Building a vulnerability management (VM) program from the ground up is no small feat. It requires technical expertise, organizational buy-in, and a clear roadmap. In recent months, I’ve been working with a client who had to discard their legacy approach and start afresh. We came to realize just how many components have to come together to get a decent start on a VM project while also showing value along the way. I am confident that sharing this experience can help others succeed in building a vulnerability management program. The ”Why” question It may seem odd to define VM for those in the...
Author: Chris Hudson
File Integrity Monitoring ( FIM) is a key intelligence and audit tool in an advanced security portfolio. While it is a logical component to integrate into your Security Orchestration, Automation, and Response ( SOAR) tooling, it’s important to consider your approach to ensure you can gain the most benefits from it. Classify First The sensible starting place for your integration is to consider your FIM strategy. Working with clients to integrate FIM data sets for SOAR use cases, I’ll typically focus on ensuring FIM data is well classified: Categorize – Your FIM tool is likely already...
I worry that a lot of my blog posts reveal that I’m getting older and older as the days go by, but I wanted to talk about teasmades and security automation. For those of you outside of the UK, and even those born in the UK within the past 30 years, there’s a distinct possibility you may read this and consider it to be a made-up word, but there is indeed such a thing as a teasmade – effectively a small machine for making tea that has a timer on it. You might yet be puzzled about why I’m bringing it up in the context of security, but stick with me whilst I explain. The parallels As hard as it...
The successful implementation of new tools and processes hinges not just on the technology itself but on meticulous project management. From ensuring secure access to the underlying infrastructure, a new tool will be implemented upon defining clear goals and understanding the security footprint of the service. Even the earliest steps of your rollout can be important in the long run. Getting all the parts right from the onset helps to ensure that you can reap the benefits of a successful deployment far faster and easier than those who might stumble at the initial stages. Defining Clear Goals...
I’ll start this one with an apology – I’ve been watching a lot of the TV show The Bear (which I’d highly recommend!) and thus been thinking a lot about kitchen processes and the challenges of making everything come together nicely (both in life and in a recipe). If you are unfamiliar with the show, it is a comedy-drama about a chef who manages his deceased brother’s sandwich shop. When I see different chefs interacting in a busy environment I can’t help but think of the same activities happening in the data center and IT offices that I’ve visited. But whilst the best businesses in the world...
The shifting sands of IT make the adage "you never know it all" ever more true as time goes by. I recall days when it felt like you could click through every major directory of Yahoo and know a little something about everything. I was a young man with a voracious reading appetite and an active imagination – both of which were thoroughly outpaced by the growth of the internet and my own developing maturity. Yet, knowing enough can be a formidable shield against the myriad threats lurking in the digital realm. Understanding your IT environment, from the administrators and software versions to...
In the vast and ever-evolving universe of information technology, there's one constant: change (that and cliches about constants!). Servers, systems, and software – they all get updated and modified. But, have you ever stopped to consider how even tiny differences between these digital entities can sometimes lead to unexpected challenges? In the world of Tripwire, we like to call this phenomenon "Change Variance," and in this blog post, we'll dive into this world of changes, exploring their potential impact on service availability and the sneaky risks they can pose due to out-of-date software...
In the world of cybersecurity, insider threats remain a potent and often underestimated danger. These threats can emanate not only from malicious actors within an organization but also from well-intentioned employees who inadvertently compromise security with a mis-click or other unwitting action. Having spent many years in system administrator-type roles, I'm actually surprised at how easy it remains for significant outages to come about, and the worst ones aren't always the ones that cause huge blinking red lights initially but, in fact, are lingering silently in the background just waiting...
We have come a long way in the cybersecurity sector in a relatively short period of time, but there remain many challenges in day-to-day operations that create security gaps in many organizations. One of the most common is tied to how we build our solutions, making sure they are secure out-of-the-box instead of only being evaluated during a pen test or annual review, and finding out then that there is much more that needs to be done to achieve data security. Starting out with the blueprints If we were to liken our IT security processes to traditional workplace health and safety operations...
Cybersecurity professionals seem to always be in the mode of learning. For me, this involves a lot of online training. With all that's available, it is easy to become immersed in a topic. Every so often, during a course, I'll look back to my early experiences in learning and consider how different things are. Yet many things seem to also remain the same. Learning, and the desire for knowledge in general, is something that, once instilled in you, can drive you forward across your entire lifetime. Have you ever found yourself taking the time to consider not just your current educational...