MQTT is not evil, just not always secure

MQTT is not evil, just not always secure

The MQTT messaging protocol standard used by IoT vendors is not inherenly secure enough. Solutions exist to secure it, but organizations and vendors must assess risk and properly configure IoT and network security.

IoT messaging protocol is big security risk

IoT messaging protocol is big security risk

MQTT, a popular IoT messaging protocol and Oasis standard, is often left wide open to attacks. Organizations like hospitals, prisons, and critical infrastructure are often vulnerable to IoT device compromise.

Anatomy of an insider attack

Anatomy of an insider attack

Planning for insider attacks requires attack path analysis. Using scenarios, like the one in this post, help identify weaknesses.

Identity governance and admin: beyond basic access management

IGA solutions go beyond traditional identity management by allowing deep insight into access, providing data owners, auditors, and security teams with valuable information needed for timely management decisions and response.

It's all about critical processes

It's all about critical processes

Critical processes run the business and should be the targets of risk assessments, pen tests, and vulnerability management procedures.

9 critical controls for today's threats

Many controls we've used for years can't effectively deal with today's threats. We must extend some and add others to prevent, detect, and respond to emerging threats to our business operations.

Ensure business continuity with change management

Change management is not an option. It is an important piece of business interruption prevention and helps ensure security risk does not drift up during projects and day-to-day activities.

Keep your critical systems safe

Keep your critical systems safe

Critical infrastructure runs your organization. It creates and delivers products and services. It is also used to collect and process customer information during operations. If these systems are compromised, operations fail and...

Workarounds without data?

A big part of business continuity planning is making sure we have manual processes or other workarounds in place.  They act as interim bandages to keep business processes moving forward.  Many organizations, especially those required...

Business Continuity != Best Buy * Geek Squad

Never trust the salesperson to provide accurate information about maintenance agreements. Always check with the actual techs to make sure you are covered against four to six week business interruptions.

Does bug-fix speed reflect browser value?

Is it time to move from browsers with bloated code and slow bug-fix reaction times?

White House Blowing Smoke?

The White House Cybersecurity Coordinator wants us to believe that breaches into national infrastructure is simple hactivism.

Data Leakage: Catching Water in a Sieve

Data leaking from secure to user work locations creates a big data loss vulnerability.

Stop Repeating the Same Mistakes

Even if a solution seemed like a good idea a few years ago, that is no reason to perpetuate something which is now known to be a security vulnerability.

Playing Catch-up, Again

Controlling endpoint applications (installation, patching, hardening, etc.) is a difficult but necessary component of safeguarding your data and your network.

Learning from the Attack on the Apache Software Foundation

Even if we don't use Linux, there are lessons to learn from what happened to Apache.

Data validation: Ignore it and you lose

Failing to validate data causes several serious Web application vulnerabilities.

The Cyber-Czar Challenge: Nobody Really Wants Security

Obama's new cyber-car position is still empty, waiting for someone willing to work with no authority and to be a target for all the blame.

Use Compliance Requirements as a Guide, Not a Strategy

Security is not about compliance; it's about a comprehensive approach to protecting sensitive and critical information assets.

Social Engineering v. Physical Security

A large part of social engineering defense must be a set of interlocking, mutual supporting controls which help identify or thwart unauthorized access, even when assisted by unwary employees.

Load More
Top Blog Posts