The How vs the Who: An Argument Against Attribution & Hack Back

A lot of organizations focus their efforts on identifying external actors, distinguishing between different groups that may be attempting malicious activity. At some organizations, this is relevant due to the defender’s sophistication, capabilities, and relationships. However, they are the 1%-ers and have many of the same difficulties that we are about to explore.

For the 99%, there is an unhealthy fascination around actors, attribution, and the “who done it?” The 99% believe that this information is both accurate and actionable. This belief has been propagated by cloud data security vendors; Hollywood’s portrayal of hacking and defense; and the fourth estate’s fascination with spy thriller storylines like the DNC breach and its role in the US presidential election.

Read more “The How vs the Who: An Argument Against Attribution & Hack Back”

The Point Security Solution Implosion: 4 Things Companies Need to Know

Not even a decade ago, security was much simpler. Companies were defined by the perimeter of their corporate network and protected by a firewall and antivirus tool that could withstand just about any security attack. Then came the cloud, mobile devices, and the Internet of Things (IoT), and the attack surface overflowed far beyond the network, making security not-so-simple.

Read more “The Point Security Solution Implosion: 4 Things Companies Need to Know”

How to Pick a Cloud Security Technology that Works for Everyone at Your Organization

Does the ownership of security within your organization look like a disorganized football scrimmage with no clear offense or defense?

This is often the case since many organizations launch their cloud security programs in response to an acute pain point, such as a security incident or compliance obligation, without an overall strategy in place. Typically, whoever’s role that pain point affects most directly is put in charge of finding a solution to address it.

If your organization has taken this approach, you’re probably dealing with significant confusion around who owns what part of the security process. Chances are you’re also facing resource constraints, challenges and frustrations. And you’re probably hungry for a more organized and defined approach. Don’t worry. We have you covered.

Read more “How to Pick a Cloud Security Technology that Works for Everyone at Your Organization”