Tagsecurity

Lack of IT readiness (security)

This article highlights a lot of problems that exist in the infosec field today. There is a great quote in there:

Most IT Security organizations are busy checking some boxes on an audit list, and effectively missing the forest for the trees when it comes to actual security.”

I would sign under every word. That’s also the jist of the argument of people who are vehemently against PCI, though I wouldn’t necessarily include myself in that camp.

http://h30499.www3.hp.com/t5/Following-the-Wh1t3-Rabbit-Down/On-lack-of-IT-readiness-Security-Edition/ba-p/5791579#.UEeytI1mQik

Security & Devops

That’s a good post about the inherent conflict between devops and security. I like his points and I think the most relevant item is automation. WAF policies should be one of the core requirements during the development process and similar to identifying everything else. Ideally, it would almost be a unit test during the workflow between qa/dev/staging/prod.

 

https://securosis.com/blog/pragmatic-waf-management-application-lifecycle-integration

Security and Hadoop

Just a short article outlining some possible security problems with Hadoop. I think that’s becoming a larger issue with a lot of NoSQL and other products. Things are moving pretty quickly and it’s a great thing from an operational perspective, but a lot of the products haven’t undergone rigorous security testing and there are lot of risks that aren’t accounted for.

 

http://www.informationweek.com/big-data/news/software-platforms/240005132/hadoop-security-some-enterprisesmiss-risks

SIEM

New article on SANS covering SEIM. Talks about log collection in general and specifically focusing on open source approaches. It mentions an excellent Linux security distro: Security Onion

Targeted Intrusion Remediation

Interesting blog post about remediation and response to persistent & targeted attacks. White paper and slides are linked from the post. I am not sure where I stand on this. I understand the logic and the need for effective remediation and determining scope of the incident. However, given the assumptions in the paper: “organization inexperienced in dealing with targeted intrusions” and “security team has poor visibility into host and network activities”, I have serious doubts that this type of a team will be able to execute  the process effectively. At a minimum, some form of containment should be higher on the priority list.

https://blog.mandiant.com/archives/3110

 

© 2017 Mind End

Theme by Anders NorenUp ↑