickly pinpoint attackers as they perform reconnaissance or try to move laterally through a network. In this report, we explain what honeypots are, offer some simple ways to build them, and detail their pitfalls and success factors. 

Read More »


April 11, 2018 | Threat Intelligence and Modeling
By Bill Dean, IANS Faculty

 Make Sense of Your Threat Intel

With all the threat feeds and intelligence sources out there, how can you choose – and use – the right ones for your specific infosec program and use cases? In this report, IANS Faculty Bill Dean offers practical tips for choosing the right feeds, integrating the data and ensuring you successfully leverage threat intel to proactively detect/prevent attacks.

Read More »


April 10, 2018 | Malware and Advanced Threats
By Mike Saurbaugh, IANS Faculty

 IANS Vulnerability and Breach Update: Q1 2018

Vulnerabilities and breaches are mainstream news regularly. With a new vulnerability seemingly discovered daily, which should be taken more seriously (i.e., patch now!) and which are overhyped? In this quarterly research report, IANS Faculty Mike Saurbaugh updates clients on the top vulnerabilities and breaches from the past quarter and provides some real-world context and perspective.

Read More »


April 4, 2018 | Cloud Network and Host Controls
By Dave Shackleford, IANS Faculty

 IANS Cloud Security Update: Q1 2018

As organizations continue to move services and computing assets into cloud service provider environments, the need for adequate security controls grows as well. In this quarterly research report, IANS Faculty Dave Shackleford updates IANS’ clients on the new developments occurring in the cloud security arena.

Read More »


April 3, 2018 | Budgeting

 Winning the Battle of the Budget

Our Winning the Battle of the Budget research began with two goals: Determine key obstacles (or battlefronts) in enterprise security budgeting, and identify methods and best practices used by successful infosec leaders to grease the budget skids. What we discovered along the way is an uneven battlefield, a place where winning and losing is tied to infosec support across the organization. Regardless of size, maturity or corporate heft, the approach to security budgeting looks different in organizations that inherently value information security and those that do not.

Read More »


March 28, 2018 | Authentication
By Aaron Turner, IANS Faculty

 Outsourced Authentication: When It Works – and When It Doesn’t

In this always-on cloud/mobile world, many organizations are outsourcing their application authentication to the likes of Google, Facebook and LinkedIn. In this report, IANS Faculty Aaron Turner explains when handing your authentication tasks to a third-party makes sense – and when it doesn’t. He also details the key decision factors to consider before making the move. 

Read More »


March 21, 2018 | Incident Response Planning
By Kevin Beaver, IANS Faculty

 Lay the Groundwork for IR in the Cloud

Incident response is never easy, but responding quickly and effectively to an incident when key evidence is housed and managed by a cloud vendor can be even more difficult. In this report, IANS Faculty Kevin Beaver steps you through the process of putting the right pieces in place to ensure your cloud incident response is effective and efficient.

Read More »


March 7, 2018 | Cloud Network and Host Controls
By Dave Shackleford, IANS Faculty

 Cloud Security Controls: A Question of Trust

When is it ok to use a cloud provider’s security controls – and when isn’t it? In this report, IANS Faculty Dave Shackleford details the latest security offerings from the likes of Amazon, Azure and Google, explains what works well and what’s still missing, and offers some good rules of thumb for deciding when to trust the security controls offered by your cloud provider.

Read More »


February 28, 2018 | Malware and Advanced Threats
By Joff Thyer, IANS Faculty

 Detect and Defend Against Fileless Malware

Never mind zero days. Fileless malware – which uses Windows tools like PowerShell and WMI to establish command-and-control channels and otherwise wreak havoc – is taking off in a big way. In this report, IANS Faculty Joff Thyer explains how fileless malware works, why it's becoming more rampant and the key steps to take to detect and defend against it.

Read More »


February 14, 2018 | Authentication
By Andrew Carroll, IANS Faculty

 Understanding Blockchain’s Promise for Identity Management

While blockchains were developed to solve problems very different from identity management, some vendors (and enterprises) are beginning to explore how blockchains could be used to both secure and provide more granular control over digital identities. In this report, IANS Faculty Andrew Carroll explains the pros and cons of using blockchains for identity, and provides a practical overview of the vendors addressing the space.  

Read More »