Tag Archives: defense in depth

The endpoint security paradox

One thing that troubles me when speaking to clients, from SMBs to truly global enterprises, is a number of times I see technology driving security strategies and not the business requirements. So many organizations work in silos and not co-ordinating their IT security strategy. It is important to understand WHY you are embarking on a particular security project and how this fits with the wider strategic goals of your company. This, of course, takes longer to start with but significantly shortens deployment life cycles and wasted effort.

Continue Reading


Taking stock of National Cyber Security Awareness Month

The past month has been national cyber security awareness month in the US, this was designated by President Obama to engage and educate the public and private sector in cyber threats and online safety. Although the message of cyber awareness month is a positive one it has been somewhat overshadowed with media coverage dominated by cyber-attacks and data breaches.

Continue Reading


A coffee with Graham Cluley

Organizations, security professionals and vendors are in a constant battle to keep up with an evolving environment of advanced threats and malware strains. It seems as soon as we catch up with the cyber criminals, they shift up a gear. At the recent Gartner Security and Risk Management Summit in London, Avecto grabbed a coffee with the renowned security blogger and independent analyst, Graham Cluley, to take a pulse check of enterprise security.

Continue Reading


Fear and Loathing in Las Vegas – Advanced attacks and the InfoSec dream

During August members of the InfoSec community leave the comfort of their ergonomic desks and head out into the Nevada desert on a spiritual pilgrimage to Las Vegas. This mass movement is no coincidence, the draw is clear with Black Hat, DEF CON, BSides Vegas and the Star Trek Convention all occurring within a week. If you have an interest in offensive security, protecting data or ensuring your car cannot be remotely hijacked, Las Vegas is the place to be in August.

Continue Reading


File less fears

Last week I was talking to a customer about whitelisting policies. Having rolled out least privilege, application control and sandboxing to their estate they had gone from hundreds of security incidents per week to virtually none. This has caused the security team to become more proactive by shifting from constant firefighting and reacting to incidents to thinking strategically and planning ahead.

Continue Reading