Security Outlier

Embracing risk management elevates security pros to business leaders. Why do they still find it so difficult?
Opinion

Embracing risk management elevates security pros to business leaders. Why do they still find it so difficult?

The transition from an “it’s all about security and protecting the crown jewels” to “we need to mitigate risk and embrace risk management” is a crucial step next step for the information security profession.

12/17/2018

Securing connected medical devices: Will categorizing them as ICS help?
Opinion

Securing connected medical devices: Will categorizing them as ICS help?

Now that they’re no longer protected by an “air gap,” let’s consider what’s needed to protect connected medical devices from security threats.

10/04/2018

Staying secure as the IoT tsunami hits
Opinion

Staying secure as the IoT tsunami hits

The ubiquitous adoption of devices in virtually every industry is creating a massive, global security gap. Data science can help reign in the risks.

07/12/2018

The time for network behavior analytics has come
Opinion

The time for network behavior analytics has come

Once considered the eminent domain of networking teams, network telemetry data is becoming a requirement to provide security analytics with a more complete view of enterprise threats.

06/07/2018

Cross-channel fraud detection
Opinion

Cross-channel fraud detection

How performing behavioral analysis across silos can help detect sophisticated attacks.

04/11/2018

Model-driven security: using unconventional controls to stay ahead of threats
Opinion

Model-driven security: using unconventional controls to stay ahead of threats

We need to get out of our own way in terms of how we think about and implement security, while enlisting analytics and data science as our allies.

02/12/2018

6 steps for GDPR compliance
Opinion

6 steps for GDPR compliance

GDPR law applies to all companies that collect and process data belonging to European Union (EU) citizens. You have every reason to fear it because failure to comply will be costly.

12/04/2017

Big picture security
Opinion

Big picture security

Context and risk aware access control promises to make our industry more likeable.

10/20/2017

Using identity to protect the mobile perimeter
Opinion

Using identity to protect the mobile perimeter

It’s the biggest threat surface and best enforcement point for enterprise security

09/08/2017

Using risk for adaptive security
Opinion

Using risk for adaptive security

How automated responses to risk-scored activity can reduce threats.

07/24/2017

What can machine learning tell us?
Opinion

What can machine learning tell us?

Real-world use cases illustrate the power of analytics for detecting stealth threats.

07/05/2017

You can steal my identity, but not my behavior
Opinion

You can steal my identity, but not my behavior

The compromise and misuse of identity is at the core of modern threats and data breaches. This has been documented for years and continues to escalate. As a result, we are rapidly approaching the end of life for password-based...

04/19/2017

Beyond risk scoring
Opinion

Beyond risk scoring

Risk scoring is not an end in itself once it shows up color coded and normalized between 0 and 100 in a security operations center (SOC) dashboard. To provide real value it must be supplemented by a closed-loop response process that...

02/13/2017

Bridging the CIO and CISO divide
Opinion

Bridging the CIO and CISO divide

Why identity and access management is at the core of the gulf between these two C-suite roles.

12/07/2016

Pain in the PAM
Opinion

Pain in the PAM

In order to prevent security breaches, insider attacks and comply with regulatory mandates, organizations must proactively monitor and manage privileged access. As the compromise and misuse of identity is often at the core of modern...

10/11/2016

Security by the people
Opinion

Security by the people

Sometimes it takes a village. In the case of information security, sometimes it takes an employee. Forward thinking enterprises can go beyond simply providing IT security awareness training and hygiene tips for their users, and enlist...

08/08/2016

Catching a RAT by the tail
Opinion

Catching a RAT by the tail

Last month I examined how machine learning could be used to detect low and slow insider threats. In this, the final installment of my trilogy on real-world use cases from the recent Verizon Data Breach Digest, I’ll discuss how remote...

06/22/2016

Detecting low and slow insider threats
Opinion

Detecting low and slow insider threats

In my last post I discussed how machine learning could be used to detect phishing-based account compromise attacks using a real-world use case from the recent Verizon Data Breach Digest. This time I’ll examine how to detect insider...

05/19/2016

Machine learning and social engineering attacks
Opinion

Machine learning and social engineering attacks

In my last post I promised to use some real-world use cases from the recent Verizon Data Breach Digest report to illustrate potential ways that machine learning be can used to detect or prevent similar incidents in the future. For my...

04/21/2016

Machine learning is reshaping security
Opinion

Machine learning is reshaping security

At the recent RSA Conference it was virtually impossible to find a vendor that was not claiming to use machine learning. Both new and established companies are now touting “machine learning” as a major component of the data science...

03/23/2016

Load More
You Might Also Like
Popular Resources
See All
Top Blog Posts
All CSO Blogs »