We Thought We Understood How to Defend Against Targeted Attacks

The lesson to be learned from the content of Snowden’s documents released to date is that the NSA has built a global capability to execute on a plan of information dominance for intelligence gathering. Ostensibly to collect enough communications meta data and content to deter, disrupt, and destroy terrorists and their plans, the NSA’s capabilities have also been used for broader spying on foreign leaders,

> Read More

Three Lessons Learned From the NSA’s Use of Big Data and Security Analytics

Security analytics is the term being applied to the new methods being developed to counter sophisticated targeted attacks. The idea is simple but implementation requires skill sets that have yet to be acquired by most organizations. Gather as much data as possible, apply filters derived from security intelligence, and identify attacks in progress or already firmly established beachheads made by the adversary.

> Read More

Procedures and Policies Without Controls Are Meaningless: Lessons for the NSA

Note to security clearance holders: The following post contains no links to secret documents.

As the carefully orchestrated stream of leaks from Edward Snowden are published in The Guardian, we have learned first of the massive scale of US (and now UK) data and communication surveillance. Top Secret/NoForn documents were also published that spelled out the procedures and oversight measures that the NSA must comply with to avoid spying on “United States persons”.

> Read More

3 Reasons Flame is a Game Changer

Back in the late ’90s, the president of a prominent U.S. anti-virus company was approached by a delegation from India. Their request? Weapons-grade malware. In the same month, he was also approached by representatives from Pakistan with the same request. As he explains it: “Two nuclear armed nations with a common border and a history of armed conflict have only one interest.

> Read More

Two Approaches to Managing Mobile Devices

There is no question we have entered the era of always connected mobile devices. Smart phones, iPads, and Android devices have changed the way people access information.  Last month, I discussed why denying the use of personal mobile devices isn’t a realistic view. Looking to the future, here are some considerations on how to incorporate this new way of doing business.

> Read More

Resist Enterprise Mobility? Another Knee Jerk Reaction

I have logged more travel miles than I care to admit in 2011. Throughout it all, I heard significant trepidation from IT security directors and CISO’s over the invasion of their offices with those nasty, uncontrollable personal digital devices that everyone is now armed with: iPhones, Android devices, and iPads.  Especially iPads.  And invariably the worst offenders are the business leaders. 

> Read More