Up until this point we’ve focused on all the preparatory work before you finally turn on the switch and start using your DLP tool in production. While it seems like a lot, in practice (assuming you know your priorities) you can usually be up and running with basic monitoring in a few days. With the pieces in place, now it’s time to configure and deploy policies to start your real monitoring and...
In the the last twelve months we’ve witnessed the highest rates of data theft disclosures since the record setting year of 2008 (including, for the first time in public, Rich’s credit card). So predictably there will be plenty of FUD balloons flying at this year’s conference. From Anonymous to the never-ending Wikileaks fallout and cloud fears, there is no shortage of chatter about...
It’s a Presidential election year here in the US, and that means the master spin meisters, manipulators, and liars politicians will be out in full force. Normally I just tune out, wait for the primary season to end and then figure out who I want to vote for. But I know better than to discuss either religion or politics with people I like. And that means you. So I’m not going to go...
As we continue with our tour through the RSA Conference, we’re in the home stretch. Today we’ll hit both security management and compliance, since the two are intrinsically linked.
Security Management
Security Management has been a dynamic and quickly evolving space that received a lot of attention at conference like RSA. Yet, we will probably see a little bit less visibility on the...
For those of you who are familiar with DAM, you already know over the last four years that DAM solutions are bundled with assessment and auditing capabilities. Over the last two years we’ve seen the near universal inclusion of discovery and rights management capabilities. While DAM is the centerpiece of a database security strategy, as a technology, it’s just one of a growing number...
Just a quick announcement that this week on Wednesday I’ll be doing a webcast on how to look for ways to reduce PCI-DSS scope and audit costs with Tokenization. This will cover the meaty-part of the Tokenization Guidance paper from last year. In the past I’ve talked about the issues with the PCI council’s Tokenization supplement; here I will dig into how Tokenization effects...
Just a little President’s Day update on the Malware Analysis Quant project. At the end of last month, we packed up all of the process descriptions into a spiffy paper, which you can download and check out.
We’ve been cranking away at the second phase of the research, and the first step of that is the survey. Here is a direct link to the survey, and we’d certainly love your...
For a little bonus on a Sunday afternoon, let’s dig into the next section of the RSA Guide, Email and Web Security which remains a pretty hot area. This shouldn’t be surprising since these devices tend to be one of the only defenses against your typical attacks like phishing and drive-by downloads. We’ve decided to no longer call this market ‘content security’; that was a...
Ah, the endpoint. Do you remember the good old days when endpoint devices were laptops? That made things pretty simple, but alas, times have changed and the endpoint devices you are tasked to protect have changed as well. That means it’s not just PC-type devices you have to worry about – it’s all varieties of smartphones and in some industries other devices including point of...
I managed to take a couple days off last week, and got out of town. I went camping with a group of friends, all from very different backgrounds, with totally unrelated day jobs – but we all love camping in the desert. Whenever we’re BSing by the camp fire, they ask me about current events in security. There’s almost always a current data breach, ‘Anonymous’ attack,...
Next Event
Space is limited, reserve your spot today
