Do Managed Security Services Elevate Overall Security Posture?

Does a managed security service enhance overall security posture? Usually No!  Managed security services are highly built on customer expectation instead of precise protocols to build a security barrier for client. There are many factors involved in quality of security services after migration to a managed service but most effective one is “client expectations”, or… Continue reading Do Managed Security Services Elevate Overall Security Posture?

Does Cloud Guarantees Security?

There is a wrong perception of Cloud security among consumers of the Cloud solutions and platforms. Actually, classic Clouds are more insecure than traditional computing even though it is set on stone for most people even many “IT professionals” that Cloud computing is natively more secure, or by default it is at least more secure… Continue reading Does Cloud Guarantees Security?

Why Folks Are Not Able to Secure Their Network?

The question simply is: Why we do not feel insecure even spending a lot, giant teams of professional and bunch of fancy tools?  And the answer simply is: Wrong Direction!  As long as one’s going wrong direction, we certainly cannot even imagine being able to reach the destination. How it is possible to reach the… Continue reading Why Folks Are Not Able to Secure Their Network?

Is Whitelisting a Good Security Practice?

Whitelisting has been for sure a relatively standard and sometimes as a hardening security measure but it depends how we implement and maintain it and where it is initially enforced.  Whitelisting could be against you if setup at the wrong spot or with inadequate supportive elements. I highly recommend whitelisting behavior rather than whitelisting elements… Continue reading Is Whitelisting a Good Security Practice?

Why Common Vulnerability Scanning Practice is Useless?

I hope you will find this so obvious but unfortunately security community is highly relied on vulnerability scanning in a way which makes it totally useless or even harmful!  Vulnerability assessment is evaluating of a System against known and potential security flaws. A System is simply a collection of processes, workflows, people, nodes, software…but traditional… Continue reading Why Common Vulnerability Scanning Practice is Useless?

Penetration Testing vs. Secure Code Review

What is the best way to make sure a software product is secure?  The easiest way is to roll out to the market and see what is going to happen and hope everything does well…no kidding, that is what most software developers do!  Let’s forget about what majority of software community do and see what… Continue reading Penetration Testing vs. Secure Code Review

Does Internet Act As A Valid Source Of Information?

Internet was built with the initial goal of providing the most validated data to the corresponding party. Today we are so far away from that mindset but still, how much we can rely on the data provided via the Net? The answer is simply depends on the source of data. People usually believe what they… Continue reading Does Internet Act As A Valid Source Of Information?

No Silver Bullet in Computer Security

No Silver Bullet in Computer Security

There is no silver bullet in any aspect of information security. All the answers like EDR, MFA, SIEM… might get you in a better or worse security posture, it all depends to how you implement and manage but none of them are silver bullet in their area (malware protection, authentication, monitoring…). It is all about… Continue reading No Silver Bullet in Computer Security

Accurate Vendor Risk Assessment

How to have an accurate vendor risk assessment

How to have an accurate vendor risk assessment?  Assessing your vendors, suppliers, business associates…or any other term you give to who is providing services to your firm is crucial and even might be required from a regulatory stand point (i.e. like in HIPAA). I do not want to get into detail of what would be… Continue reading Accurate Vendor Risk Assessment