Data Loss Prevention: It’s Not a Question of “If” but “When”

50 million customer records were stolen from Living Social. Were you one of them? If you’re one of the millions of people that like to look at their daily deals, then you likely were. While credit card information was not stolen or accessed, other personally identifiable information (PII) was. This includes names, email addresses, dates of birth and some encrypted site passwords. Despite the fact that clear text passwords were not stolen, Living Social still emailed their full user database advising them of the breach and encouraged all users to change their passwords. (This created another issue as many spam filters saw these emails as phishing attacks and blocked them from getting to end users’ inboxes.) While Living Social is a consumer site, this breach has far reaching ramifications for all types of businesses. It also raises two important questions:

  1. “What does this mean for my business?”
  2. “Are we protected against a targeted attack or APT like that one?” Read More »

Malware is an “Everyone” Problem

I’ve seen many instances of our customers struggling with viruses and malware-related challenges over my past 15 years of working in the IT security arena. However, no more so than now has malware seemingly become an everyone problem.

It is unbiased as to whom it preys upon and has no regard for an organization’s vertical market, size or market presence. Why? Simply put, your data has changed. Conventional security has taught us to protect the perimeter. This is not the best approach in today’s ‘new’ network. Now data resides in multiple locations:

  • It is uploaded
  • Shared Resides in the cloud
  • On mobile devices
  • Virtualized and replicated Read More »

Keeping IT Security Decision-Making on Track

It’s easy to see why IT security suffers from an inferiority complex. On the one hand, if there are security incidents, IT security is incompetent or ineffective. On the other, if there aren’t security incidents, we often get complacent, and IT security seems less necessary. In either case it becomes all too easy to de-prioritize security efforts, or to think of security simply as a cost of doing business and work to minimize that cost.

Just as importantly, without guidance, it’s hard to know what to do with security. If an organization has a limited amount of money—is it better off spending it on Data Loss Prevention or Mobile Device Management? Clearly they’re both areas of risk, but how should we decide what to do first? And these aren’t the only security needs competing for our attention! Read More »

A Case of Mistaken Identity

Answering identity questions has become paramount in today’s mobile world.  Without accurately answering the identity question, the idea of relevant, meaningful policy becomes increasingly difficult, and ultimately limits the effectiveness of the security control.

So, what do I mean by the identity question?

If I stand at the front door of most organizations today, I’m likely to see all kinds of interesting, really fun and cool devices being carried in by all different folks within the organization.  As the network security guru, I would ask myself a few questions… Read More »

Cisco ASA Version 9.0/ASDM Version 7.0: Finally Here and What’s New!

As of late, Cisco ASA releases have become, shall we say, complicated.  For ASA models 5505, 5510, 5520, 5540, 5580, and 5585-X, the latest version supported on these platforms has been ASA 8.4(5).  And, for ASA models 5512-X, 5515-X, 5525-X, and 5545-X the only supported ASA version has been 8.6(1).  8.6(1) did not have feature parity with 8.4(5), and was hardware dependent.  Let’s not forget about lonely ASA 8.7(1.1), which is only supported on the ASA 1000v, and the ASA Services Module (ASASM) whose only supported version has been 8.5(1). Read More »