BLOG

blog /Mai 25, 2017

How I Learned to Love Cyber Security

by Todd Plesco, CISO of Prescribe Wellness

Cyber security can be a difficult and thankless job, but you can learn to love it when you know how to go about it.

blog /Mai 23, 2017

How a CISO Can Play a Role in Selling Security

by Ray Pompon

More and more CISOs are finding themselves pulled into the sales cycle to defend and sell their security programs. Here’s how to do it right.

blog /Mai 18, 2017

Why Cloud Sprawl is a Security Risk

by Lori MacVittie

Cloud sprawl isn’t just a budget sinkhole; it’s quickly becoming a security blind spot and potential attack vector for data theft.

blog /Mai 16, 2017

Strike Back at Silent Bob: Scan and Block Ports Used by Intel AMT

by David Holmes

Is the Intel AMT vulnerability as bad as we all first thought? Either way, here are some suggestions for protecting yourself.

blog /Mai 12, 2017

From NSA Exploit to Widespread Ransomware: WannaCry is on the Loose

by Ray Pompon

The new EternalBlue NSA exploit is powering a wave of virulent ransomware sweeping across Europe.

blog /Mai 09, 2017

Can Your Risk Assessment Stand Up Under Scrutiny?

by Ray Pompon

Risk assessments are a key part of a security program, but their execution and format are highly variable. Regulators can sanction organizations that perform improper or inadequate risk assessments.

blog /Mai 04, 2017

Achieving Multi-Dimensional Security through Information Modeling – Part 1

by Ravila White

Information modeling blends lateral thinking and deductive logic. Applied to information security, it’s a powerful technique for designing a security architecture with multi-dimensional controls that minimizes risk and achieves continuous compliance.

blog /Mai 02, 2017

Profile of a Hacker: The Real Sabu, Part 2 of 2

by David Holmes

One simple error led to the capture of notorious hacker Sabu—and the revelation of his identity.

blog /Apr 28, 2017

7 Upgrades to Level Up Your Security Program Experience

by Ray Pompon

When you feel like you’re losing the security battle, try one, a few, or all of these tips to re-invigorate your program and stay on a positive track.

blog /Apr 25, 2017

Internet, We (Still) Have a Problem with Internationalized Domain Names

by Lori MacVittie

Even URLs that look legitimate can be fake, so train, train, train your users to verify links before they click.

blog /Apr 20, 2017

Executive Impersonation Fraud Is on the Rise—and It Is Working

by Mike Levin, Center for Information Security Awareness

Your company could lose hundreds of thousands in an impersonation scam, but here are eight things you can do to protect yourself.

blog /Apr 18, 2017

Profile of a Hacker: The Real Sabu, Part 1 of 2

by David Holmes

Notorious hacker of Anonymous and LulzSec fame is challenged by rival hacker, The Jester, to reveal his identity.

blog /Apr 14, 2017

Stalking in the Workplace: What CISOs Can Do

by Ray Pompon

Cyberstalking will rise as hacking tools become more powerful and easier to use, but there’s much you can do to help protect victims.

blog /Apr 04, 2017

Wait, Don’t Throw Out Your Firewalls!

by Wendy Nather, Duo Security

Yes, the perimeter has shifted, but firewalls still have a place in your network. They’re just not alone anymore.

blog /Mrz 30, 2017

How to Talk Cyber Risk with Executives

by Ray Pompon

Board level interest in your cyber risk posture is growing, in fact it might be required soon for publicly traded companies. Presenting cyber risk to your board – effectively – means talking in their terms.

blog /Mrz 30, 2017

Virtual Kidnapping: The Latest in an Endless Stream of Scams

by Mike Levin, Center for Information Security Awareness

The virtual kidnapping scam is on the rise because of the excessive amount of personal information people volunteer on social media.

blog /Mrz 24, 2017

Cyber Insurance: Read the Fine Print!

by Ray Pompon

Purchasing cyber insurance can be useful, but claims are often denied due to policy exclusions or lapses in controls.

blog /Mrz 20, 2017

Can Audits Help Us Trust Third Parties?

by Ray Pompon

Organizations who outsource need to measure the risk of entrusting their data to someone else. They aren’t easy or cheap, but audits are really the best tool we have.

blog /Mrz 13, 2017

Will Deception as a Defense Become Mainstream?

by Ray Pompon

Defensive deception works well, but needs championing before we’ll see it as a best practice or compliance requirement.

blog /Mrz 09, 2017

Security’s “Rule Zero” Violated Again with Zero-Day Apache Struts 2 Exploit

by Lori MacVittie

If you’re running Apache Struts 2 and the vulnerable component, stop reading and update now.

blog /Mrz 06, 2017

Five Steps Users Can Take to Inoculate Themselves against Fake News

by Michael Levin, Center for Information Security Awareness

Security awareness training can significantly curb users' dissemination of fake news.

blog /Mrz 03, 2017

Why Managing Low-Severity Vulnerabilities Can’t Be Just a Pipe Dream

by Sara Boddy

Putting off fixing low-severity vulnerabilities can have high-impact effects.

blog /Mrz 03, 2017

Speed Over Security Still Prevalent in Spite of Substantial Risk for IoT Apps

by Lori MacVittie

Speed to market means IoT and mobile apps are being released with known vulnerabilities.

blog /Feb 28, 2017

A CISO’s Reflections on RSA 2017

by Mike Convertino

Recapping RSA 2017: Endpoint Protection, Threat Hunting, and Talent Searching Abound!

blog /Feb 24, 2017

Cloudbleed: What We Know and What You Should Do

by Lori MacVittie

Definitive steps individuals and organizations can take today to deal with the impact of Cloudbleed.

blog /Feb 23, 2017

Building Secure Solutions Successfully Using Systems Theory

by Ray Pompon

When security solutions don’t work as planned, embrace the complexity and use Systems Theory tools to adjust, regulate, and redefine.

blog /Feb 17, 2017

Ramnit's Twist: A Disappearing Configuration

by Anna Dorfman

The Ramnit banking Trojan continues to evolve, this time with the intent of making the malware harder to detect.

blog /Feb 14, 2017

The Conflicting Obligations of a Security Leader

by Ray Pompon

Faced with competing pressures, CISOs are ultimately the experts at assessing what’s truly at stake in their organizations.

blog /Feb 09, 2017

The Risk Pivot: Succeeding with Business Leadership by Quantifying...

by Ray Pompon

Getting the security investments you need often comes down to making your case to management in terms of operational risk.

blog /Feb 02, 2017

Friendly Reminder: App Security in the Cloud is Your Responsibility

by Lori MacVittie

Nearly 200,000 servers are still vulnerable to Heartbleed—and the organizations who own them might surprise you.

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.