BLOG

blog /déc. 05, 2017

Avoiding the Epidemic of Hospital Hacks

by Ray Pompon

Good security is highly dependent on hospital staff being well trained and having the discipline to follow security processes—manual and otherwise—to the letter.

blog /nov. 30, 2017

The Startup Security Challenge: Safe in the Cloud from Day One

by Ray Pompon

How this cloud startup met its goals for security and availability right out of the gate by setting goals, doing a risk analysis, and examining tradeoffs.

blog /nov. 28, 2017

Achieving Multi-Dimensional Security through Information Modeling—Unwrapping Controls Part 4

by Ravila White

In Part 3 of this blog series, we demonstrated modeling the threat landscape along with executive threat-modeling. In this blog, we discuss the importance of defining controls.

blog /nov. 21, 2017

If Your Security Question List Looks like a Facebook Favorite List, Start Over Now

by Lori MacVittie

Seriously, how many colors are there? And how many of us share the same love of one of those limited choices?

blog /nov. 14, 2017

A CISO Landmine: No Security Awareness Training

by Mike Levin, Center for Information Security Awareness

CISOs who fail to prioritize security awareness training are putting their business and assets at serious risk.

blog /nov. 09, 2017

Is a Good Offense the Best Defense Against Hackers?

by Ray Pompon

Proposed legislation could change existing laws that bars victims of hacking attacks from striking back.

blog /nov. 07, 2017

What Happens to Encryption in a Post-Quantum Computing World?

by Debbie Walkowski

As the possibility of quantum computing draws nearer, changes to today’s TLS key exchange algorithms will be required.

blog /nov. 02, 2017

Can Engineers Build Networks Too Complicated for Humans to Operate? Part II

by Mike Simon

How to selectively capture packets for further analysis and avoid buying a storage farm.

blog /oct. 26, 2017

Reaper: The Professional Bot Herder’s Thingbot

by David Holmes

While Reaper might be considered an “object lesson” today, it should serve as a blistering warning that IoT security needs to be fixed now.

blog /oct. 24, 2017

Help Guide the Future of Apps – Ultimately your Threat Landscape – by Responding to our SOAD Survey!

by Lori MacVittie

Assessing the State of Application Delivery depends on getting information from you about your applications!

blog /oct. 24, 2017

Third-Party Security is Your Security

by Ray Pompon

When you must depend on third parties for a variety of products and services, it’s critical that you hold them to high security standards.

blog /oct. 19, 2017

Interview with the Experts: The Future of IoT Security through the Eyes of F5 Threat Researchers

by Debbie Walkowski

When it comes to IoT threats, we’re nowhere near being out of the woods yet; we’ve just barely entered the forest.

blog /oct. 17, 2017

New Threat May Slip through the KRACK in BYOD Policies

by Lori MacVittie

Combating this vulnerability might mean you have to force updates on employees’ personal devices or deny them access altogether.

blog /oct. 17, 2017

How to Be a More Effective CISO by Aligning Your Security to the Business

by Ray Pompon

Security must align to the business needs, not the other way around. Begin with investigation and understanding to be most effective.

blog /oct. 12, 2017

Joining Forces with Criminals, Deviants, and Spies to Defend Privacy

by Jennifer Chermoshnyuk, Matt Beland

Organizations need to provide clear and specific guidance to employees who travel across national borders when it comes to giving up passwords and surrendering devices.

blog /oct. 04, 2017

The Good News about Breaches

by Lori MacVittie

Security breaches in the news serve as a good reminder to check and make sure you have a solid application protection strategy in place, starting with never trusting user input.

blog /oct. 03, 2017

Proposed Legislation Calls for Cleaning Up the IoT Security Mess

by Ray Pompon

Legislation is a good first step toward persuading IoT manufacturers (who want to stay in business) to do the right thing when it comes to the security of their devices.

blog /sept. 28, 2017

Phishing for Information, Part 5: How Attackers Pull It All Together, and How You Can Fight Back

by Ray Pompon

Stop feeding attackers every piece of the puzzle they need to pull off their scams.

blog /sept. 26, 2017

Five Reasons CISOs Should Keep an Open Mind about Cryptocurrencies

by Ray Pompon

Far from a dying breed, cryptocurrencies are not only evolving but being accepted in countless new markets. CISOs need to know the ins and outs, pros and cons.

blog /sept. 21, 2017

Profile of a Hacker: The Real Sabu, Part 2 of 2

by David Holmes

New information sheds light on Sabu’s activities following the revelation of his identity.

blog /sept. 13, 2017

Five Reasons the CISO is a Cryptocurrency Skeptic—Starting with Bitcoin

by David Holmes

There’s a lot of hype surrounding cryptocurrencies, but what’s good for currency traders may not be great for security-minded professionals.

blog /sept. 07, 2017

Phishing for Information, Part 4: Beware of Data Leaking Out of Your Equipment

by Ray Pompon

Organizations often overlook the many ways in which their own systems put useful information right into the hands of attackers building cyber scams.

blog /sept. 01, 2017

WireX Android DDoS Malware Adds UDP Flood

by Julia Karpin

As quickly as attackers commandeer IoT devices to build more “thingbots,” they continue to evolve their attack types and functionality.

blog /août 31, 2017

Six Steps to Finding Honey in the OWASP

by Ray Pompon

According to Verizon’s 2014 Data Breach Investigations Report, “Web applications remain the proverbial punching bag of the Internet.” Things haven’t improved much since then. What is it about web applications that makes them so...

blog /août 29, 2017

URL Obfuscation—Still a Phisher's Phriend

by Ray Pompon

Cyber crooks use several common URL disguising techniques to trick users into thinking their sham sites are legitimate.

blog /août 23, 2017

Achieving Multi-Dimensional Security through Information Modeling—Executive Threat Modeling Part 3

by Ravila White

How InfoSec leaders can build successful threat models by defining the threat landscape and its component resources, then asking simple, situational questions.

blog /août 22, 2017

Phishing for Information, Part 3: How Attackers Gather Data About Your Organization

by Ray Pompon

The Internet is full of information about your company that’s easily accessible to anyone and particularly useful to attackers.

blog /août 17, 2017

Cry “Havoc” and Let Loose the Thingbots of War!

by Lori MacVittie

Gray hats might have good intentions launching their “vigilante” botnets, but are they really helping us win the war against Death Star-sized thingbots?

blog /août 15, 2017

Where Do Vulnerabilities Come From?

by Ray Pompon

Vulnerabilities are an emergent property of modern software’s complexity, requested features, and the way data inputs are handled.

blog /août 03, 2017

Can Engineers Build Networks Too Complicated for Humans to Operate? Part I: Scope of the Problem

by Mike Simon

This series explores how InfoSec practitioners can use math, technology, and critical thinking to mitigate risk in a world where networks and data have surpassed the scope of human comprehension.

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.