Risky Business: The Fifth Element

/ May 08, 2018

by Preston Hogue

Preston Hogue writes for Security Week, explaining the fifth element of risk transfer: Sec-aaS.

Breach Costs Are Rising with the Prevalence of Lawsuits

blog / May 02, 2018 (MODIFIED: May 17, 2018)

by Ray Pompon

When it comes to tallying the total cost of a data breach, lawsuits figure prominently, alongside repair costs, loss of reputation and sales, compliance penalties, and operational downtime.

Risky Business (Part 3): The Beauty of Risk Transfer

/ Feb 13, 2018 (MODIFIED: Mar 30, 2018)

by Preston Hogue

Risk transfer strategies allow you more time to focus on your business.

CISOs Look to Machine Learning to Augment Security Staffing Shortages

blog / Feb 06, 2018 (MODIFIED: Mar 20, 2018)

by Ray Pompon

As security expertise becomes more scarce, CISOs are turning to machine learning to do more with fewer people.

86 Your Cyber Attackers! Avoid Data Breaches by Protecting Your Most Likely Attack Targets

blog / Jan 31, 2018 (MODIFIED: Apr 16, 2018)

by Sara Boddy

Critical lessons can be learned from others’ mistakes. Don’t learn the hard way; heed the warnings from our research.

Risky Business (Part 2): Why You Need a Risk Treatment Plan

/ Jan 12, 2018 (MODIFIED: Feb 23, 2018)

by Preston Hogue

Performing a risk analysis and taking due care are no longer optional.

Global Consultancy Overcomes Cloud Security Risks

blog / Jan 09, 2018 (MODIFIED: Feb 13, 2018)

by Ray Pompon

How moving application into the cloud can make your organization stronger and more valuable to your customers.

Risky Business: Understand Your Assets and Align Security with the Business

/ Dec 19, 2017 (MODIFIED: Jan 18, 2018)

by Preston Hogue

Security teams can fulfill the CISOs responsibilities and help business groups become more security-savvy by working through the due diligence and due care process together.

To Protect Your Network, You Must First Know Your Network

/ Dec 13, 2017 (MODIFIED: Jan 12, 2018)

by Ray Pompon

Strong security starts with understanding exactly what you need to protect and where it resides within your organization.

Can Engineers Build Networks Too Complicated for Humans to Operate? Part II: Making Sense of Network Activities and System Behaviors

blog / Nov 02, 2017 (MODIFIED: Dec 13, 2017)

by Mike Simon

How to selectively capture packets for further analysis and avoid buying a storage farm.

Third-Party Security is Your Security

blog / Oct 24, 2017 (MODIFIED: Dec 05, 2017)

by Ray Pompon

When you must depend on third parties for a variety of products and services, it’s critical that you hold them to high security standards.

Proposed Legislation Calls for Cleaning Up the IoT Security Mess

blog / Oct 03, 2017 (MODIFIED: Nov 14, 2017)

by Ray Pompon, David Holmes

Legislation is a good first step toward persuading IoT manufacturers (who want to stay in business) to do the right thing when it comes to the security of their devices.

Five Reasons CISOs Should Keep an Open Mind about Cryptocurrencies

blog / Sept 26, 2017 (MODIFIED: Feb 05, 2018)

by Ray Pompon, Justin Shattuck

Far from a dying breed, cryptocurrencies are not only evolving but being accepted in countless new markets. CISOs need to know the ins and outs, pros and cons.

CISOs: Striving Toward Proactive Security Strategies

report / Sept 19, 2017 (MODIFIED: Nov 09, 2017)

by Mike Convertino

As enterprises more closely align their security and IT operations, they still struggle to shift their security programs from reactive to proactive.

Five Reasons the CISO is a Cryptocurrency Skeptic—Starting with Bitcoin

blog / Sept 13, 2017 (MODIFIED: Oct 24, 2017)

by David Holmes

There’s a lot of hype surrounding cryptocurrencies, but what’s good for currency traders may not be great for security-minded professionals.

Where Do Vulnerabilities Come From?

blog / Aug 15, 2017 (MODIFIED: Sept 26, 2017)

by Ray Pompon

Vulnerabilities are an emergent property of modern software’s complexity, requested features, and the way data inputs are handled.

Can Engineers Build Networks Too Complicated for Humans to Operate? Part I: Scope of the Problem

blog / Aug 03, 2017 (MODIFIED: Oct 30, 2017)

by Mike Simon

This series explores how InfoSec practitioners can use math, technology, and critical thinking to mitigate risk in a world where networks and data have surpassed the scope of human comprehension.

Who Should the CISO Report To?

blog / Jul 11, 2017 (MODIFIED: Aug 24, 2017)

by Ray Pompon

Savvy organizations that understand the gravity of cyber security are giving CISOs a voice at the executive table.

Executive Impersonation Fraud Is on the Rise—and It Is Working

blog / Apr 20, 2017 (MODIFIED: Mar 19, 2018)

by Mike Levin, Center for Information Security Awareness

Your company could lose hundreds of thousands in an impersonation scam, but here are eight things you can do to protect yourself.

Wait, Don’t Throw Out Your Firewalls!

blog / Apr 04, 2017 (MODIFIED: Jul 24, 2017)

by Wendy Nather, Duo Security

Yes, the perimeter has shifted, but firewalls still have a place in your network. They’re just not alone anymore.

Cyber Insurance: Read the Fine Print!

blog / Mar 24, 2017 (MODIFIED: Sept 01, 2017)

by Ray Pompon, Sara Boddy

Purchasing cyber insurance can be useful, but claims are often denied due to policy exclusions or lapses in controls.

Will Deception as a Defense Become Mainstream?

blog / Mar 13, 2017 (MODIFIED: Jul 06, 2017)

by Ray Pompon

Defensive deception works well, but needs championing before we’ll see it as a best practice or compliance requirement.

Five Steps Users Can Take to Inoculate Themselves against Fake News

blog / Mar 06, 2017 (MODIFIED: Mar 19, 2018)

by Michael Levin, Center for Information Security Awareness

Security awareness training can significantly curb users' dissemination of fake news.

A CISO’s Reflections on RSA 2017

blog / Feb 28, 2017 (MODIFIED: Jul 06, 2017)

by Mike Convertino

Recapping RSA 2017: Endpoint Protection, Threat Hunting, and Talent Searching Abound!

Cloudbleed: What We Know and What You Should Do

blog / Feb 24, 2017 (MODIFIED: Jan 12, 2018)

by Lori MacVittie

Definitive steps individuals and organizations can take today to deal with the impact of Cloudbleed.

The New Insider Threat: Automation Frameworks

article / Jan 19, 2017 (MODIFIED: Jan 08, 2018)

by Lori MacVittie

One of the pillars of DevOps is automation. Along with that comes orchestration, which some might guess to be automation at a higher level of abstraction.

Security’s Blind Spot: Application Layer Visibility

blog / Nov 14, 2016 (MODIFIED: Jul 06, 2017)

by Lori MacVittie

We’ve all seen after-the-fact security camera footage of a wide variety of crimes splashed across social media and news sites. This visibility is a critical component of any judicial system, as it helps identify who did what and provides crucial, objective evidence of what actually happened.

Bug Bounty Programs Only Half the Battle

blog / Oct 04, 2016 (MODIFIED: Jul 06, 2017)

by Lori MacVittie

What's the other half? And why don't organizations just find and fix their own bugs?

When Securing Your Applications, Seeing Is Believing

/ Aug 24, 2016 (MODIFIED: Dec 28, 2017)

by Mike Convertino

F5 CISO Mike Convertino on things to keep in mind when developing a security approach to overcome the lack of visibility in the cloud. When Securing Your Applications, Seeing is Believing

Privacy and Security: Where Do We Go From Here?

/ Jun 21, 2016 (MODIFIED: Dec 28, 2017)

by Mike Convertino

Some of you may remember a time when national security was a question of the Army’s defence against international threats. Today, that picture looks very different. If anything,...

stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.