Tag: Verdasys

  • Dealing with DLP and privacy

    Dealing with DLP and privacy It’s a long hot summer here in the Middle East and with 2/3 of  the office out on vacation, you have some time to reflect on data security. Or on the humidity.  Or on a cold beer. Maybe you are working on building a business case for DLP technology like Websense or Symantec or Verdasys, or Mcafee or Fidelis in […]

  • The dangers of default passwords – 37% of Data Breaches Found to be Malicious Attacks

    A malicious attack by malware or spear phishing on valuable data assets like PHI (protected health information) exploits known vulnerabilities  and one of the most common vulnerabilities in medical devices and healthcare IT systems is default passwords. “Researchers Billy Rios and Terry McCorkle of Cylance have reported a hard-coded password vulnerability affecting a wide variety of […]

  • Will security turn into a B2B industry?

    Information security is very much product driven and very much network perimeter security driven at that:   firewalls, IPS, DLP, anti-virus, database firewalls, application firewalls, security information management systems and more. It is convenient for a customer to buy a product and feel “secure” but, as businesses become more and more interconnected, as cloud services […]

  • Securing Web servers with SSL

    I’ve been recently writing about why Microsoft Windows and the Microsoft monoculture in general  is a bad idea for medical device vendors – see my essays on Windows vulnerabilities and medical devices here, here and here. It is now time to slaughter one more sacred cow: SSL. One of the most prevalent misconceptions with vendors in […]

  • Cyber crime costs over $1 trillion

    A pitch from Alex Whitson from SC TV for a Webinar on the LinkedIn Information Security Community piqued my attention with the following teaser: As you may have read recently, Cybercrime is now costing the UK $43.5 billion and around $1 trillion globally. Sponsored by security and compliance auditing vendor nCircle, the Webinar pitch didn’t cite any sources for the […]

  • Wikileaks and data theft

    A colleague of mine, Bill Munroe, is VP Marketing at Verdasys, the first of the agent DLP vendors and the most established of  the independent pure play DLP technology companies. (No. I do not have a business relationship with Verdasys).  Bill has written a paper entitled “Protecting against Wikileaks events and the trusted insider threat” […]

  • Why data security is like sex

    We all think about sex – men (most of the time), women (some of time) and teenagers (all the time). Sex – despite the huge volume of content in the digital and print media, is one of those phenomena that demonstrate an inverse relationship between substance and talk.    The more talk, chances are, the […]

  • Securing Web services in the cloud

    Almost every SaaS (software as a service) is based on REST or XML Web services.  In this post, I’d like to provide a brief introduction to some typical threats and security countermeasures to protect Web services; Malicious Attack on the message The beauty of  HTTP Web Services is that traffic flows through port 80 and […]

  • Bank of America and Wikileaks

    First reported in the Huffington Post in November 2010, the Bank of America has set up a Wikileaks defense team after an announcement by Julian Assange that Wikileaks has information from a 5GB hard drive of a Bank of America executive. In a burst of wikipanic, Bank of America has dived into full-on counterespionage mode…15 […]

  • WikiLeaks Breach – trusted insiders not hackers

    With a delay of almost 10 years – SCIAM has published an article on the insider threat – WikiLeaks Breach Highlights Insider Security As one of the pioneers in the DLP space (data loss prevention) and an active data security consultant in the field since 2003 – I am not surprised when civilians like the […]

1 2 3 5
Next Page