20 Ways to Increase the Efficiency of the Incident Response Workflow
4/10/2018Despite all the good intentions of some great security teams, we are still living in a "cut-and-paste" incident management world.
Post a Comment
Author
Profile of Joshua Goldfarb
Co-founder & Chief Product Officer, IDDRA News & Commentary Posts: 41Josh (Twitter: @ananalytical) is an experienced information security leader with broad experience building and running Security Operations Centers (SOCs). Josh is currently co-founder and chief product officer at IDRRA and also serves as security advisor to ExtraHop. Prior to joining IDRRA, Josh served as VP, CTO for emerging technologies at FireEye and as chief security officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the chief of analysis for the United States Computer Emergency Readiness Team (US-CERT) which he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh's blogging and public speaking appearances, he is also a regular contributor to DarkReading and SecurityWeek.
Articles by Joshua Goldfarb
Despite all the good intentions of some great security teams, we are still living in a "cut-and-paste" incident management world.
Post a Comment
Pragmatic Security: 20 Signs You Are 'Boiling the Ocean'
3/6/2018Ocean-boiling is responsible for most of the draconian, nonproductive security policies I've witnessed over the course of my career. Here's why they don't work.
Post a Comment
20 Signs You Need to Introduce Automation into Security Ops
2/8/2018Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
Post a Comment
In Security & Life, Busy Is Not a Badge of Honor
1/16/2018All security teams are busy, but not all security teams are productive. The difference between the two is huge.
Post a Comment
Is Your Security Workflow Backwards?
12/15/2017The pace at which information security evolves means organizations must work smarter, not harder. Here's how to stay ahead of the threats.
Post a Comment
Why Common Sense Is Not so Common in Security: 20 Answers
11/10/2017Or, questions vendors need to ask themselves before they write a single word of marketing material.
Post a Comment
20 Questions to Ask Yourself before Giving a Security Conference Talk
10/16/2017As cybersecurity continues to become more of a mainstream concern, those of us who speak at industry events must learn how to truly connect with our audience.
Post a Comment
20 Questions to Help Achieve Security Program Goals
9/13/2017There are always projects, maturity improvements, and risk mitigation endeavors on the horizon. Here's how to keep them from drifting into the sunset.
Post a Comment
20 Tactical Questions SMB Security Teams Should Ask Themselves
8/15/2017Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
Post a Comment
20 Questions for Improving SMB Security
7/21/2017Security leaders in small and medium-sized business who want to up their game need to first identify where they are now, then, where they want to go.
Post a Comment
The Case for Crowdsourcing Security Buying Decisions
6/30/2017Why our industry needs a sharing platform with open and transparent access to peer knowledge, meaningful metrics, and transparency around security products and services
Post a Comment
SMB Security: Don’t Leave the Smaller Companies Behind
6/1/2017Helping improve the security posture of small and medium-sized businesses should be a priority for security organizations of all sizes.
Post a Comment
Seeing Security from the Other Side of the Window
5/3/2017From the vantage of our business colleagues, security professionals are a cranky bunch who always need more money, but can’t explain why.
Post a Comment
Data Visualization: Keeping an Eye on Security
3/27/2017Visualization can be one of the most powerful approaches a security team can use to make sense of vast quantities of data. So why does it end up as an afterthought?
Post a Comment
20 Questions for SecOps Platform Providers
2/27/2017Security operations capabilities for the masses is long overdue. Here’s how to find a solution that meets your budget and resources.
Post a Comment
Crowdsourcing 20 Answers To Security Ops & IR Questions
1/12/2017“Those who know do not speak. Those who speak do not know.” Why it pays to take a hard look at our own incident response functions and operations.
Post a Comment
20 Questions Security Pros Should Ask Themselves Before Moving To The Cloud
12/20/2016A template for working collaboratively with the business in today’s rapidly changing technology environment.
Post a Comment
20 Questions Smart Security Pros Should Ask About 'Intelligence'
12/1/2016Threat intel is a hot but complicated topic that encompasses a lot more than just data feeds. Here's how to get beyond the fear, uncertainty, and doubt to maximize its potential.
Post a Comment
20 Endpoint Security Questions You Never Thought to Ask
10/26/2016The endpoint detection and response market is exploding! Here’s how to make sense of the options, dig deeper, and separate vendor fact from fiction.
Post a Comment
20 Questions To Explore With Security-as-a-Service Providers
10/5/2016This list will help you leverage the niche expertise of security-as-a-service providers, and assess which vendor can best meet your needs
Post a Comment
20 Questions Security Leaders Need To Ask About Analytics
9/15/2016The game of 20 questions is a great way to separate vendors that meets your needs from those who will likely disappoint.
Post a Comment
Theory Vs Practice: Getting The Most Out Of Infosec
8/10/2016Why being practical and operationally minded is the only way to build a successful security program.
Post a Comment
5 Failsafe Techniques For Interviewing Security Candidates
7/22/2016Filling critical information security roles with the right people is never easy. But learning how to separate the 'wheat from the chaff' is a smart step in the right direction.
Post a Comment
Mind The Gap: CISOs Versus 'Operators'
6/25/2016How open communication among security execs and analysts, incidents responders, and engineers can help organizations stay on top of the constantly changing threat landscape.
Post a Comment
A Wish List For The Security Conference Stage
5/26/2016All the world may be a stage, but in the theater of cybersecurity, we need a more relevant dialogue of fresh ideas, novel approaches, and new ways of thinking.
Post a Comment
8 Signs Your Security Culture Lacks Consistency
4/27/2016Organizations that practice what they preach and match their actions to their words do far better achieving their goals than those that do not. Here's why that matters.
Post a Comment
Cloud Security: Understanding New Risks, Rising To New Challenges
3/21/2016In a business world dominated by the cloud, security ops has to change the way we play the game in order to accomplish our strategic goals.
Post a Comment
Public Vs. Private: Is A Prestigious Infosec College Degree Worth It?
2/24/2016Today's graduates coming into the information security industry from private universities aren’t ready for the workforce.
Post a Comment
Careers in InfoSec: Don’t Be Fooled By The Credential Alphabet
1/27/2016Analytical skills, work ethic, an ability to overcome obstacles, and a natural drive to solve problems are the critical hiring factors in today’s tight job market.
Post a Comment
The Matrix Reloaded: Security Goals v. Operational Requirements
1/7/2016Building a matrix that measures people, process, and technology against security goals is a proven method for reducing risk in an organization. Here’s how.
Post a Comment
Playing It Straight: Building A Risk-Based Approach To InfoSec
12/7/2015What a crooked haircut can teach you about framing the discussion about organizational security goals and strategies.
Post a Comment
Mature & Unconfident: The Best Information Security Teams Ever!
11/5/2015Security through maturity and humility is a workable philosophy with proven results for organizations that are willing to give it a try. Here’s why.
Post a Comment
An Atypical Approach To DNS
10/15/2015It’s now possible to architect network instrumentation to collect fewer data sources of higher value to security operations. Here’s how -- and why -- you should care.
Post a Comment
Information Security Lessons From Literature
9/15/2015How classic themes about listening, honesty, and truthfulness can strengthen your organization’s security posture, programs and operations.
Post a Comment
Data Visibility: A Matter Of Perspective
8/10/2015You can't analyze what you can't see. True at the dentist and true in security.
Post a Comment
Detection: A Balanced Approach For Mitigating Risk
7/21/2015Only detection and response can complete the security picture that begins with prevention.
Post a Comment
Security Metrics: It’s All Relative
6/9/2015What a haircut taught me about communicating the value of security to executives and non-security professionals.
Post a Comment
Taking A Security Program From Zero To Hero
5/13/2015Breaking the enigma of InfoSec into smaller bites is a proven method for building up an organization’s security capabilities. Here are six steps to get you started.
Post a Comment
Setting Security Professionals Up For Success
4/14/2015People, process, and technology are all integral to a successful infosec program. What’s too often missing involves the concept of workflow.
Post a Comment
Context: Finding The Story Inside Your Security Operations Program
3/23/2015What’s missing in today’s chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
Post a Comment
7 Tips To Improve 'Signal-to-Noise' In The SOC
4/22/2014When security analysts are desensitized to alerts because of sheer volume, they miss the true positives that can prevent a large-scale data breach. Here's how to up your game.
Post a Comment
White Papers
Video
0 Comments
Current Issue
How to Cope with the IT Security Skills ShortageMost enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
![[Strategic Security Report] Navigating the Threat Intelligence Maze](https://dsimg.ubm-us.net/asset/393933/543593/DR_ThreatConnect_Report.png)
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
CVE-2016-10369NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
CVE-2016-8202unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
CVE-2016-8209A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
CVE-2017-0890Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This