The Biden Administration’s Cyber Executive Order includes a Software Bill of Materials (SBOM), an electronically readable format designed to provide an inventory of third-party components that make up software components. It is a critical and necessary first measure for protecting the software supply chain, but is it enough?One of the biggest challenges to supply chain transparency […]
The MITRE ATT&CK Framework is widely recognized as instrumental in providing a common language and framework for describing attack techniques and effectively sharing information across organizations. However, we’re just starting to see the potential benefits this matrix can provide when integrated directly into security tools. Uptycs recently announced a major release of its product that […]
The Solarwinds Orion SUNBURST attack has been in the news for weeks. We’re starting to get great details into the actual attack, especially after FireEye released the initial set of indicators of compromise. But the question I want answered is why didn’t anyone discover this attack before the breach. What defenses are we missing to […]
Last fall we discussed what security data do I really need to collect and analyze. We know we don’t need it all, but this was only the sensor part of the discussion. Now that we have that data identified and those sensors in place, what brain do I need to collect and analyze it? There […]
Paul and I have talked a lot about his enchanted quadrants on the podcasts, but for those who haven’t watched, here’s a quick summary… An effective security program requires the integration of four key data sources: Logs (firewall, network, application, etc.) Endpoint (files, processes, logs, etc.) Network (flow and packets) Threat Intelligence Most organizations build […]
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.