I recently wrote about phishing around the holidays and while I was working on the piece, I noticed a couple of friends posting recent emails on Facebook. I thought it might be fun to dig a bit deeper into those emails and look at the telltale signs that indicate these are phishing attempts.
Alice keeps all her passwords in an Excel file on her desktop. However, she was told it is a very bad practice, since Eve can easily get access to the computer, read the file,and access Alice passwords and accounts. To enhance her security, Alice got a password protection software, KeePass, and she now saves all her passwords safely there – except for her KeePass password, which Alice keeps in an Excel file on her desktop. Good news for Eve...
That phrase came to me many years ago when working on a multi-million pound IT outsourcing deal. We were up to our necks in the finer points of platform-wide and stack-deep security, and I realised we were fighting amongst ourselves more than challenging the final competing vendors. This infighting was partly due to the large amount of IT staff in the room likely to transfer to the winning team and partly due to the view of security controls as a bolt-on extra.
How likely is it to fall victim to fraud? As far as I’m aware, I personally have not purchased from a fraudulent site, but I have had my card details stolen in the past. Additionally, I remember years ago that while attempting to find a flat, I found a ‘rental company’ who turned out to be one person attempting to rent out flat 13 that due to superstition didn’t actually exist.
Today’s network and data security environments are complex and diverse. There are hundreds of pieces to a security system and all of those pieces need to be looked at individually and as a whole to make sure they are not only working properly for your organization, but also safe and not posing a security threat to your company and your data or the data of your customers.
“How do I enable GitOps for my network security policies?” This is a common question we hear from security teams. Getting started with Kubernetes is relatively simple, but moving production workloads to Kubernetes requires alignment from all stakeholders – developers, platform engineering, network engineering, and security. Most security teams already have a high-level security blueprint for their data centers.
Context setting: In my first article on cloud security, I talked about the journey to cloud migration. What are the things you need to consider when planning the big move? To realize the full value of this post, you must have already identified the motivations for migration and the locations of some resources you can use to enhance your security posture within yourself and/or your team.
This month Devo exhibited at the AWS re:Invent conference in Las Vegas. I asked a few Devo colleagues who attended the show for their insights about what they heard and saw. Among the many visitors to the Devo booth there were a lot of similar questions about log management and related topics. “There were many log vendors at the show, so people wanted to hear what makes Devo unique,” said Seema Sheth-Voss, vice president, product marketing, for Devo.
In an ornate boardroom, a group of executives gathered at a large round table for their annual strategic planning meeting. Morgan, the CEO, was surrounded by Lana, the VP of Sales; Susan, the CISO, Smith, the COO; and Barbara, Chief Compliance Officer. There was much to get done in the next twelve months, so they were passionately debating how best to invest their limited budget to achieve their goals and to address various sources of risk.
