Tuesday, December 06, 2011

Mandiant Webinar Wednesday; Help Us Break a Record!

I'm back for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last Mandiant Webinar of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 year, titled State of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Hack: It's The End of The Year As We Know It - 2011. And you know what? We feel fine! That's right, join Kris Harms and me Wednesday at 2 pm eastern as we discuss our reactions to noteworthy security stories from 2011.

Register now and help Kris and me beat cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attendee count from last month's record-setting Webinar.

If you have questions about and during cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Webinar, you can always send cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m via Twitter to @mandiant and use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hashtag m_soh.

Tripwire Names Bejtlich #1 of "Top 25 Influencers in Security"

I've been listed in ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r "top whatever" security lists a few times in my career, but appearing in Tripwire's Top 25 Influencers in Security You Should Be Following today is pretty cool! Tripwire is one of those technologies and companies that everyone should know. It's almost like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "Xerox" of security because so many people equate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 idea of change monitoring with Tripwire. So, I was happy to see my twitter.com/taosecurity feed and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 taosecurity.blogspot.com blog make cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir cut.

David Spark asked for my "security tip for 2012," which I listed as:

Improve your incident detection and response program by answering two critical questions:

1. How many systems have been compromised in any given time period; and

2. How much time elapsed between incident identification and containment for each system?

Use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 answers to improve and guide your overall security program.


Those of you on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 securitymetrics mailing list, and a few ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r places, have heard me speaking about this topic. I'll probably blog about it in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future, but suffice it to say that those are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 key issues you should address in 2012 in my opinion.

Monday, December 05, 2011

Become a Hunter

Earlier this year SearchSecurity and TechTarget published a July-August 2011 issue (.pdf) with a focus on targeted threats. Prior to joining Mandiant as CSO I wrote an article for that issue called "Become a Hunter":

IT’S NATURAL FOR members of a technology-centric industry to see technology as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 solution to security problems. In a field dominated by engineers, one can often perceive engineering methods as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 answer to threats that try to steal, manipulate, or degrade information resources. Unfortunately, threats do not behave like forces of nature. No equation can govern a threat’s behavior, and threats routinely innovate in order to evade and disrupt defensive measures.

Security and IT managers are slowly realizing that technology-centric defense is too easily defeated by threats of all types. Some modern defensive tools and techniques are effective against a subset of threats, but security pros in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 trenches consider
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 “self-defending network” concept to be marketing at best and counter-productive at worst. If technology and engineering aren’t cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 answer to security’s woes, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n what is?


Download and read my article starting on page 19 for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 answer! July-August 2011 issue (.pdf)