Data is the perimeter, defend it that way

Data is the perimeter, defend it that way

Unless you have been living under a rock or possibly hiding in the mountains of Montana with a giant beard and eating way too many government issued MRE’s you probably heard about the nuclear bomb of a ransomware attack that kicked off last week.  Welcome to the post apocalypse folks.  For years, many of us in the cybersecurity industry have been jumping up and down on desks and trying to get the world (writ large) to pay attention to managing and patching outdated systems and operating systems that have been running legacy software, to no avail.  Now that Pandora’s box has been opened and the bad guys have use the NSA leaked tools as weapons platforms all the sudden everyone gives a dang.  I caught no less than 17 talking heads on the news this morning stating that “this is the new reality”, and “cybercrime is a serious threat to our way of life.”  Duh, also water is wet and fire is hot.  Thank you news.  

Regardless of all the bad that is bouncing around the news and everywhere else today (and as I type this I can literally see a pew pew map on CNN that looks like a Zika Virus map showing the spread of WannaCry dominating the screen behind the anchor team) the reality around this “massive hack” and “global attack” is that if folks didn’t suck at patching their systems and followed basic best practices instead of crossing their fingers and hoping that they didn’t get hit the “end of days malware” would be basically ineffective.  The “hack” targets Windows XP systems, an old, outdated, unsupported OS that should have been pulled from use eons ago.  And if the legacy system running that OS couldn’t be pulled, IT SHOULD HAVE AT LEAST BEEN PATCHED.  Problem solved, or at least made manageable. 

Read more

Zero Trust for MeatWare: It Applies to Us Humans Too

Zero Trust principles have, thus far, been mainly aimed at the network and the technology that makes our interconnected systems “live.” That’s how the concept was originally meant to be applied, but the reality of the threat vectors and need for better security capabilities means that Zero Trust has to adapt just like everything else does. The concept for Zero Trust is super, and it's being adopted at quite a few major organizations, but there's still a problem:

 

Read more

For Better Security Operations, Speak to the Pack in its Native Tongue

I have a huge German Shepherd that ranks only slightly behind my human children when it comes to being spoiled and how much attention he gets.  I’ve been working on training him for nearly a year now, and he amazes me with how intelligent he is. He knows all the basics: sit, stay, here, lay down, etc. But he also picked up detecting scents very quickly and is learning to detect things with his nose that I can’t even see with my eyes. And he does all of these things faster than most kids learn to break the Netflix password.  

The other day, working with him on his training points, I thought to myself, “Woah, my dog speaks human.” Not just English either. He speaks German (that’s the language he's trained in), and he totally understands it. I realized the problem is that I don't speak “Dog.” My dog knows about 30 human words, and they are words in a language his master has no business trying to pronounce, mind you. But he knows what those words mean, and he gets the tasking or request down every time they're uttered. He could look at me for an hour and bark, growl, howl, yip, or yelp constantly, and he could be telling me the cure for cancer and I wouldn’t know it.  

OK that’s interesting, but what does it have to do with better communication among techies?

Read more