Analytics // Security Monitoring
News & Commentary
The Rise Of Community-Based Information Security
Peter Zavlaris, Analyst, RiskIQCommentary
The more vendors, service providers, and companies’ band together to fight security threats, the more difficult it will become for attacks to succeed.
By Peter Zavlaris Analyst, RiskIQ, 12/28/2015
Comment2 comments  |  Read  |  Post a Comment
Survey: When Leaving Company, Most Insiders Take Data They Created
Sara Peters, Senior Editor at Dark ReadingNews
Most employees believe they own their work, and take strategy documents or intellectual property with them as they head out the door.
By Sara Peters Senior Editor at Dark Reading, 12/23/2015
Comment15 comments  |  Read  |  Post a Comment
‘Re-innovating’ Static Analysis: 4 Steps
Kevin E. Greene, Cyber Security Thought LeaderCommentary
Before we pronounce the death of static analysis, let’s raise the bar with a modern framework that keeps pace with the complexity and size found in today’s software.
By Kevin E. Greene Cyber Security Thought Leader, 12/9/2015
Comment4 comments  |  Read  |  Post a Comment
Introducing ‘RITA’ for Real Intelligence Threat Analysis
John Strand, SANS Senior Instructor & Owner, Black Hills Information SecurityCommentary
SANS' free, new framework can help teams hunt for attackers by extending traditional signature analysis to blacklisted IP addresses and accounts that have multiple concurrent logons to multiple systems.
By John Strand SANS Senior Instructor & Owner, Black Hills Information Security, 11/20/2015
Comment0 comments  |  Read  |  Post a Comment
Don’t Toy With The Dark Web, Harness It
James Chappell, CTO & Founder, Digital ShadowsCommentary
The Dark Web’s sinister allure draws outsized attention, but time-strapped security teams would benefit from knowing what's already circulating in places they don't need Tor or I2P to find.
By James Chappell CTO & Founder, Digital Shadows, 11/16/2015
Comment4 comments  |  Read  |  Post a Comment
Machine Learning: Perception Problem? Maybe. Pipe Dream? No Way!
Mike Paquette, VP Products, PrelertCommentary
Guided by an organization's internal security experts,'algorithmic assistants' provide a powerful new way to find anomalies and patterns for detecting cyberthreat activity.
By Mike Paquette VP Products, Prelert, 11/11/2015
Comment0 comments  |  Read  |  Post a Comment
Why Threat Intelligence Feels Like A Game Of Connect Four
Kristi Horton, Lead Intelligence Officer, Financial Services Information Sharing and Analysis Center (FS-ISAC)Commentary
In real life, solving the cybersecurity puzzle has many challenges. But shared wisdom and community defense models are making it easier to connect the dots.
By Kristi Horton Lead Intelligence Officer, Financial Services Information Sharing and Analysis Center (FS-ISAC), 11/10/2015
Comment2 comments  |  Read  |  Post a Comment
Security Analytics Still Greenfield Opportunity
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Surveys out this week show improvement in the use of analytics and threat intelligence but room for better execution.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/29/2015
Comment0 comments  |  Read  |  Post a Comment
Machine Learning Is Cybersecurity’s Latest Pipe Dream
Simon Crosby, Co-founder & CTO, BromiumCommentary
Rather than waste money on the unproven promises of ML and AI, invest in your experts, and in tools that enhance their ability to search for and identify components of a new attack.
By Simon Crosby Co-founder & CTO, Bromium, 10/29/2015
Comment5 comments  |  Read  |  Post a Comment
5 Things To Know About CISA
Sara Peters, Senior Editor at Dark ReadingNews
Despite criticism from privacy advocates, the Cybersecurity Information Sharing Act passed through the Senate yesterday.
By Sara Peters Senior Editor at Dark Reading, 10/28/2015
Comment8 comments  |  Read  |  Post a Comment
New Approaches to Vendor Risk Management
Dr. Aleksandr Yampolskiy, CEO & Cofounder, SecurityScorecardCommentary
The key to managing partner security risk is having truly verifiable evidence.
By Dr. Aleksandr Yampolskiy CEO & Cofounder, SecurityScorecard, 10/26/2015
Comment0 comments  |  Read  |  Post a Comment
Passing the Sniff Test: Security Metrics and Measures
Ericka Chickowski, Contributing Writer, Dark Reading
Cigital dishes dirt on top security metrics that don’t work well, why they’re ineffective and which measurable to consider instead.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/23/2015
Comment2 comments  |  Read  |  Post a Comment
An Atypical Approach To DNS
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
It’s now possible to architect network instrumentation to collect fewer data sources of higher value to security operations. Here’s how -- and why -- you should care.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 10/15/2015
Comment0 comments  |  Read  |  Post a Comment
Intro To Machine Learning & Cybersecurity: 5 Key Steps
Stephen Newman, CTO, DamballaCommentary
Software-based machine learning attempts to emulate the same process that the brain uses. Here’s how.
By Stephen Newman CTO, Damballa, 10/7/2015
Comment0 comments  |  Read  |  Post a Comment
Don’t Be Fooled: In Cybersecurity Big Data Is Not The Goal
Jay Jacobs, Senior Data Scientist, BitSight TechnologiesCommentary
In other words, the skills to be a security expert do not translate to being able to understand and extract meaning from security data.
By Jay Jacobs Senior Data Scientist, BitSight Technologies, 10/6/2015
Comment0 comments  |  Read  |  Post a Comment
Automating Breach Detection For The Way Security Professionals Think
Giora Engel, VP Product & Strategy, LightCyberCommentary
The missing ingredient in making a real difference in the cumbersome process of evaluating a flood of alerts versus a small, actionable number is context.
By Giora Engel VP Product & Strategy, LightCyber, 10/1/2015
Comment2 comments  |  Read  |  Post a Comment
Visual Analytics And Threat Intelligence With Raffael Marty
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Raffael Marty, founder and CEO of PixlCloud, stops by Dark Reading News Desk at Black Hat to discuss how to harness security data, visualize it, and put it to use, so it's more than just pretty pictures.
By Sara Peters Senior Editor at Dark Reading, 9/29/2015
Comment1 Comment  |  Read  |  Post a Comment
Dan Kaminsky's Visions Of The CISO's Future
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Dan Kaminsky, chief scientist and founder of White Ops, visits Dark Reading News Desk at Black Hat to explain a 'fairly controversial' opinion about how to fix the security skills shortage, and why CISOs' budgets will double, then double again.
By Sara Peters Senior Editor at Dark Reading, 9/16/2015
Comment0 comments  |  Read  |  Post a Comment
Information Security Lessons From Literature
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
How classic themes about listening, honesty, and truthfulness can strengthen your organization’s security posture, programs and operations.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 9/15/2015
Comment1 Comment  |  Read  |  Post a Comment
The Truth About DLP & SIEM: It’s A Process Not A Product
Bryan Simon, CISSP, SANS Certified Instructor, President & CEO of Xploit Security Inc.Commentary
If you know what data is critical to your organization and what activities are abnormal, data loss prevention and security information event management work pretty well. But that’s not usually the case.
By Bryan Simon CISSP, SANS Certified Instructor, President & CEO of Xploit Security Inc., 9/11/2015
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: nice one good
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas in a thought-provoking discussion about the evolving role of the CISO.