SECURETARGET

Author: Kaveh Mofidi

  • endpoint protection won’t work!

    any solution 100% focused on endpoint protection would not actually protect you from cyber threats. best case scenario, you will discover IoC (not even necessary IoA) after the fact, after a system has actually been compromised. the easiest way to confirm this is what is happening everyday in companies with sophisticated but pure endpoint detection…

  • cybersecurity and culture

    different cultures have different perception and reaction to cybersecurity matters because cyberspace is as diverse as real life and it consists of and affected by all cultures involved. cultures are not significantly different in terms of understanding and identification of behaviors of their members. for example being lazy may have slightly same definition in multiple…

  • you won’t get there without knowing the truth!

    one of the main reasons Security community has hard time securing “stuff”, is lack of understanding of Hackers community. without knowing motives, the motivations behind breaking into computer systems, and deep knowledge of hacking and cracking techniques, securing a system is pointless. results are telling us every single day that we are not doing the…

  • zero-trust: reselling old under a different name

    the market has been acting as a reseller since late 90’s. we simply resell an old solution under a different shiny name again and again. one of the best examples is zero trust. with all noises around this concept, poor desperate companies waiting to resolve their security issues, or perhaps thirsty budgets waiting to find…

  • Virtual NATO

    It is very late for international community to act on fighting against Ransomware and Cyber-crime in general but still anything better than nothing. EU and US coordination on fighting ransomware reminds me of NATO foundation back in 1949. perhaps countries could have considered cyber crime a “global issue” sooner and act faster against organized international…

  • Does AI help us in security operations?

    it does but only if it is originated from a intelligent programmer. AI is as smart as the people who did its modeling. an artificial intelligence cannot be more intelligent than its origination. presuming AI will be helping us securing cyberspace is like presuming we will have a accurate Accounting system or flawless GL just…

  • Relying on SAST/DAST

    Relying on DAST/SAST is like investing in a restaurant where chef needs to be reminded of how to safely handle knife. no surprise that software developers have been dragging computer end-users to current situation when software products are no longer reliable, or they are packed with vulnerabilities. I have mentioned before that I believe the…

  • Compliance ≉ Security

    there are hundreds of security frameworks out there, all somehow accredited and accepted by industry, all good, but compliance with any, or even all of them does not mean anything to state of security, does not affect the state of security and it is not a metric for security. being compliant is different than being…

  • is security really a journey?

    you have probably heard or even sick of it: security is a journey…it never ends…security is not a destination…yada yada is security really a journey, or let’s say, does it have to be an endless journey where we actually do not enjoy or even hate to have such a journey? security as a journey yes…

  • *DR

    security community has been certainly obsessed with creating a new acronym every day instead of focusing on techniques and enhancing what is already there. basically we do not even try to enhance any thing, we just need to understand definitions and satisfy what has already been stated. XDR is one of those things now particularly…