Filter By:

Type

Topic

Recent Blogs & Podcasts

Insights Portal

 



April 19, 2018 | Account Provisioning
By Aaron Turner, IANS Faculty

 Cloud Provisioning: Know the Issues

The good news for cloud identity management? Authentication standards are solid. The bad news? Authorization standards are nowhere near as mature. In this Ask-an-Expert written response, IANS Faculty Aaron Turner details the many challenges in cloud provisioning and recommends focusing on making role-based access control (RBAC) as efficient as possible.

Read More »


April 18, 2018 | Threat Detection and Hunt Teaming
By Marcus Ranum, IANS Faculty

 Honeypots: Are You Up to the Challenge?

Honeypots have a bad rap in infosec circles, and that's unfortunate. Implemented correctly, honeypots are virtually free tools that can help security easily and quickly pinpoint attackers as they perform reconnaissance or try to move laterally through a network. In this report, we explain what honeypots are, offer some simple ways to build them, and detail their pitfalls and success factors. 

Read More »


April 17, 2018 | Penetration Testing and Red Teaming
By Jake Williams, IANS Faculty

 Avoid Common Issues with Live Red Team Exercises

Red team exercises provide valuable insight into an organization's defenses, but running them against live environments can be dicey. In this Ask-an-Expert live interaction, IANS Faculty Jake Williams details how to get a red team program up and running, and offers tips for conducting live exercises without adversely affecting the business.

Read More »


April 16, 2018 | Vulnerability Assessment and Management
By Marcus Ranum, IANS Faculty

 Create an Efficient, Effective Bug Bounty Program

Organizations with significant software exposure often consider deploying bug bounty programs to improve quality and better manage vulnerability disclosures, but what's the best way to go about it? In this Ask-an-Expert written response, IANS Faculty Marcus Ranum recommends using an internal (vs. outsourced) process and details the critical components for success.

Read More »


April 13, 2018 | Penetration Testing and Red Teaming
By Kevin Johnson, IANS Faculty

 I Am Not a Robot: Manual Pen-Testing Tips and Tricks

When it comes to web app penetration testing, automation can only get you so far. In this webinar, IANS Faculty Kevin Johnson explores how using manual testing techniques can augment the automation many DevOps shops use for security testing. In addition to providing examples of manual attacks used against modern sites, he offers tips for implementing this type of testing to ensure optimal web app security.

Read More »


April 12, 2018 | Security Policies and Strategy
By Aaron Turner, IANS Faculty

 Set an Optimal Social Media Usage Policy

Like all things in infosec, social media usage policies must strive to balance security with business benefits. In this Ask-an-Expert written response, IANS Faculty Aaron Turner explains the pros and cons of strict vs. permissive social media policies and suggests the best path forward is to balance unfettered social media engagement with smart investments in SSL decryption and other monitoring solutions.

Read More »


April 11, 2018 | Threat Intelligence and Modeling
By Bill Dean, IANS Faculty

 Make Sense of Your Threat Intel

With all the threat feeds and intelligence sources out there, how can you choose – and use – the right ones for your specific infosec program and use cases? In this report, IANS Faculty Bill Dean offers practical tips for choosing the right feeds, integrating the data and ensuring you successfully leverage threat intel to proactively detect/prevent attacks.

Read More »


April 11, 2018 | Threat Intelligence and Modeling
By Bill Dean, IANS Faculty

 Threat Intelligence Checklist

The ability to obtain and effectively leverage quality threat intelligence is no longer optional for today’s information security teams. This checklist steps  through the process of choosing the right feeds, integrating the data and ensuring you successfully leverage threat intel to proactively detect/prevent attacks.

Read More »


April 10, 2018 | Malware and Advanced Threats
By Mike Saurbaugh, IANS Faculty

 IANS Vulnerability and Breach Update: Q1 2018

Vulnerabilities and breaches are mainstream news regularly. With a new vulnerability seemingly discovered daily, which should be taken more seriously (i.e., patch now!) and which are overhyped? In this quarterly research report, IANS Faculty Mike Saurbaugh updates clients on the top vulnerabilities and breaches from the past quarter and provides some real-world context and perspective.

Read More »