Tips for auditing your AWS security policies, the right way
My colleagues and I have previously blogged quite a bit about best practices for setting up and managing security in your AWS estate. Now its time to talk about auditing this environment. Because its...
View ArticleBusiness Driven Security Management: Putting Theory into Practice
Modern business is all about agility: organizations operating under competitive conditions must act and move fast to remain profitable. And that also applies to the applications that drive the...
View ArticleWhy and how to align vulnerabilities with business risk for PCI-DSS compliance
It is well known that any organization that handles payment card data, must comply with the PCI DSS regulatory framework. This standard comprises 12 main requirements which cover areas including...
View ArticleThe five stages of security policy management
Many organizations believe that Security stands in the way of the business – particularly when it comes to changing or provisioning connectivity for applications. It can take weeks, or even months to...
View ArticleThe Top 10 AlgoSec Blog Posts From 2017
As we kick off the new year, I’ve taken a moment to take stock of our blog posts from the past year. There was certainly no shortage of talking points in cybersecurity last year, and we touched on a...
View ArticleAre you wasting time in network security?
Maintaining and managing IT security is critical for any organization, but how much of this time is well spent, and how much time is lost as a result of inefficient processes? According to recent...
View ArticleNetwork Computing on AlgoSec: “takes the pain out of network security and...
We’re delighted to receive another outstanding review of AlgoSec, this time in the leading UK IT title, Network Computing. In the review, the tester asserted that “AlgoSec’s Security Management...
View Article“Invaluable to our information security department” – what real users think...
In today’s threat landscape, finding the right solutions to improve your organization’s security posture is more important than ever before. So how should you evaluate those solutions and cut through...
View ArticleWe want to meet you at RSA …so what’s in it for you?
If you’re going to RSA in San Francisco next week I would love to meet you there! Here’s a quick rundown of what’s happening at our booth #1127. The fun stuff: You’ll get to play a fun game, and can...
View ArticleGetting it right in the cloud: The AWS bucket list for security
With organizations having a seemingly insatiable appetite for the agility, scalability and flexibility offered by the cloud, it’s little surprise that one of the market’s largest providers, Amazon’s...
View ArticleFive next-gen security tools to consider for your cloud-ready infrastructure
The modern data center has truly evolved. We’re now seeing the emergence of a truly interconnected cloud platform spanning numerous heterogeneous platforms. Throughout all of this – security continues...
View ArticleLet’s Put Down Insecure Protocols For Good
Okay, we all have them… they’re everyone’s dirty little network security secrets that we try not to talk about. They’re the protocols that we don’t mention in a security audit or to other people in the...
View ArticleKeep Calm and Be Prepared: Know Your CSIRT
Picture this: A phone call wakes you, the CTO, at 6am on a Saturday morning. It’s a reporter from a large newspaper asking about your data breach. You have no idea what the reporter is talking about...
View ArticleThree Tips for Creating an Effective Security Change and Process Control...
We’re at the stage where modern enterprises now directly rely on their data center to run their businesses. And security – protecting what’s actually living in the data center – is one of the most...
View ArticleAvoid The Traps: What You Need To Know About PCI’s Requirement 1
So you’re going through a PCI assessment for the first time and you start reading through the requirements mandated by your Qualified Security Assessor (QSA) and the PCI Council auditor. Naturally you...
View ArticleAre You Positive Your PoS is Secure?
As we have recently seen in the news, Point-of-Sale (PoS) systems become a prime target for hackers. While debit and credit card transactions have increase exponentially every year, security of PoS...
View ArticleAvoid the Traps: What You Need to Know about PCI Requirement 1 (Part 2)
We’ve now reached part two of our three part series on PCI Requirement 1. In our previous blog post we reviewed the 1.1 sub-requirement which covers firewall and router configurations. In this post...
View ArticleAvoid the Traps: What You Need to Know About PCI Requirement 1 (Part 3)
So we’ve made it to the last part of our blog series on PCI 3.0 Requirement 1. The first two posts covered Requirement 1.1 (appropriate firewall and router configurations) and 1.2 (restrict connections...
View ArticleDont Know How to Stay on Top of Corporate Security Policy Compliance? Start...
For many IT security professionals, compliance goes way beyond meeting regulatory standards. Increasingly, many companies, particularly those in the financial sector, have taken a harder stance and...
View ArticleSelecting the Right IaaS Platform: 8 Tips to Help Ensure You’re Secure
With its flexibility and cost savings cloud computing is now here, and whether you know it or not, you’re most likely using it one way or another. At least some of your data, whether personal or...
View ArticleAre You Guilty of the Seven Deadly Sins of Security Policy Change Management?
Managing ever-growing network security policies is not getting any easier. We are facing more threats, greater complexity and increased demand for both security and application connectivity. However,...
View ArticleMitigating Gartner’s Network Security Worst Practices
Welcome to our special blog series: Mitigating Gartner’s Network Security Worst Practices. Over the course of more than 3,000 client interactions in the past year, Gartner has observed several common...
View ArticleFirewalls, Breaches and the 2015 Verizon PCI DSS Report: What You Need to Know
According to the recently released Verizon 2015 PCI Compliance Report “27% of organizations that suffered a data breach in 2014 were compliant with Requirement 1 [of the PCI DSS standards] at the time...
View ArticleWhat’s in a Plan? Tips from a Security Expert on How to Develop an Effective...
Recently I had the opportunity to sit down with Matt Pascucci, one of our most popular and prolific guest bloggers. When he’s not blogging for AlgoSec, Matt works as an information security engineer...
View ArticleTop PCI Audit Pitfalls and How to Avoid Them: The QSA’s Perspective
Ever wish you could get inside your QSA’s head before your next PCI audit? Join QSA Adam Gaydosh of Anitian, and Nimmy Reichenberg, VP of Strategy at AlgoSec to get the inside scoop on what QSAs are...
View ArticleEver Wish You Could Get Inside your QSA’s Head Before Your Next PCI Audit?
A few weeks ago, Adam Gaydosh, a certified QSA with Anitian, and Nimmy Reichenberg, our VP of Strategy here at AlgoSec presented an educational webinar on the top PCI audits pitfalls, and how to avoid...
View ArticleSurvival Tips For The Security Skills Shortage
Your organization’s greatest security resources are people. They see the trouble spots and can intelligently investigate incidents and raise red flags (often at a higher level than the green-yellow-red...
View ArticleWho’s Connecting to Your Network?
In today’s global market place your organization needs network connectivity with external entities – suppliers, credit card processing companies, business partners, data feeds etc. But are you really...
View ArticleTips for Managing Your External Network Connections
Last week our CTO, Professor Avishai Wool, presented a technical webinar on the do’s and don’ts for managing external connectivity to and from your network. We kicked off our webinar by polling the...
View ArticleStill Using SSL? You’re No Longer Compliant with PCI
It’s well-known that the SSL (Secure Sockets Layer) protocol, the security technology that establishes an encrypted link between a web server and a browser, is the source of many recent...
View ArticleNational Cyber Security Awareness Month: Our Best Practices & Tips to Keep...
The Department of Homeland security has designated October as the National Cyber Security Awareness month. In its honor, here are our top 10 most popular blog posts from the past year (based on...
View Article5 Top Firewall-Related Compliance Gaffes
Compliance – it’s that dirty word that any free-thinking IT professional hates to hear. But like it or not, compliance is a reality of doing business today. One of the biggest problems that I see...
View ArticleStay on Top of Your Security Game: Why Network Vulnerabilities Matter
Over the past couple of months both Cisco and Juniper have had major vulnerabilities in their operating systems that allowed for remote execution of code, access to networking and the ability to...
View ArticleDon’t Sidestep Security When Decommissioning Your Applications
We’ve all done it before, removed a system from our network without thinking twice about what changes need to be made to the firewall. As long as the replacement is up and working without any issues...
View ArticleReaching PCI Nirvana: How to Ensure a Successful Audit and Maintain...
PCI-DSS audits are typically a point-in-time “fire drill”, yet the PCI-DSS standards body expects a continuous state of compliance. Unfortunately poor change management processes are often the Achilles...
View ArticleAnnouncing Our New Website: Take a Tour and Enjoy the New Experience!
We’re proud to announce the launch of our new website! Our aim is to provide you with new and insightful content to help you make your enterprises more agile, more secure and more compliant. The...
View ArticleSecurity is from Mars, Application Delivery is from Venus
Men Are from Mars, Women Are from Venus by John Gray was one of the best-selling nonfiction books of the 1990s. It asserts that men and women essentially come from different ‘planets’, and need to seek...
View ArticlePCI DSS 3.2: Why removing SSL or updating the TLS just isn’t enough
In the past two years there has been a spate of cyberattacks targeting older versions of security technology that establishes encrypted links between web servers and browsers – HTTPS – specifically on...
View ArticleBlurred lines: who’s responsible for security in NSX?
Last week I blogged about understanding the security implications when migrating Greenfield and Brownfield applications to VMware NSX. Today, we’re examining the next steps after you’ve successfully...
View ArticleNew Professor Wool whiteboard video course on Network Security for VMware NSX
In advance of VMworld next week Professor Wool has created a new whiteboard-style course on Network Security for VMware NSX. Each lesson focuses on a specific challenge of and provides technical tips...
View ArticleCybersecurity brain drain: the silent killer
Many organizations are facing a cyber threat which is quietly and stealthily eroding their defenses. What’s worse, this threat cannot be detected by any enterprise security products, yet it presents...
View ArticleIs time running out for the devices on your network?
Nearly three quarters of businesses have end-of-support devices on their networks, according to new research. These statistics don’t surprise us. It’s a common phenomenon among our customers. But...
View ArticleHow to align security with your business processes – a technical perspective
In this era of digital transformation, globalization, and relentless cyber-attacks, security can no longer remain a technology issue that simply focuses on defending networks and data. It must become a...
View ArticleLearn how to accelerate data center application deployments with Cisco ACI...
Managing policies across physical and virtual networks and multivendor security devices requires a delicate balance between ensuring security, reducing risk and provisioning connectivity for critical...
View ArticleA day in the life of a CISO
So what does an average working day look like for the CISO of a mid-size or large enterprise? I recently spoke at length with the former CISO of an organization with 15,000 staff, and around $1bn...
View ArticleDon’t WannaCry anymore? Tips to prevent, contain and clean up the tears
Without doubt one of the biggest news stories of the past week is the WannaCry ransomware attack, that has infected hundreds of thousands of Windows-based computers in 150 countries. The unprecedented...
View ArticleNew webinar: Security policy management for financial institutions
Financial institutions are constantly seeking to better serve their customers and maintain a competitive edge through new technology innovations and digital transformation initiatives, yet they often...
View ArticleNew webinar: Security Change Management – Agility vs. Control
Today’s fast paced business application deployments and changes require IT, networking and security to be more agile than ever before. Yet this agility often comes at the expense of security, control...
View ArticleNew webinar: Security a Revenue Center – How Security Can Drive Your Business
Traditionally Security was viewed as necessary cost center or an insurance policy you hoped you’d never have to cash in. Yet by automating security policy management you can actually save your...
View Article4 Network-Policy Configuration Errors that Must Not Happen
We recently blogged about some of the steps security teams can take to tidy up their firewall rules: removing duplicates, tightening overly permissive rules and removing redundant rules. Why not let a...
View Article
More Pages to Explore .....