Branden R. Williams, Business Security Specialist

Trusting Identities in the Cloud standard

While next-gen IT and cloud infrastructure continues to grow in relevance and adoption, there are still some serious issues that have yet to be universally solved. One of those issues is the assertion of continuous trust in identities as they move around the cloud. RSA and Zscaler announced today a collaboration to deliver trusted access for cloud computing by jointly developing a cloud-based solution to provide that identity assertion. It will integrate risk-based authentication and identity federation from RSA’s Cloud Trust Authority and RSA’s Adaptive Authentication along with the inline web security capabilities of Zscaler’s Cloud Security service. Want more information? Stop by the RSA booth in the Expo hall! Possibly Related Posts: Level Up Cybersecurity with Kasm Workspaces Let’s ...

Discover Your Security Persona at RSA Conference! standard

What an afternoon! We’ve learned about ninjas, trolls, unicorns, squirrels, and rockstars. One of these personas might just fit your perfectly! If you want to have a super-official assessment of your persona, come to the RSA Booth in the Expo hall and take our short quiz. Once complete, we’ve got a ton of goodies for you including a nice wallpaper for your phone and a T-Shirt! What is your security professional persona? Watch #AlterEgoRSA on Twitter or RSASecurity on Facebook to see lots of fun content, find out what persona best describes someone you may know, and keep reading to see them all! Possibly Related Posts: RSA Conference 2013, YOU READY!? New Security Services from EMC Consulting Enable Trusted IT ...

Security Personae, the Ninja standard

After adding unicorns to our list of personae that includes trolls, rockstars, and squirrels, it’s time to discuss one final personae—the Ninja. While the unicorn has a solid foothold in infosec lore, the Ninja is the warrior that relies on his stealth, agility, and speed to neutralize his targets. Ninjas train relentlessly to make their skills reflexive and rely on diversionary tactics and misdirection to perform their tasks right under our noses. Ninjas exist on both sides of the equation in a yin/yang fashion, but rarely do they stay relentlessly true to their colors. Good ninjas might slip into restricted areas for learning purposes, and bad ninjas may occasionally help out an innocent. Regardless of their philosophy, they remain the ...

Security Personae, the Unicorn standard

So far, you have learned about trolls, rockstars, and squirrels. But what about the biblical version of the grasshopper? The Unicorns didn’t miss the Ark because they were playing, they were busy hunting unseen and unknown threats in the system. In fact, the stories of missing the Ark furthered their cause by allowing them to “erase” themselves from known existence. This might be their greatest asset as not only are they rare, but for the most part, the people don’t think they exist at all. A unicorn’s skills and legends are infosec folklore. Many imitate, but few embody the true spirit of the unicorn. What is your security professional persona? Watch #AlterEgoRSA on Twitter or RSASecurity on Facebook to see ...

Security Personae, the Squirrel standard

We’ve read about rockstars and trolls, but what about the folks that live in the nuts and bolts of information security? It’s the Chris Hoff’s of the world, the Squirrel. Squirrels are curious and mischievous at times just like their real-life animal manifestations. They like to understand how things work and are of the few that can completely disassemble and reassemble something and have it work as expected—possibly while adding a few modifications to make it better (or worse). Squirrels are just as likely to analyze something for vulnerabilities as they are to exploit one. Chris Palmer of IBM even postulates that “a well-placed squirrel can wreak almost as much havoc as a cyber attack on a power grid.” Squirrels ...

Security Personae, the Troll standard

Man, there sure are some rockstars in our industry, aren’t there? But what about the near opposite? The troll! Trolls tend to get a bad rap. We think of the little short guy guarding passage to a bridge or the Internet commenter relying on anonymity to protect his vicious stream of vitriol from causing him physical harm. Trolls sometimes might be considered gadflies, but there are two sides to that coin. On the positive side, trolls can adapt to situations under stress and tend to be well connected into many influential communities. They’re not stupid—they tend to be intelligent and use their skills to get people to think about tough issues by presenting a different perspective. Their effectiveness depends on ...

Intelligence-driven Security Get’s a Boost standard

Part of the challenge in building a functional intelligence-led security program is getting good intelligence that is relevant to your company. If you have not gotten your house in order, it’s challenging to even consider moving from a compliance-led program to an intelligence-led program simply because everything you have is tuned for an auditor, not for a security professional. Once your house IS in order, however, you stand to gain tremendously from a focus on intelligence-led security. RSA announced today a new version of NetWitness Live that can assist companies in their quest to identify and validate attacks by using various intelligence sources. We’re even now showing off a cloud-based proof-of-concept at the RSA booth during the show this week. ...

Security Personae, the Rockstar standard

Information security is full of personality. The people that make it up group themselves into a few personae. Let’s start with the front men in information security? Chances are, you probably have a few folks that you idolize or look up to in the industry. Rockstars took risks back in the day to get their ideas published, and their perseverance has paid off in the form of stardom. Information security sometimes felt like the geekier offshoot of IT (if that’s even possible), and the luminaries weren’t always revered. Today, rockstars are the voice of the information security world and find numerous ways to engage their fans. Rockstars embrace social media to connect with their fans in ways that average Hollywood ...

RSA Conference 2012, Are You Ready? standard

Some people are already in San Francisco, or will soon be enroute. It’s going to be legen… wait for it…. DARY! Watch the blog next week as I’ll be posting quite a bit of fun stuff, including some stuff on Monday that includes a freebie! You can expect the volume of posts to be pretty crazy next week, so follow me on Twitter, like me on Facebook, and/or keep the RSS feed handy for tons of great stuff! You will be able to find me in Room 131 at 2:40pm on Tuesday talking about the Dark Side of a Payment Card Breach, and expect to bump into me at the Expo hall, the RSA Booth, and the Securosis Recovery Breakfast ...

21st of February, 2012
In: Consumer Security, Enterprise Security
0
0

Implementation is Everything standard

Last week gave way to a flurry of activity around RSA and an alleged cryptographic flaw in the algorithm based on this report by Arjen K. Lenstra, James P. Hughes, Maxime Augier, Joppe W. Bos, THorsten Kleinjung, and Christophe Wachter. RSA’s Sam Curry writes a post here, as well as posts by Dan Kaminski, Nadia Heninger, and this New York Times article. As I was reading through this whole mess and understanding the technical issues at hand, I started thinking that the description of the problem, ultimately a lack of entropy in a particular implementation, is something that the security industry has dealt with before. You don’t have to look very far to see implementation problems that cause both minor ...