We held our first ever security and Internet of Things event back in May. The Security of Things Forum took place in Cambridge, MA (“Our Fair City”) on May 7 and brought together about 100 thought leaders and entrepreneurs for a day of discussion and debate about how best to prepare for the explosion of connected devices in the enterprise, the home, the public sector and public spaces. Since then we’ve made a couple of these sessions public: the keynote presentation by In-Q-Tel CISO Dan Geer, and a panel on enterprise risk and IoT, chaired by INEX Advisors’ founder Chris Rezendes. Attendees have had access to all the sessions, as well. But now we’re throwing the doors open to the public and making all the conference sessions available to the public, as well as some 1:1 interviews with our speakers. We invite you all to head on over and check […]
Recent Posts
Essentials for Visibility-Driven Security
Visibility is surprisingly tricky. The security industry offers many disparate tools to provide customers “visibility” into what is happening on their networks. Among them are tools that track what applications are on the network, tools for enumerating and tracking software vulnerabilities, tools for determining when sensitive data has left a network, tools that indicate when attacks are underway and tools that identify and analyze network data flows – to name just a few. Of course, layered on top of all this “visibility” are further systems that correlate and analyze what the mission-specific tools are seeing. Promises of a “single pane of glass” aside, the result is often a mishmash of data and events that require skilled security practitioners to analyze and interpret. The mishmash, in turn, leads to errors in analysis and prioritization. Albert Einstein famously said “Any fool can know. The point is to understand.” So it is in the information security industry, where a common refrain is “you can’t protect […]
Dusting For Malware’s Bloody Prints
Malicious software is nothing new. Computer viruses and worms have been around for decades, as have most other families of malware like remote access tools (RATs) and key loggers. But all our experience with malware hasn’t made the job of knowing when our organization has been hit by it any easier. In fact, recent news stories about breaches at Home Depot, Target, Staples and other organizations makes it clear that even sophisticated and wealthy corporations can easily overlook both the initial compromise and endemic malware infections – and at great cost. That may be why phrases like “dwell time” or “time to discovery” seem to pop up again and again in discussions of breach response. There’s no longer any shame in getting “popped.” The shame is in not knowing that it happened. Greg Hoglund says he has a fix for that latter problem. His new company, Outlier Security, isn’t “next generation […]
Congress To Probe the Internet of Things?
A bipartisan contingent of senators from the Commerce, Science and Transportation Committee has requested a hearing on the topic of the Internet of Things before the end of the year, according to published reports. Lawmakers Kelly Ayotte (R-N.H.), Cory Booker (D-N.J.), Deb Fischer (R-Neb.) and Brian Schatz (D-Hawaii) wrote to the committee chairman, Jay Rockefeller (D-W.Va.) and ranking member,John Thune (R-S.D.), requesting “a general oversight and information-gathering hearing” on the IoT before the end of 2014, citing concerns about consumer privacy and security, as well as potential government applications of IoT technology. IoT technologies including wearables and connected health products represent an “expanding industry of connected products,” the congressmen and women wrote. “The proliferation of connected products is sparking a number of important policy questions,” the October 20th letter reads. “The number and the scope of these issues demands our prompt attention so we can better understand the technologies and explore how best to preserve America’s global leadership […]
You’re Doing NAT Wrong! One Million SOHO Routers Vulnerable
A vulnerability in more than 1 million small office and home office (or SOHO) routers makes them potentially vulnerable to remote attacks that could expose private internal network traffic to prying eyes, according to a warning posted by the firm Rapid7.