Filter By:



Recent Blogs & Podcasts

Insights Portal

\ Faculty Reports 

March 21, 2018 | Incident Response Planning
By Kevin Beaver, IANS Faculty

 Lay the Groundwork for IR in the Cloud

Incident response is never easy, but responding quickly and effectively to an incident when key evidence is housed and managed by a cloud vendor can be even more difficult. In this report, IANS Faculty Kevin Beaver steps you through the process of putting the right pieces in place to ensure your cloud incident response is effective and efficient.

Read More »

March 7, 2018 | Cloud Network and Host Controls
By Dave Shackleford, IANS Faculty

 Cloud Security Controls: A Question of Trust

When is it ok to use a cloud provider’s security controls – and when isn’t it? In this report, IANS Faculty Dave Shackleford details the latest security offerings from the likes of Amazon, Azure and Google, explains what works well and what’s still missing, and offers some good rules of thumb for deciding when to trust the security controls offered by your cloud provider.

Read More »

February 28, 2018 | Malware and Advanced Threats
By Joff Thyer, IANS Faculty

 Detect and Defend Against Fileless Malware

Never mind zero days. Fileless malware – which uses Windows tools like PowerShell and WMI to establish command-and-control channels and otherwise wreak havoc – is taking off in a big way. In this report, IANS Faculty Joff Thyer explains how fileless malware works, why it's becoming more rampant and the key steps to take to detect and defend against it.

Read More »

February 14, 2018 | Authentication
By Andrew Carroll, IANS Faculty

 Understanding Blockchain’s Promise for Identity Management

While blockchains were developed to solve problems very different from identity management, some vendors (and enterprises) are beginning to explore how blockchains could be used to both secure and provide more granular control over digital identities. In this report, IANS Faculty Andrew Carroll explains the pros and cons of using blockchains for identity, and provides a practical overview of the vendors addressing the space.  

Read More »

January 10, 2018 | Malware and Advanced Threats
By Aaron Turner, IANS Faculty

 Information Security Trends for 2018

In 2017, we saw some of our most valued controls undermined and witnessed security incidents impacting businesses around the world.  What will 2018 bring? In this report and webinar, IANS Faculty Aaron Turner examines the major trends in store for IT security professionals in the coming year. From the new incidents we need to prepare for to the investments we need to make to keep up with attackers' capabilities, we have our work cut out for us..

Read More »

January 5, 2018 | Malware and Advanced Threats
By Mike Saurbaugh, IANS Faculty

 IANS Vulnerability and Breach Update: Q4 2017

Vulnerabilities and breaches are mainstream news regularly. With a new vulnerability seemingly discovered daily, which should be taken more seriously (i.e., patch now!) and which are overhyped? In this quarterly research report, IANS Faculty Mike Saurbaugh updates clients on the top vulnerabilities and breaches from the past quarter and provides some real-world context and perspective.

Read More »

January 4, 2018 | Cloud Network and Host Controls
By Dave Shackleford, IANS Faculty

 IANS Cloud Security Update: Q4 2017

As organizations continue to move services and computing assets into cloud service provider environments, the need for adequate security controls grows as well. In this quarterly research report, IANS Faculty Dave Shackleford updates IANS’ clients on the new developments occurring in the cloud security arena.

Read More »

December 20, 2017 | Penetration Testing and Red Teaming
By Michael Pinch, IANS Faculty

 Purple Teaming: It’s Easier Than You Think

Red and blue team capabilities are both important when it comes to uncovering and stopping threats, but combining the two to proactively execute attacks and monitor gaps in defenses is even more valuable. In this report, IANS Faculty Mike Pinch explains the benefits of purple teaming and offers tips for getting started. 

Read More »

November 15, 2017 | Authentication
By Aaron Turner, IANS Faculty

 Correlate Real-World Users to Digital Identities

From ERP systems to Active Directory, digital identities are spread throughout our digital infrastructures. Unfortunately, most large organizations have no good way of correlating those digital identities to actual humans, a situation that both opens security holes and makes moving to new technologies like cloud and mobile much more difficult than it needs to be. In this report, IANS Faculty Aaron Turner shows how three key identity management building blocks can be used to effectively correlate real-world users to digital identities and improve enterprise security.

Read More »

November 1, 2017 | Security Awareness, Phishing, Social Engineering
By Mike Saurbaugh, IANS Faculty

 Ensure Your Security Awareness Program Fosters Behavioral Change

Security awareness training can easily become a compliance checkbox that isn’t beneficial to the organization, particularly as many users view security simply as a necessary evil that restricts their ability to get things done. In this report, IANS Faculty Mike Saurbaugh steps you through the process of ensuring security training gets employees to stop undesired behaviors (e.g., clicking on phishing links) and start desired ones (e.g., reporting suspicious emails to security), so that your training program can actually meet its ultimate goal: securing the business. 

Read More »