Cloud Security: Lessons Learned from Intrusion Prevention Systems
7/17/2018The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
Post a Comment
Author
Profile of Gunter Ollmann
CTO, Security, Microsoft Cloud and AI Division Member Since: 7/5/2018Author
News & Commentary Posts: 11
Comments: 0
Gunter Ollmann serves as CTO for security and helps drive the cross-pillar strategy for the cloud and AI security groups at Microsoft. He has over three decades of information security experience in an array of cyber security consulting and research roles. Before to joining Microsoft, Gunter served as chief security officer at Vectra AI, driving new research and innovation into machine learning and AI-based threat detection of insider threats. Prior to Vectra AI, he served as CTO of domain services at NCC Group, where he drove the company's generic Top Level Domain (gTLD) program. He was also CTO at security consulting firm IOActive, CTO and vice president of research at Damballa, chief security strategist at IBM, and built and led well-known and respected security research groups around the world, such as X-Force. Gunter is a widely respected authority on security issues and technologies and has researched, written and published hundreds of technical papers and bylined articles.
Originally, Gunter had wanted to be an architect but he lost interest after designing retaining walls during a three-month internship. After that, he qualified as a meteorologist, but was lured to the dark side of forecasting Internet threats and cyberattacks. His ability to see dead people stoked an interest in history and first-millennium archaeology.
Articles by Gunter Ollmann
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
Post a Comment
How Artificial Intelligence Will Solve The Security Skills Shortage
12/28/2016Unlike industries that fear the intrusion of AI, the infosec world is embracing this revolutionary technology, and the seismic changes it will bring to threat detection and mitigation.
Post a Comment
Sticking It To The ATM
12/31/2013The folly of not preemptively disabling 'boot from USB' on an ATM
Post a Comment
NSA's TAO
12/30/2013NSA's Q-branch upgrades Omega laser watch with Huawei backdoors
Post a Comment
Target's Christmas Data Breach
12/26/2013Why, oh, why would Target be storing debit card PINs?
Post a Comment
A Mercenary Approach To Botnets
11/28/2013When does a botnet become valuable to government intelligence agencies?
Post a Comment
Healthcare.gov Security Hiccups
11/20/2013Take two aspirin and call me in the morning
Post a Comment
The Reality Of Freshly Minted Software Engineers
10/15/2013Why do recent computer science graduates need to be retrained when they hit the commercial world?
Post a Comment
Penetration Testing With Honest-To-Goodness Malware
10/1/2013When did penetration-testing methodologies stop replicating the vectors attackers make?
Post a Comment
Dolloping Out Threat Intelligence
9/21/2013When too much of a good thing causes confusion and setbacks
Post a Comment
Hacking The Emergency Alerting System
7/15/2013More EAS devices vulnerable now than when vendors were alerted in January
Post a Comment
White Papers
Video
3 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I want to tell an NSA joke but I feel like they've heard them all before.
Latest Comment: I want to tell an NSA joke but I feel like they've heard them all before.
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-17948
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
PUBLISHED: 2018-11-20
From DHS/US-CERT's National Vulnerability Database CVE-2018-17948
PUBLISHED: 2018-11-20
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
CVE-2018-1779PUBLISHED: 2018-11-20
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
CVE-2018-19367PUBLISHED: 2018-11-20
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.
CVE-2018-19335PUBLISHED: 2018-11-20
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports.
CVE-2018-19334PUBLISHED: 2018-11-20
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This