Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Security Strategy  

Prepare for Battle: Let’s Build an Incident Response Plan (Part 4)

This is not a drill. In this final installment, read our recommendations for handling a real incident. Whether opportunistic or targeted, here's what you should be thinking about.…

Prepare for Battle: Let’s Build an Incident Response Plan (Part 3)

Now, it’s time for the fun stuff. While an incident response plan review may feel like practicing moves on a wooden dummy, stress testing should feel more like Donnie Yen fighting ten people for bags of rice in Ip Man…

Prepare for Battle: Let’s Build an Incident Response Plan (Part 2)

In Part 1, we covered key considerations when drafting an incident response plan. Here, we'll cover the best way to get buy-in from key company stakeholders...…

Prepare for Battle: Let’s Build an Incident Response Plan (Part 1)

Creating and testing an IR plan mitigates risk—help your organization perform at its best by preparing it for the worst. Join us for Part 1: drafting the plan.…

Takeaways from 2017 SANS State of Application Security Survey

The training and research organization SANS recently released their 2017 State of Application Security survey results. The new report proves that now, more than ever, organizations need to invest in solutions that automate application security testing in order to reap benefits like: Identifying security vulnerabilities…

Testing Developer Security with Metasploit Pro Task Chains

In this modern age, technology continues to make inroads into all sorts of industries. Everything from smartphones to late-model automobiles to internet-connected toasters requires software to operate, and this proliferation of software has brought along gaggles of software developers with their tools-of-the-trade. All this technology…

Testing SMB Security with Metasploit Pro Task Chains: Part 2

This is part two of our blog series on testing SMB security with Metasploit Pro. In the previous post, we explained how to use Metasploit Pro’s Task Chains feature to audit SMB passwords automatically. Read it here if you haven’t already. In today’…

Stop aiming for security perfection—just do what's right

Guest author Kevin Beaver discusses 'relentless incrementalism' in building out and improving security programs.…

Testing SMB Server Security with Metasploit Pro Task Chains: Part 1

A step-by-step guide to testing SMB server security using Metasploit Pro Task Chains.…

Filling big gaps in security programs

Guest author Kevin Beaver talks about helping organizations bridge policy-practice gaps in their security programs.…

Addressing the issue of misguided security spending

It's the $64,000 question in security – both figuratively and literally: where do you spend your money? Some people vote, at least initially, for risk assessment. Some for technology acquisition. Others for ongoing operations. Smart security leaders will cover all the above and more.…

What's the root cause of your security challenges?

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here. My favorite lyricist, Neil Peart of Rush, once wrote “Why does it happen? Because it happens.” Some deep lyrics on life that…

Checks and Balances - Asset + Vulnerability Management

Creating a Positive Feedback Loop Recently I've focused on some specific use cases for vulnerability analytics within a security operations program.  Today, we're taking a step back to discuss tying vulnerability management back in to asset management to create a positive feedback loop.  This progressive,…

The One Aspect of Selling Security That You Don't Want to Miss

This is a guest post from our frequent contributor Kevin Beaver. You can read all of his previous guest posts here. When it comes to being successful in security, you must master the ability to “sell” what you're doing. You must sell new…

Sometimes the simplest security works the best

The FBI this week posted an alert that showed wire transfer scams bled $2.3 Billion from “business email compromise” from October 2013 through February 2016.  A couple of news outlets picked this up, including Brian Krebs. When I was the head of security at…

Never miss a blog

Get the latest stories, expertise, and news about security today.