Friday, May 29, 2015

Third Party Vendors Are Your Weakest Links

We've all seen the issues, many of them disastrous, that companies have with third party vendors and it's something that the security community still needs to take seriously. If the Target breach wasn't engouh to wake you up regarding the control of your third party accounts, I don't know what is. You need to have policy in place that limits these accounts and the ability to monitor them as well as possible. In these two article I speak about ways to ensure network security when working with third party vendors.

Here are the two links:

Article 1 of 2
Article 2 of 2

Thursday, May 28, 2015

Infosec Pulp Fiction

Whoever made this meme deserves a slow golf clap. Well done, sir.


Wired Magazine on the Silk Road saga

Just finished reading the two part series from Wired Magazine on the Silk Road saga. Gotta say that this was a fine piece of work by Wired. It was an interesting read knowing a few people that were involved on both sides of this case. If you haven't already picked up the past two months of Wired Magazine (April and May) that review the case, I'd highly recommended it. Good read.

Here's the link to the first part (April).

Wednesday, May 27, 2015

Why Two Factor Authentication Is Important

We've seen so many hacks today that focus on stealing user credentials and using them to pivot or escalate in a network. In this article I explain where two factor authentication should be used and alternate methods of technology that are available to implement this protection. Two factor isn't just for big business, either. It's for personal use too.

http://blog.algosec.com/2015/05/two-factor-authentication-why-when-and-how.html

Monday, May 11, 2015

Thinking about purchasing a MDM solution?

In this article I write about six questions you need to ask yourself before purchasing an MDM solution. If you're considering MDM, already in a PoC, or have a system already installed, it might be helpful to determine if your MDM meets up to these six criteria. Let me know what you think and if there are other areas you think should be added to the list of recommendations.

http://searchsecurity.techtarget.com/feature/Six-questions-to-ask-before-buying-enterprise-MDM-products