Blog Posts Tagged with "Analytics"


Metrics, KPIs and Making Business Sense of Infosec

March 27, 2012 Added by:Rafal Los

Does a 10% increase in IT Security spending really make us 10% safer? I refuse to buy-in to the saying that security is either avoiding cost, or a cost center and nothing more. This is simply untrue in my experiences. Good security is good for business, pure and simple...

Comments  (0)


Defining Success for Information Security Through KPIs

March 26, 2012 Added by:Rafal Los

In the world of software development the business just wants to release fast and functional while the security team would prefer slower and more 'secure'. So as security struggles to positively impact risk, I found 5 key performance indicators that bridge the two positions...

Comments  (1)


Redefining Security Intelligence with NOC and SOC

March 09, 2012 Added by:Rafal Los

Security dashboards are archaic, and often security teams have a half-dozen or more for visual confirmation on happenings. In well-run SOC organizations, a SEIM or new-school SIRM can provide context and close the real-time analysis gap, but this still isn't enough...

Comments  (0)


Quantifying Risk Reduction with an Unknown Denominator

March 07, 2012 Added by:Rafal Los

The problem that exists with all these risk reduction measurements is that they're impossible to quantify. There is simply no way to say that by doing X you've reduced risk by Y% - at least not when you don't know the total number of issues that exist. And therein lies the problem...

Comments  (0)


Infosec: Where is Our “Long Tail”?

February 20, 2012 Added by:Dave Shackleford

The “long tail” concept illustrates the subtle, often overlooked 20% market that tends to be more niche. We need those organizations that are desperate to find unusual solutions that are not available at all right now. And we need small startups to provide them...

Comments  (2)


Log Management: Debugging Security

February 18, 2012 Added by:Danny Lieberman

Logs are key to security management not only for understanding what and why an event happened but also in order to prove regulatory compliance. The business requirements are that security logs should be both relevant and effective...

Comments  (0)


Top Ten Java Frameworks Observed in Customer Applications

February 08, 2012 Added by:Fergal Glynn

One of the things we record when scanning applications is the presence of frameworks and other supporting technologies, and we’ve been at work mining that data to understand what developers use to build their applications. We’d like to share some of that research with you today...

Comments  (0)


Achieving Network Security

February 07, 2012 Added by:Kevin Somppi

Today's networks are complex, with most organizations supporting various server, operating system and Web platforms. This requires an accurate, comprehensive, and up-to-date way to identify the latest system vulnerabilities and configuration errors...

Comments  (0)


NETPeas COREvidence v1.0 Sneak Preview

February 02, 2012 Added by:Nabil Ouchn

COREvidence, a Software as a Service (SaaS) product, integrates multiple services to create a one-stop network security solution. Customers have immediate access to numerous technology leaders in vulnerability management, compliance achievement and monitoring...

Comments  (0)


A Failed Attempt at Optimizing an Infosec Risk Assessment

January 28, 2012 Added by:Bozidar Spirovski

Having a standardized method for risk assessment in infosec based on hard numbers would be great. But since the factors included in any incident are complex and varying, and consistent incident reporting is impossible, we will be sticking to the current qualitative methods...

Comments  (3)


E-Meme: The Next Generation of Thought Crime Detection?

January 25, 2012 Added by:Infosec Island Admin

An Orwellian software development project that the Navy has invested in called “E-MEME” will be able to sift through the internet for ideas and meme’s to analyze them for predictive behavior assessment. Predictive behavioral analysis via meme’s... Whatever could go wrong?

Comments  (6)


Mobile Application Security: New Platforms, Old Mistakes

January 24, 2012 Added by:Fergal Glynn

While Android may be a new platform, some of the security issues we found are reminiscent of old mistakes we have seen developers make. One example of this was the practice of hard-coding cryptographic keys directly into the application...

Comments  (0)


Content Raven – High Speed Low Drag

January 10, 2012 Added by:

Security professionals are always struggling to get usage statistics with security products. Content Raven gives you great metrics and analytics out of the box. I can track by user and/or device and /or location what the user has looked at and for how long...

Comments  (0)


Analyzing Passwords for Patterns and Complexity

December 20, 2011 Added by:Dan Dieterle

This is a great tool to see patterns in password security. After years of users being warned about password security, it is disheartening to see the majority of users are still using simple passwords. More alarming is the number of password dumps available from compromised websites...

Comments  (0)


Network Security in the Age of Social Media

December 08, 2011 Added by:Ben Rothke

Social media is now mainstream in corporate America, and the security and privacy issues around it are hot. In the past, many firms simply said no to social media at the corporate level. But that will no longer work, as social media isn’t a choice anymore, it’s a business transformation tool...

Comments  (0)


Memory Forensics: Analyzing a Stuxnet Memory Dump

November 29, 2011 Added by:Dan Dieterle

Take a look at a memory dump from a system with Stuxnet - this code has execute and read write permissions. We could go on and find Stuxnet registry key settings, hidden Dll’s, file objects and numerous other artifacts in this memory sample all with using Volatility...

Comments  (0)

Page « < 1 - 2 - 3 > »