Characterizing the Friction and Incompatibility Between IoC and AI
Many organizations are struggling to overcome key conceptual differences between today’s AI powered threat detection systems and legacy...
Bug Bounty Programs: Are You Ready? - part 2
In this part we’ll discuss why an organization needs to launch a bug bounty program, and what limits the value they will likely extract from
Bug Bounty Programs: Are You Ready? - Part 1
The premise of crowdsourcing the task of uncovering new bugs and vulnerabilities in an organizations web applications or consumer...
Security Automation Isn’t AI Security
The AI revolution is still relatively young in the InfoSec world. Despite endless floors of vendor booths displaying the latest security...
A Pentester’s Cache of 0-days
Much of the InfoSec would still struggles to understand the dynamics of 0-day vulnerabilities and the quandary of their widespread...
From Anomaly, to Behavior, and on to Learning Systems
Anomaly detection approaches to threat detection have traditionally struggled to make good on the efficacy claims of vendors once...
Suits & Spooks: Post DYN DDoS: Is government regulation of the IoT on the horizon?
It’s a bit hard to miss all the stories and concerns over IoT security. In some ways it’s reminiscent of the late 1990’s and the endless...
Suits & Spooks: Shadowbrokers, Attribution, and Responsible Disclosure
Threat actor attribution in the cyber world – when done properly – is a damned difficult task complicated by missing and inaccessible...
Ransomware Detection and Mitigation in 2017
With near unanimous agreement between InfoSec authors of 2017 security predictions, ransomware will continue to grow as the number-one...
Allowing Vendors VPN access during Product Evaluation
For many prospective buyers of the latest generation of network threat detection technologies it may appear ironic that these AI-driven...