most security solutions are like traditional painkillers, we certainly feel better after talking them, but the root cause of pain remains intact and unresolved! as long as we do not address root cause of security incidents and vulnerabilities, we will be feeling better from short-term pain relief of “Security Solutions” and then suffering again soon… Continue reading Security solution which acts like traditional painkiller
Category: Security Management
utilizing dark web as defense
I was shocked when I heard from a “security professional” that using dark web as means understanding cyber threats has been Just Recently been discovered by them as an effective defense mechanism! no kidding! then why we are surprised we get hacked by the most trivial TTP out there? this is very disappointing that “security… Continue reading utilizing dark web as defense
endpoint protection won’t work!
any solution 100% focused on endpoint protection would not actually protect you from cyber threats. best case scenario, you will discover IoC (not even necessary IoA) after the fact, after a system has actually been compromised. the easiest way to confirm this is what is happening everyday in companies with sophisticated but pure endpoint detection… Continue reading endpoint protection won’t work!
you won’t get there without knowing the truth!
one of the main reasons Security community has hard time securing “stuff”, is lack of understanding of Hackers community. without knowing motives, the motivations behind breaking into computer systems, and deep knowledge of hacking and cracking techniques, securing a system is pointless. results are telling us every single day that we are not doing the… Continue reading you won’t get there without knowing the truth!
zero-trust: reselling old under a different name
the market has been acting as a reseller since late 90’s. we simply resell an old solution under a different shiny name again and again. one of the best examples is zero trust. with all noises around this concept, poor desperate companies waiting to resolve their security issues, or perhaps thirsty budgets waiting to find… Continue reading zero-trust: reselling old under a different name
Does AI help us in security operations?
it does but only if it is originated from a intelligent programmer. AI is as smart as the people who did its modeling. an artificial intelligence cannot be more intelligent than its origination. presuming AI will be helping us securing cyberspace is like presuming we will have a accurate Accounting system or flawless GL just… Continue reading Does AI help us in security operations?
Compliance ≉ Security
there are hundreds of security frameworks out there, all somehow accredited and accepted by industry, all good, but compliance with any, or even all of them does not mean anything to state of security, does not affect the state of security and it is not a metric for security. being compliant is different than being… Continue reading Compliance ≉ Security
is security really a journey?
you have probably heard or even sick of it: security is a journey…it never ends…security is not a destination…yada yada is security really a journey, or let’s say, does it have to be an endless journey where we actually do not enjoy or even hate to have such a journey? security as a journey yes… Continue reading is security really a journey?
is Dark Web really dark?
it has been relatively a long time since threat intelligence sources started to integrate what they call as “dark web” into their system of data/intelligence gathering, prioritization and delivery as a service to threat hunters. nothing really wrong with that, it is actually a reasonable and even crucial part of any threat hunting system, but… Continue reading is Dark Web really dark?
what is information security management?
information security management is almost similar to every other thing that is Subject to Management, or requires management, and I am not going to explain why we need a management function in a system to make sure system is running and functioning as expected, at least not in this article. by similarity, I mean there… Continue reading what is information security management?