Vice President for Cybersecurity
Full disclosure: I am a security product testing nerd*. I’ve been following the MITRE ATT&CK Framework for a while, and this week the results were released of the most recent evaluation using APT29 otherwise known as COZY BEAR. First, here’s a snapshot of the Trend eval results as I understand them (rounded down): 91.79%…
Read More
This overview builds on the recent report from Trend Micro Research on cloud-specific security gaps, which can be found here. Don’t be cloud-weary. Hear us out. Recently, a major tipping point was reached in the IT world when more than half of new IT spending was on cloud over non- cloud. So rather than being…
Read More
So you suddenly have a lot of staff working remotely. Telework is not new and a good percentage of the workforce already does so. But the companies who have a distributed workforce had time to plan for it, and to plan for it securely. A Lot of New Teleworkers All At Once This event can’t…
Read More
It doesn’t take a wily prediction to see that the cycles of tech procurement and planning are increasingly compressed. In enterprise IT, the two largest forces at play are business changes and technology changes. These two major forces are somewhat independent; a lot of tech change happened during the last economic downturn, and in fact…
Read More
It’s always an indicator of confusion when instead of hearing “I want Q” I’m asked “what is Q?”. In this case the ‘Q’ is Zero Trust. I’ll try and give my best take on what I understand Zero Trust to be. History Repeats Let’s start with the background. Quite a while back the Jericho Forum…
Read More
Real enterprises are messy places. One messy reality is that enterprises don’t manage all their endpoints. A smart colleague turned me onto using the % of endpoints and servers managed as a prime security metric. On one end of the spectrum are places like universities that maybe manage 10% of the endpoints on their network….
Read More
In Jon Clay’s post, he does a great job of explaining the evolution from EDR to XDR. In short, he explained that Endpoint Detection and Response (EDR) is great, but that having sources of information beyond endpoint is better. The ‘X’ in XDR is essentially ‘many’ or whatever we can add to provide a broader,…
Read More
Malice Vs Greed Most discussion about security in the supply chain has been focused on detecting tampering, or preventing backdoors or sneaky things being inserted into components and software. There’s another aspect emerging and will dwarf the tampering: devices that are counterfeited for profit indirectly causing security problems. Counterfeit devices are ones that either by…
Read More
User Reviews + Test Results Peer reviews are an important part of product selection. Everything I buy on Amazon and most other things I buy I check for reviews first. That’s the “do I like it” or the test-drive part of the selection. But the “how well does it work” part is lab testing. I’m…
Read More
What Makes For Really Good Security Predictions Each year Trend Micro releases its annual Security Predictions Report. Good security predictions are very difficult to develop, and companies and consumers need to be selective about the security advice they take. What makes a good security prediction? Four key aspects: 1. It is the prime directive that…
Read More
