Talk to Our Experts  

Information Risk Management Blog

Why Security Analytics, What are Your Choices, and When?

[fa icon="calendar'] Jul 13, 2016 1:32:09 AM / by Anupam Bonanthaya posted in Information security, SIEM, security analytics, SAVPbyAujas

[fa icon="comment"] 0 Comments

By today i.e. 2016, 1/4th of large global companies are expected to have adopted big data analytics for at-least one security use case! (source: Gartner)

If you belong to the remaining 75% majority OR even if you are in the 25% but got it all wrong the 1st time around - please read-on

 

Read More [fa icon="long-arrow-right"]

Will a Bug Bounty Program Make Your Enterprise Secure?

[fa icon="calendar'] Jun 28, 2016 3:30:35 AM / by Anupam Bonanthaya posted in Cybersecurity, Vulnerability management, vulnerabilities, responsible disclosure, Threat Management, bug bounty

[fa icon="comment"] 2 Comments


What is common between "Hacking the Pentagon" and "Hacking Google CEO's Quora account"?

It is Bug Bounties ! The former was a super successful bounty program run by the US government last month. The latter is a hacking incident this week, "in-spite" of Quora having a bounty program.

So the million $ security question - If you are an enterprise CISO, should you go for a bug bounty program?

Read More [fa icon="long-arrow-right"]

CISOs - 10 Questions to Find if Vulnerability Management is Working

[fa icon="calendar'] Jun 22, 2016 2:09:36 AM / by Anupam Bonanthaya posted in Vulnerability management, Vulnerability Intelligence, SAVP, security analytics, vulnerabilities

[fa icon="comment"] 0 Comments


What is common in almost all incidents of criminal hacking ?

It is software vulnerabilities !

It is not rocket science to tell that. We all know it, yet we struggle with challenges in the vulnerability management programs ?

In this article I am covering 10 questions that you need to ask as the CISO to know if your vulns management is working. 

Read More [fa icon="long-arrow-right"]

10 Ways CIOs & CISOs Can Beat Talent Crunch in Information Security

[fa icon="calendar'] Jun 15, 2016 2:18:12 AM / by Anupam Bonanthaya posted in Cybersecurity, Information security, Security, talent, SOC, security analytics, security services, hiring, infosec, managed security

[fa icon="comment"] 0 Comments


Information Security has jumped 33% to become Top-3 Priority for IT Executives in 2016. Now with the increasing importance of information security to organizations, the biggest hurdle is no longer buy-in from the board or even the budget $ - It is the "availability of talent" !

Information Security professionals are on the top when it comes to talent crunch. In this article I will cover 10 ways to deal with the talent shortage you are facing today. 

Read More [fa icon="long-arrow-right"]

How to Make SIEM to Mitigate Advanced Threats ?

[fa icon="calendar'] Jun 7, 2016 8:05:23 AM / by Chandra Prakash Suryawanshi posted in SIEM, Managed SOC, Advanced Persistent Threat (APT), SOC, Qradar, RSA, Splunk

[fa icon="comment"] 2 Comments

I was not surprised to see a report from Mandiant that said the following -

  • 100% of the breaches had updated Anti-Virus software
  • 63% of the breaches were reported by third parties
  • It took 243 days to detect an attack

It is very clear that existing monitoring capabilities are no match for the changing threat landscape. The traditional technologies lack the sophisticated capabilities and visibility required to detect and protect against such advanced attacks.

So what is the problem ? and what are the options ?

Read More [fa icon="long-arrow-right"]

4 Immediate Changes to make Traditional Vulnerability Management to Work

[fa icon="calendar'] Jun 2, 2016 8:05:00 AM / by Amit Ranjan posted in Cybersecurity, Vulnerability management, Vulnerability Intelligence, zero day, security analytics, vulnerabilities, cyberthreat, infosec, vulns

[fa icon="comment"] 0 Comments


We all know that traditional find and fix practice of vulnerability management has many challenges, and as a result is not really equipped to do a good job of managing exploits in today's information security scene. 

In this article I want to talk about the 4 things you should do in order to make it work better.

Read More [fa icon="long-arrow-right"]

Time to Re-think Vulnerability Management ? These 5 Facts Say So...

[fa icon="calendar'] May 24, 2016 11:50:53 PM / by Anupam Bonanthaya posted in Cybersecurity, databreach, Vulnerability management, Vulnerability Intelligence, security analytics, vulnerabilities, cyberthreat, infosec, vulns

[fa icon="comment"] 0 Comments


Do you know what is the most predictable trend in Information Risk Management ?

It is vulnerabilities. If you review data breach reports from the last few years, you will notice one thing that is very consistent and it is about the vulnerabilities!  The only change is that things have become worse over the years, and looks like the trend will continue.

Does it say something about our approach to managing vulnerabilities?  Perhaps!

So are we missing something? Perhaps!

In this post I have pulled out 5 trends that I feel clearly indicates that the current approach of vulnerability management is not working, and it is time to re-think our approach.

Read More [fa icon="long-arrow-right"]

13 Different Phishing Tactics and 1 Way to Prevent It

[fa icon="calendar'] Apr 20, 2016 1:14:51 AM / by Anupam Bonanthaya posted in Social engineering (security), fail-rate, Cyber Security, hackers, databreach, fall-rate, Information security, Malware, Vulnerability management, Security Trends, ransomware, Security, phishing, hacking, infosec

[fa icon="comment"] 2 Comments

 

Phishing Attacks are no longer that TOO GOOD TO BELIEVE - you have won a Million $$ jackpot kind of emails from strangers that easily stands out from your otherwise mundane life.

Today, phishing emails have got sophisticated. It is called spear phishing where the attacker tries to "custom-write" the emails to make it believable to you. They try to copy our (normal) life, and that's where it gets interesting and scary at the same time.

23% of recipients now open phishing emails and 11% click on attachments. and nearly 50% of this happens within 60-minutes of the attack !

- 2015 Data Breach Investigations Report (DBIR group)

Let me share a personal experience.

Read More [fa icon="long-arrow-right"]

How can Internet of Things (IoT) Not become a pain-in-the-a$$ from a cyber security perspective?

[fa icon="calendar'] Mar 30, 2016 3:38:06 AM / by Avinash Sinha posted in Privacy, Cybersecurity, IoT, Cyber Security, Internet of Things, Information security, Mobile Security, Security, cyberthreat

[fa icon="comment"] 5 Comments

Internet of Things is as enticing to hackers, as it is to consumers like you and me!

Read More [fa icon="long-arrow-right"]

30-Sec Guide: How to save from DROWNing?

[fa icon="calendar'] Mar 28, 2016 8:35:26 AM / by Naresh T A posted in Cyber Security, DROWN, CVE 2016-0800, Information security, Vulnerability management, Security, CVE

[fa icon="comment"] 0 Comments

 

Read More [fa icon="long-arrow-right"]
     

Subscribe