Not a conference conference

This week many people are at RSAC for the week gaining knowledge and a ton of vendor swag.

Believe me when I say I am not bitter about not being there. But watching from the sidelines got me thinking...    What if we took all the time and resources we spend on conferences and put them into security improvements? 

What would that look like? Well, surely you've been to working meetings where everyone brings their gear and talents and you collaborate on tasks. Sometimes this doesn't happen until a "crash team" is needed. Other times it more proactive. 

Food for thought.

InfoSec to Remote or Not? That is the question.

Lately, I've been hearing of more and more companies "reigning-in" their Cyber Security professionals. At first impression this may seem like a no-brainer. But may be more backlash against the casual and laze faire behavior of a small group of abusive remote workers than anything. This begs several questions:

1. Is it more efficient?

2. Are workers (especially of certain generations) more satisfied?

3. Does it provide companies access to better talent?

4. Do on-prem workers have the same access as remote SysAdmins in this de-perimeterized enterprise landscape?

5. Do today's modern collaboration tools enable all job functions of on-prem workers?

"Clients in this area don't grok telework.  They think it's evil." - Mark McCulough

Moving from RansomWare to LeakWare

One of the trends I have observed on the Cyber Security threat landscape is the movement from "Ransonware" like CyrptoLocker, TeslaCrypt and CryptoWall to a new category of malware I am calling "LeakWare." This is a distinct category of malware that needs its own category, defenses and and special attention.

Simply defined, we can expect LeakWare will hold a user or company's data for ransom (maybe, probably) and if the ransom is not paid the data will then be leaked to the world via sites like pastebin, wikileaks, and others. The aim here is to up the ante beyond merely data loss to data exposure. Imagine the Sony-like impact of this potentially life/business-ending exposure. This will merit new and special attention to defense and prevention further driving the market for new and innovative technologies to guard against this and previously-seen  similar threats.

O365 for the InfoSec win!

O365 appears to be a huge improvement in Cyber Security over on-prem on a few points:

• Better vendor visibility of threat surface -  Microsoft’s more than 300 person security staff has improved visibility to the threats posed to users of office products. They are able to see trending threats and react faster with fixes, patches and bulletins to customers.
• Higher patch compliance rates. Microsoft can patch O365 in the cloud all-at-once. In fact they re-build from "gold image" each time they implement a fix! This improves the overall security posture of the Office threat surface since the wait times are lower thus lowering zero-day exposure.
• Greater vendor support - Microsoft is able to provide significantly greater support in a managed service such as O365.
• O365 uses a no-trust model not offered in on-prem Office that improves security greatly.
• Encryption in the cloud further secures data.

This is not to say there are not security drawbacks to O365 (I am sure there are) but these are some of the major improvements I am aware of based on independent cyber research and the MS CISO’s keynotes from the MID-TN ISSA conference in September 2014.