My guest this week is Reggie Wilkerson, Director of Enterprise Data Management at the State Department Federal Credit Union. Reggie’s one of the few guys that is really dominating data.
While running my CIO Innovation Insider series recently, I noticed that a lot of conversations have been around data analytics, business intelligence, data warehousing, and data visualization. Continue reading →
My guest this week is Jeff Williams, co-founder and Chief Technology Officer at Contrast Security.
The reason that I wanted Jeff on the program is that his technology was massively interesting to me, given that application attacks are the single biggest vector for security breaches. In 2017 There will be 111 billion new lines of code produced resulting in endless complexity.
His product was an Innovation Sandbox Finalist at RSA this year. So I wanted to understand more.
I have tried to integrate application level firewalls and experienced working through real & hard human challenges of coders and network security people trying to defend and deploy at the same time I wanted to understand his technology better AND because iterative application development is going to be even more important for companies for their security to move at the pace of the business innovation and applications development and testing becoming more and more iterative and agile. So how do we do this? Continue reading →
What is the best next generation Firewall product? This is a big question.
It is mostly based on numbers of users. When you have many users on the same Firewall, UTM Firewalls are the best option. They are now integrated with built-in IPS . UTM firewalls, or Next Generation Firewalls (whatever marketing wants to call them), are not port-based and are so fast these days that you can certainly buy the feature set that handles URL inspection, IPS, SSL inspection, etc.
During a recent security assessment RedZone asked the customer a standard question about password management:
“Are your passwords being changed on this outsourced web server?”
With Heartbleed,WordPress, and SSL vulnerabilities, an assessor must ask this question. The customer was insistent that the passwords are being changed frequently. That same day the customer received notification from the FBI that their site was hacked, and was being used as spam relay. Vast quantities of data were being hoisted from their site. Why? Because they had not recently changed their passwords. They had made the process of guessing the password easy. The attacker literally had to do nothing except guess a password.