SECURETARGET

Category: Security Fundamentals

  • Is Whitelisting a Good Security Practice?

    Whitelisting has been for sure a relatively standard and sometimes as a hardening security measure but it depends how we implement and maintain it and where it is initially enforced.  Whitelisting could be against you if setup at the wrong spot or with inadequate supportive elements. I highly recommend whitelisting behavior rather than whitelisting elements…

  • Why Common Vulnerability Scanning Practice is Useless?

    I hope you will find this so obvious but unfortunately security community is highly relied on vulnerability scanning in a way which makes it totally useless or even harmful!  Vulnerability assessment is evaluating of a System against known and potential security flaws. A System is simply a collection of processes, workflows, people, nodes, software…but traditional…

  • Monitoring: The Forgotten Discipline

    Monitoring: The Forgotten Discipline

    The Myth of “Proactive” Every company claims to be proactive. They buy dashboards, automate alerts, and call it visibility. But visibility without interpretation is just noise. And noise is the enemy of monitoring. These days, the market is full of tools that promise prediction. None deliver it. They only record symptoms faster. What You Actually…

  • No Silver Bullet in Computer Security

    No Silver Bullet in Computer Security

    There is no silver bullet in any aspect of information security. All the answers like EDR, MFA, SIEM… might get you in a better or worse security posture, it all depends to how you implement and manage but none of them are silver bullet in their area (malware protection, authentication, monitoring…). It is all about…

  • One Strategy to Win the Cyber-security Battle: Change the Focus!

    Sales pitch force us to worry about things that are not so important; Change your mindset to win the battle!   “Battle” would not be the right term if we didn’t have a market full of competition to sell cybersecurity products rather than focusing on the right and real way of defense. In other words, focusing…

  • Why We Are Not Able To Secure

    Why We Are Not Able To Secure

    The Open House Problem Why are we not able to secure? Because we open everything…and then ask people to be careful. It is like opening all the doors of a house and telling everyone inside: be alert. We call this awareness. Awareness of what? Of a problem we created by design? “You don’t warn people…

  • Complexity: The Hidden Monster behind Insecurity

    No doubt that companies struggle with information security these days. Today they spend hundreds of thousand dollars, some millions, tomorrow they realize they have done nothing! Security folks do not have peaceful night sleep, because they know what they have done during the day could easy be compromised! Regardless of why we are spending money…