Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

2/17/2020
09:00 AM
By Karen Burke, Director of Corporate Communications, Farsight Security, Inc.
By Karen Burke, Director of Corporate Communications, Farsight Security, Inc.
Sponsored Article
100%
0%

Let's Talk: Why Language Matters in Cybersecurity

Like the latest security tools on the RSAC show floor, how we choose to communicate about the latest cyberthreats and more can play a key role in improving the security for all on the Internet.

Last week, I received a notification from Yahoo stating my "account may have been the target of government-backed actors." After validating its source, I shared the notice with my four sisters, who don’t work in the security industry, to see if they knew what "government-backed actors" meant. None of them did; one sister had to look it up on the Internet, while another said she would have not opened the mail, assuming it was a phishing attack. While far from a scientific poll, my sisters’ responses, in their small way, underscore why using simple, direct language is the key to keeping us all safer on the Internet. 

Language matters beyond data breach notifications. In his Venturebeat piece, Gusto CISO Frederick "Flee" Lee calls for more creativity to address the current cybersecurity skills shortage, including changing how we communicate about our industry, our open positions, etc: 'Expanding our recruiting pool and increasing the size of our talent pipeline starts with dropping our "dark arts" attitude and making security more accessible and easily understood."

The right communication is important; not only in attracting new talent, but also in winning new customers. How are you communicating with prospects? A single pitch does not work for every opportunity. Let’s say your marketing department has done a great job outlining the value prop of your products, and you have secured an initial call with a potential customer. Do you have a basic understanding of their industry and current security challenges? Has your pre-sales team done their homework about the organization, its industry, etc.?  Have you checked-in with financial, healthcare, automotive, retail and other vertical ISACs and threat-sharing associations? Empathy should be a core component of our work together. The ability to speak a common language and ask the right questions is the foundation for every relationship – prospects or otherwise.

In our industry, certain words like "speed," "real-time," and "faster" are often used to describe cybersecurity tools, capabilities, etc. According to the Verizon’s 2019 Data Breach Investigations Report (DBIR), one in two organizations doesn’t manage to discover a breach until several months after it happened.  At Farsight Security, we recognize the urgency and our responsibility to help organizations detect and quickly respond to cyberattacks, which is why we have heavily invested in delivering real-time data solutions to commercial and government organizations.

Our real-time (data-in-motion) and historical (data-at-rest) DNS data solutions help organizations reduce attacker dwell time as well as monitor and prevent many of today’s top cyberattacks, including phishing and DNS hijackings. These tools can also be used to audit your own and your partners digital infrastructures. What do we mean by "real-time"? At Farsight, we process more than 200,000 observations of DNS resolutions every second - including all DNS record types.

Our Newly Observed Domains, NX Domains, and the recently announced Newly Active Domains, the industry’s first real-time DNS Intelligence data feed that reports domains as they resume activity on the Internet after a period of inactivity (10 days or more), are all real-time solutions with proven benefits. However, not every organization has the right team or infrastructure to consume and leverage real-time data. To help organizations better access our real-time solutions, we have created SIE Batch, a new easy-to-use and easy-to-integrate delivery method to access our many real-time solutions. Both SIE Batch and Newly Active Domains will debut at the RSA® Conference in San Francisco from February 24-28, 2020. Visit us at Booth #3338 South to see “real-time” in action and learn how we can help your organization.

As we head into one of the industry’s primary conferences, let’s keep in mind that "government-backed actors" represent just one of the cyberthreats we face today. Language – like the latest security tools on the show floor – can be another important and vital tool we can use to help organizations reduce risk and improve our industry as a whole.      

About The Author
Karen Burke, Director of Corporate Communications, Farsight Security, Inc.
Karen Burke is the director of corporate communications for Farsight Security, Inc., the world’s largest provider of historical and real-time passive DNS data. She has extensive experience managing corporate communications and public relations for cybersecurity companies.

  

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29297
PUBLISHED: 2021-07-30
Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll".
CVE-2021-29298
PUBLISHED: 2021-07-30
Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll".
CVE-2021-35193
PUBLISHED: 2021-07-30
Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations (that have the same software version). This provides remote access to SQL database credentials. (In the normal use of the product, retrieving those...
CVE-2021-37742
PUBLISHED: 2021-07-30
app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships.
CVE-2021-37743
PUBLISHED: 2021-07-30
app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format.