David Strom writes for numerous B2B IT publications and websites and was the founding editor-in-chief of Network Computing.
How to bridge and secure air gap networks
One of the more interesting security best practices is about to get turned on its head, thanks to some cutting-edge research at a small Israeli think tank and elsewhere. The notion is called an "air gap network" and the idea is to isolate a PC from the big bad Internet and any other communications networks so as to have complete security with the information that resides therein.
Air gaps have been around for many years, and have found their way into military and intensely secure installation...
Why Israel could be the next cybersecurity world power
There are plenty of cities in the U.S. that want to lay claim to becoming the "next" Silicon Valley, but a dusty desert town in the south of Israel called Beersheva might actually have a shot at becoming something more modest, and more focused. They want to be the first place you think about when it comes to cybersecurity research, education, and innovation. If things go right there, it may well happen.
David Strom
Israel is a hotbed of tech startups, a self-proclaimed Silicon Wadi. It is ran...
How to protect virtual machines (VMs)
These four products represent different approaches to VM security
How we tested virtualization security
We did not test performance. We concentrated on what it took to setup new policies, hosts, reports and user roles in each product, and how the various parts of each product worked to protect a typical multi-host ESX installation.
We asked each vendor to set up their test ESX hosts and provide remote access to the test equipment via several methods: VPN, Web, Remote Desktop or Secure Shell. This was done so we wouldn't have to spend time in setting up a complex virtual environment for our test...
What is a CASB? What you need to know before you buy
Think of cloud access security brokers (CASBs) as central data authentication and encryption hubs for everything your enterprise uses, both cloud and on-premises and accessed by all endpoints, including private smartphones and tablets. Before the CASB era, enterprise security managers had no visibility into how all their data was protected. As bring-your-own device (BYOD) and unmanaged devices became popular, data could be at risk when accessed from someone’s phone or tablet.
[ Learn which in...
What is application security? A process and tools for securing software
Application security is the process of making apps more secure by finding, fixing, and enhancing the security of apps. Much of this happens during the development phase, but it includes tools and methods to protect apps once they are deployed. This is becoming more important as hackers increasingly target applications with their attacks.
Application security is getting a lot of attention. Hundreds of tools are available to secure various elements of your applications portfolio, from locking d...
What is Mitre's ATT&CK framework? What red teams need to know
The ATT&CK framework, developed by Mitre Corp., has been around for five years and is a living, growing document of threat tactics and techniques that have been observed from millions of attacks on enterprise networks. The funky acronym stands for Adversarial Tactics, Techniques, and Common Knowledge. It began as an internal project and morphed into this behemoth of a public knowledge base that numerous security vendors and consultants have picked up. (More on that in a moment.)
The goal of t...
Review: Password managers help keep hackers at bay
To accomplish this, they have two components for their tool: first is a series of smartphone apps (including Windows Phone along with iOS and Android). Once you install the app, you set up your identity; either by typing this information directly into the app or via a webpage that you can import the details via a QR code scan. You can include all sorts of things in this identity besides your name and address, including credit card numbers and other personal and business details. All of this i...
What is Mitre's ATT&CK framework? What red teams need to know
The ATT&CK framework, developed by Mitre Corp., has been around for five years and is a living, growing document of threat tactics and techniques that have been observed from millions of attacks on enterprise networks. The funky acronym stands for Adversarial Tactics, Techniques, and Common Knowledge. It began as an internal project and morphed into this behemoth of a public knowledge base that numerous security vendors and consultants have picked up. (More on that in a moment.)
The goal of t...
Why Israel could be the next cybersecurity world power
There are plenty of cities in the U.S. that want to lay claim to becoming the "next" Silicon Valley, but a dusty desert town in the south of Israel called Beersheva might actually have a shot at becoming something more modest, and more focused. They want to be the first place you think about when it comes to cybersecurity research, education, and innovation. If things go right there, it may well happen.
David Strom
Israel is a hotbed of tech startups, a self-proclaimed Silicon Wadi. It is ran...
10 questions to answer before running a capture the flag (CTF) contest
What is CTF?
Capture the flag (CTF) contests are a way to teach people about real-world hacking and exploits in a fun environment. CTFs have been around for decades. One of the longest-running and more popular series began at the Vegas DEFCON show in 1996 and attracts thousands of participants. Since then, they have sprouted up everywhere and can be found in most cities of the world, as well as across numerous online contest websites. There are even CTFs designed for high school students.
[ F...
9-vendor authentication roundup: The good, the bad and the ugly
Voice Biometrics Group Verification Services Platform: Voiceprint-based authentication
Voice Biometrics Group (VBG) has been involved in the voiceprint security field since 2009, and has some of the largest voice-related installations, some of which comprise more than a million individual voiceprints. The company has been involved in some interesting applications, such as being used in double-blind clinical medical trials, where the clinician doesn’t know the subjects yet needs to validate th...
How we tested virtualization security
We did not test performance. We concentrated on what it took to setup new policies, hosts, reports and user roles in each product, and how the various parts of each product worked to protect a typical multi-host ESX installation.
We asked each vendor to set up their test ESX hosts and provide remote access to the test equipment via several methods: VPN, Web, Remote Desktop or Secure Shell. This was done so we wouldn't have to spend time in setting up a complex virtual environment for our test...
What is a CASB? What you need to know before you buy
Think of cloud access security brokers (CASBs) as central data authentication and encryption hubs for everything your enterprise uses, both cloud and on-premises and accessed by all endpoints, including private smartphones and tablets. Before the CASB era, enterprise security managers had no visibility into how all their data was protected. As bring-your-own device (BYOD) and unmanaged devices became popular, data could be at risk when accessed from someone’s phone or tablet.
[ Learn which in...