Thursday, March 22, 2012

Hardware encryption a must with patient data

Here's my latest article for searchhealthit.techtarget.com. The ability to keep your data protected is becoming more prominent with every passing day. There are a variety of ways to secure data, either on the perimeter or in within the local area network (LAN), but the most fundamental method in a defense-in-depth model is hardware encryption. Read more at: http://searchhealthit.techtarget.com/tip/Hardware-encryption-a-must-with-patient-data-so-vulnerable-at-rest

Wednesday, March 21, 2012

Listen to my "In the Trenches" Interview with Algosec.com

Podcast: In the Trenches - Examining the Disconnect Between IT Security and IT Operations When it comes to the network, IT operations and IT security teams need to work together to ensure security, productivity and ultimately business agility, but they don’t always see eye-to-eye. In this Q&A style podcast, we ask infosecurity practitioner Matthew Pascucci about this challenge and highlight some key areas for improvement, including IT audits, firewall change management processes, shifting the organizational culture and more. Click the link below to get the audio: http://blog.algosec.com/2012/03/podcast-in-the-trenches-examining-the-disconnect-between-it-security-and-it-operations.html

Wednesday, March 14, 2012

The Decsion to Install Next Gen Firewalls

Protecting an organization from risk is still the main reason we have firewalls in place today, but with the advent of Next-generation firewalls (NGFWs) the traditional manner in how we secure the enterprise with firewalls is changing. With the emergence of web 2.0 we need to be able to protect ourselves from evolving threats that wouldn’t be stopped with traditional “Old School” firewalls, but as always everything new comes with its own sets of challenges. By utilizing a NGFW, organizations can leverage its features to plug holes in their infrastructure, but at the same time open themselves up to new risk. Read the pros and cons on installing NextGen firewalls here: http://blog.algosec.com/2012/03/next-generation-firewalls-a-step-in-the-right-direction-but-its-not-a-black-or-white-decision.html

Monday, March 12, 2012

My latest article in SearchSecurity.com

Here's my latest article in SearchSecurity.com Performing an information security gap analysis against an enterprise network is an exercise that is highly advantageous, but rarely performed correctly. First, an organization must understand its purpose before it will prove useful. A network gap analysis is the exercise of reviewing a network against a proven standard to determine areas that need improvement. The analysis highlights areas in a network that need to have a more secure focus. Read the below link for more: http://searchsecurity.techtarget.com/tip/Key-steps-to-perform-a-successful-information-security-gap-analysis

Wednesday, March 7, 2012

Not Even the Pope's Safe From Hacktivism?

So our friends from Anonymous are at it again. This time taking down www.vatican.va and other Catholic church related sites. They stated the reason behind the site take-down as follows: "Anonymous decided today to besiege your site in response to the doctrine, to the liturgies, to the absurd and anachronistic concepts that your for-profit organization spreads around the world," the hackers said in an Italian-language statement that "This attack is not against the Christian religion or the faithful around the world but against the corrupt Roman Apostolic Church." This news comes today after failing to DDoS the site over the summer http://www.pcmag.com/article2/0,2817,2400842,00.asp. More importantly this serves as a lesson to all organizations that have a web presence. Anyone on the internet is vulnerable to a hacktivist attack at any moment. Many of these attacks are done for the LULZ or for a political reason. Many organizations can unknowingly cause the attention of a hacktivist group by doing something that seems innocent to them at the time. Companies might support, fund or defend an idea or group that the hacktivists find offense and because of this affiliation your organization could be in the hacktivists cross-hairs. There's really no way to protect yourself from hacktivists, keeping a layered defense is your only chance at staying afloat. Good luck.

Saturday, March 3, 2012

China: The Elephant in the Room

Everyone knows that China's hacking the stuffing our of the United States, but I haven't seen us doing a thing to stop it. There's a lot of talk about how we need to stop China, but that's all it is, talk. When are we going to stand up to this hacking juggernaut and put an end to this? There's no way we're going to stop getting hacked, our systems are insecure to begin with and that's a different story, but what is our government doing to stop this? The BBC reported recently on Chinese hackers gaining full functionality to NASA computers in their Jet Propulsion Laboratory. You can read the full article here: http://www.bbc.co.uk/news/technology-17231695 The government noted that after doing an investigation on these attacks they found the addresses coming from China (surprise face, nope). This is a big deal and we look at it and say, "Ohh there's goes China again, when will they stop? Oh well, time for lunch." This isn't someone stealing the recipe to grandma's cookies this is NASA people and this is tip of the iceberg when it comes to Chinese hacks (that we know of)!! When are we as a country going to straight up defend ourselves from the Chinese? I mean seriously, we know they're doing it, we have more than enough evidence to prove that they're sanctioning cyber-espionage, but yet we don't do a single thing. We tell China to stop and they say, "We don't know who's doing it", and we leave them alone. Seriously!! I'm sure that we're doing similar acts against other countries, but we need to at least stand up to them and let them know that we mean business, that we'll start pulling away from them if they don't stop, but China knows we're in debt and will call our bluff if we did. This is a major issue that's going to get worse. We're losing countless hours of research, intellectual property and competitive analysis to the Chinese who are more than happy to let us do the dirty work while they swoop in and reap the benefits. The reason China is able to create high quality products to the United States at low prices is because they're stealing that high quality from America and we're buying it up. China is robbing us blind and we're paying for it. They need to be stopped.