David Strom

One of the more interesting security best practices is about to get turned on its head, thanks to some cutting-edge research at a small Israeli think tank and elsewhere. The notion is called an "air gap network" and the idea is to isolate a PC from the big bad Internet and any other communications networks so as to have complete security with the information that resides therein.
Air gaps have been around for many years, and have found their way into military and intensely secure installation...

There are plenty of cities in the U.S. that want to lay claim to becoming the "next" Silicon Valley, but a dusty desert town in the south of Israel called Beersheva might actually have a shot at becoming something more modest, and more focused. They want to be the first place you think about when it comes to cybersecurity research, education, and innovation. If things go right there, it may well happen.
David Strom
Israel is a hotbed of tech startups, a self-proclaimed Silicon Wadi. It is ran...

These four products represent different approaches to VM security

We did not test performance. We concentrated on what it took to setup new policies, hosts, reports and user roles in each product, and how the various parts of each product worked to protect a typical multi-host ESX installation.
We asked each vendor to set up their test ESX hosts and provide remote access to the test equipment via several methods: VPN, Web, Remote Desktop or Secure Shell. This was done so we wouldn't have to spend time in setting up a complex virtual environment for our test...

Think of cloud access security brokers (CASBs) as central data authentication and encryption hubs for everything your enterprise uses, both cloud and on-premises and accessed by all endpoints, including private smartphones and tablets. Before the CASB era, enterprise security managers had no visibility into how all their data was protected. As bring-your-own device (BYOD) and unmanaged devices became popular, data could be at risk when accessed from someone’s phone or tablet.
[ Learn which in...

Application security is the process of making apps more secure by finding, fixing, and enhancing the security of apps. Much of this happens during the development phase, but it includes tools and methods to protect apps once they are deployed. This is becoming more important as hackers increasingly target applications with their attacks.
Application security is getting a lot of attention. Hundreds of tools are available to secure various elements of your applications portfolio, from locking d...

The ATT&CK framework, developed by Mitre Corp., has been around for five years and is a living, growing document of threat tactics and techniques that have been observed from millions of attacks on enterprise networks. The funky acronym stands for Adversarial Tactics, Techniques, and Common Knowledge. It began as an internal project and morphed into this behemoth of a public knowledge base that numerous security vendors and consultants have picked up. (More on that in a moment.)
The goal of t...

To accomplish this, they have two components for their tool: first is a series of smartphone apps (including Windows Phone along with iOS and Android). Once you install the app, you set up your identity; either by typing this information directly into the app or via a webpage that you can import the details via a QR code scan. You can include all sorts of things in this identity besides your name and address, including credit card numbers and other personal and business details. All of this i...

The ATT&CK framework, developed by Mitre Corp., has been around for five years and is a living, growing document of threat tactics and techniques that have been observed from millions of attacks on enterprise networks. The funky acronym stands for Adversarial Tactics, Techniques, and Common Knowledge. It began as an internal project and morphed into this behemoth of a public knowledge base that numerous security vendors and consultants have picked up. (More on that in a moment.)
The goal of t...

There are plenty of cities in the U.S. that want to lay claim to becoming the "next" Silicon Valley, but a dusty desert town in the south of Israel called Beersheva might actually have a shot at becoming something more modest, and more focused. They want to be the first place you think about when it comes to cybersecurity research, education, and innovation. If things go right there, it may well happen.
David Strom
Israel is a hotbed of tech startups, a self-proclaimed Silicon Wadi. It is ran...

What is CTF?
Capture the flag (CTF) contests are a way to teach people about real-world hacking and exploits in a fun environment. CTFs have been around for decades. One of the longest-running and more popular series began at the Vegas DEFCON show in 1996 and attracts thousands of participants. Since then, they have sprouted up everywhere and can be found in most cities of the world, as well as across numerous online contest websites. There are even CTFs designed for high school students.
[ F...

Voice Biometrics Group Verification Services Platform: Voiceprint-based authentication
Voice Biometrics Group (VBG) has been involved in the voiceprint security field since 2009, and has some of the largest voice-related installations, some of which comprise more than a million individual voiceprints. The company has been involved in some interesting applications, such as being used in double-blind clinical medical trials, where the clinician doesn’t know the subjects yet needs to validate th...

We did not test performance. We concentrated on what it took to setup new policies, hosts, reports and user roles in each product, and how the various parts of each product worked to protect a typical multi-host ESX installation.
We asked each vendor to set up their test ESX hosts and provide remote access to the test equipment via several methods: VPN, Web, Remote Desktop or Secure Shell. This was done so we wouldn't have to spend time in setting up a complex virtual environment for our test...

Think of cloud access security brokers (CASBs) as central data authentication and encryption hubs for everything your enterprise uses, both cloud and on-premises and accessed by all endpoints, including private smartphones and tablets. Before the CASB era, enterprise security managers had no visibility into how all their data was protected. As bring-your-own device (BYOD) and unmanaged devices became popular, data could be at risk when accessed from someone’s phone or tablet.
[ Learn which in...