This is a guest article contributed by Chelsea Lamb of businesspop.net on a subject that is extremely timely in 2021. Photo Credit: Pexels.com If you’re an aspiring entrepreneur or have recently started a small business, it’s important to educate yourself about cybersecurity best practices. Cyber attacks on businesses are increasing, according to Insurance Journal; while there is almost daily news of high profile attacks, that is really just the tip of the iceberg. While you might assume that only major corporations are targeted, small businesses are often pinpointed by hackers because they tend to have less effective cyber defenses — and are Read More
Posts by Tom Spitzer
Already the Next Big Thing?
State of the Art in Identifying Sensitive Data
Protecting personal information in your databases is a bigger deal than ever, what with the European General Data Protection Regulation (GDPR) going into effect in May and California passing a new Consumer Privacy Protection Act. Knowing what personal information you have in your systems and where it resides is a precondition to managing it effectively. My friend and colleague Luke Probasco, product manager at Townsend Security has posted a nice listing of security standards with lists of the sensitive data elements that each of them identifies; see What Data Needs to Be Encrypted in MongoDB? If you are interested in Read More
Privilege Escalation and Data Protection
A cyberattack is actually like a disease. The infection starts with an attacker taking advantage of some weakness in the system to penetrate and gain a foothold in an organ; in the case of an attack, the organ is often some computer that’s not being diligently managed. The infection takes control of the machinery of the organ, using it to build up its strength and using it as a base to launch incursions into other parts of the network. The incursions probe for valuable information and other weaknesses they can leverage. One of the main things they look for is Read More
Are Secure Applications Possible?
For the past few years, a number of us in the security space have been talking about (1) the criticality of building secure applications; and (2) the importance of auditing open source components for security flaws. If you have not been following along, applications deployed over the Internet are a leading target, if not the leading target for sophisticated attackers. This Secodis blog entry cites the Verizon 2017 Data Breach Report indicating that 29.5% of breaches where caused by web application attacks, and the Sonatype 2017 State of Software Supply Chain Report, indicating that 80 – 90% of an applications Read More
MongoDB talk – video available
MongoDB has posted my talk on security in MongoDB Community edition. You can see the slides here; the video is on line out there. I have additional presentations that I made last year, and that I have prepared and never presented anywhere! If you interested in data security, for MongoDB or any database for that matter, let’s talk! Read More
References for Data Security talk
This is a list of references I have assembled for the talks on Data Security that I am presenting at XPlor17, Enterprise Data World, and Data Summit this spring: Intel Security – Grand Theft Data CyberCriminals and their APT and AVT Techniques InfoSec Institute: Anatomy of an APT Attack: Step by Step Approach Forrester: Transform Your Security Architecture And Operations For The Zero Trust Ecosystem Forrester: The Future Of Data Security And Privacy: Growth And Competitive Differentiation Forrester Wave: Data Loss Prevention Suites Q4, 2016 Data Guardian’s Definitive Guide to Data Loss Prevention Guide to Cyber Threat Hunting (Digital Guardian) Read More
The Rise of the Threat Hunter
Where I left off in my first entry about the RSA Expo was suggesting that “Threat Hunting” seemed to be arising as a new approach to protecting the enterprise from cyber-threats. Threat Hunting is predicated on the fact that the perimeter is crumbling and attackers are getting more sophisticated, so you can expect Advanced persistent Threats (APTs) to be in progress on your network, and you should find them before the steal something important. “EndGame” sponsored this nice little “Hunter’s Handbook”; I picked up a hard copy at the show. It talks about the process of hunting, and what technologies Read More
RSA Expo Reflections
I spent two days in the Expo at this year’s RSA Conference, and came out of it dizzy and exhausted. I learned a few things. One is that this is an area that has been getting a lot of funding over the past couple years. The sucking sound you heard in San Francisco this week is the sound of data scientists and machine learning experts being sucked into the cyber-security vortex; I suspect that cyber-security is the reason salaries in those fields are continuing to increase. Everybody is pitching their “AI” or machine learning based solution keep you from getting Read More
Why Linux is so freaking difficult!
I’ve installed three different linux variants in virtual machines in the past week. One, LinuxMint based on Ubuntu, crashed repeatedly, so I deleted it. Another, CentOS with a command line UI, does not seem to be connecting to the network. So I went to Zorin, which I have used for years with relative success. It installed, connected to the network and seemed to be stable. There is a new version, version 12. It has a new software management application. I decided to use it to install a new software on the OS, a database that I work with (MongoDB). I Read More