• Rudra: Framework for automated inspection of network capture files

    In this podcast recorded at Black Hat USA 2015, Ankur Tyagi, Malware Research Engineer at Qualys, talks about Rudra, a framework for automated inspection of network capture files. It extends upon another tool called flow inspect and adds subsequent file-format aware analytics to its feature set.

  • Best practices for ensuring compliance in the age of cloud computing

    When was the last time you heard someone utter the sentence, “I’m looking forward to the audit next week.” Most likely, never. Since its invention, the word “audit” has struck … well, if not terror, then certainly groans in the individuals responsible for ensuring the resources being audited are compliant with appropriate regulations. The fact is that compliance is still largely a manual set of processes, even though the regulatory landscape is continually more complex. Finding and hiring enough qualified compliance people is difficult and, ultimately, doesn’t scale well.

  • Why collaboration is crucial in the battle for IT security

    Guy Wertheim, the CTO at Comilion, talks about the importance of collaboration and data sharing in the battle for increased security.

  • Should a data breach be the kiss of death for the CEO?

    The fact that CEOs have tendered their resignations in the aftermath of public breaches is a clear indication that the executive level is being held more accountable for the cyber security practices of their organizations. This is a trend that will likely continue, particularly for companies like Ashely Madison whose business it is to protect their customers’ privacy.

  • How data breaches are changing information security

    In this podcast recorded at Black Hat USA 2015, Gautam Aggarwal, Chief Marketing Officer at Bay Dynamics, takes a look at the past year in the security space and the important events that have shaped the industry.

    He discusses APTs, visibility, accountability, the ramifications of high profile data breaches, as well as the way boards are getting involved in information security issues.

  • Who's afraid of shadow IT?

    One of the biggest disruptions in the IT world is the quantity and quality of SaaS tools. From email and storage, to phone systems and infrastructure, it has never been easier to use top of the range products and scale when your business does. As empowering as these tools are, there is a risk to adopting SaaS that might not be immediately apparent.

    Shadow IT is any system or service used inside of a company without explicit approval and deployed using non-IT resources. It was born out of business necessity - the need to be agile and adapt to change. The Shadow IT movement is here, and it isn’t going anywhere any time soon.

  • CPU hardware performance counters for security

    In this podcast recorded at Black Hat USA 2015, Nishad Herath, Principal Anti-Malware Technologist at Qualys, talks about CPU hardware performance counters, which allow us to do low latency performance measuring, without special runtime or compile time software instrumentation. It is said "advanced users often rely on those counters to conduct low-level performance analysis or tuning" according to Wikipedia.

  • The WhatsApp of Wall Street

    On August 21, a pump and dump penny stock scam targeting US users, and spread using WhatsApp, drove the share price of Avra Inc, a digital currency company, by 640% from its opening price of $0.17 to its peak of $1.26. What is unique about this scam is its use of WhatsApp to spread the threat, essentially using mobile applications to resurrect schemes that are dying out on email.

  • Proactive real-time security intelligence: Moving beyond conventional SIEM

    Surprisingly, discussions about security intelligence still focus primarily around conventional reactive Security Incident and Event Management systems (SIEM). However, in today’s highly active and complex landscape security professionals need to move from this reactive model to proactively using this security intelligence to protect their businesses. A proactive model which enables to predict security incidents and events besides preventing and detecting them.

  • Protect against privileged credential attacks with zero trust

    Enterprise networks – and the attacks against them – have evolved. No longer static, they are dynamic entities. And yet, IT organizations continue to use traditional security controls that aim to protect an increasingly irrelevant perimeter. It is no wonder IT organizations are failing to prevent malware infections and data loss. It won’t get any better until we take a different approach to security and adopt a new paradigm: the zero-trust model.

Videos      Podcasts


Best practices for ensuring compliance in the age of cloud computing

Here are the major considerations organizations should incorporate into their compliance programs, as well as pitfalls that can be avoided to ensure businesses stay compliant while using cloud computing.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Sep 3rd