Filter By:

Recent Blogs & Podcasts

Insights

\ Faculty Report  



September 21, 2017 | Threat Detection and Hunt Teaming
By Marcus Ranum, IANS Faculty

 Honeypots: Don’t Bar the Window; Be the Window

One of the best ways to detect someone climbing into your window is to instrument the window. It’s a different way of thinking about the problem of “too many alerts” in your operations center: narrow the alerts down to activities you don’t expect to see occur. In this report, IANS Faculty Marcus Ranum explains how to cut through the noise with targeted alerts and offers tips and tricks to ensure that your honeypot management doesn’t become a nightmare. 

Read More »


September 14, 2017 | Encryption, Digital Signatures, Certificates, Tokenization
By Dave Shackleford, IANS Faculty

 Apply Blockchain Technology to Enterprise Security

Blockchain has been the focus of many hype cycles of late, and it seems to be making inroads into every technology area under the sun - but how enterprise-ready is it? In this report, IANS Lead Faculty Dave Shackleford examines how the technology works and details its current and future use cases in security.

Read More »


August 28, 2017 | Security Awareness, Phishing, Social Engineering
By Mike Saurbaugh, IANS Faculty

 Build and Manage a Holistic Anti-Phishing Program

Phishing continues to be a top attack vector and all companies are targets, regardless of their size. In this report, IANS Faculty Mike Saurbaugh details how to build a comprehensive anti-phishing program from the ground up and explains the importance of focusing on the right behaviors, metrics and employee engagement to ensure everyone in the company becomes a strong security ally. 

Read More »


August 10, 2017 | Application Development and Testing
By Jason Gillam, IANS Faculty

 Take a Hybrid Approach to Testing Modern Web and Mobile Applications

Many organizations are considering completely automating their web and mobile application testing, but the increasing complexity of application technology stacks is testing the limits of such automation. In this report, IANS Faculty Jason Gillam recommends taking a hybrid approach to application testing and explains which testing activities should be done manually instead. 

Read More »


July 28, 2017 | Regulations & Legislation
By Mark Clancy, IANS Faculty

 Tackle the NYSDFS Cybersecurity Regulations

Many organizations in the banking, insurance and financial services sectors are in the process of complying with the New York State Department of Financial Services' new cybersecurity regulations. In this report, IANS Faculty Mark Clancy offers tips and key strategies for complying with the new requirements, particularly around authentication, audit logging, encryption and training/awareness. 

Read More »


July 14, 2017 | Endpoints
By Marcus Ranum, IANS Faculty

 Navigate the Changing Landscape of ‘Next-Gen’ Antivirus and Endpoint Protection

From OSX to iOS and Windows XP to Windows 10, there is a very broad expanse of territory that has to be covered from an endpoint security perspective these days. In this report, IANS Faculty Marcus Ranum offers suggested investments in endpoint security over the next 24 months, and gives tips for evaluating all of the new “next-gen AV” products on the market today. 

Read More »


July 10, 2017 | Malware and Advanced Threats
By Mike Saurbaugh, IANS Faculty

 IANS Vulnerability and Breach Update: Q2 2017

A new vulnerability or breach seems to be discovered daily, but which should be taken more seriously and which are overhyped? In this report, IANS Faculty Mike Saurbaugh looks back over the major breaches and vulnerabilities of the past three months, explains them and provides real-world context and perspective.

Read More »


July 7, 2017 | Cloud Network and Host Controls
By Dave Shackleford, IANS Faculty

 IANS Cloud Security Update: Q2 2017

As organizations continue to move services and computing assets into cloud service provider environments, the need for adequate security controls grows as well. In this quarterly research report, IANS Faculty Dave Shackleford updates IANS’ clients on the new developments occurring in the cloud security arena.

Read More »


June 30, 2017 | Privileged Access Management
By Aaron Turner, IANS Faculty

 Build a Scalable Privileged Identity Management Program

The scope of the privileged identity problem continues to expand for organizations and is only exacerbated by the lack of investment in IDAM technologies. In this report, IANS Faculty Aaron Turner offers recommendations for aligning an overarching identity program with privileged user management from both a process and technology perspective. 

Read More »


June 22, 2017 | Threat Intelligence and Modeling
By Dave Shackleford, IANS Faculty

 Beef Up Your Threat Intelligence By Leveraging Internal Success

In the past year, we've experienced some of the largest, most impactful cyber-attacks in history, and one step organizations are taking to defend themselves is to make better use of threat intelligence. In this report, IANS Faculty Dave Shackleford details best practices for effectively gathering internal security event data, identifying external threat intelligence sources and integrating this data into your SIEM platforms and standalone collectors. 

Read More »