Multiple Perspectives on Security

Security Journal

Subscribe to Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

These days attacks are becoming more sophisticated and more common. Mobile devices, cloud computing and the Internet of Things have increased the number of access points that must be secured. To complicate matters, CISOs are been directed to secure system without compromising the seamless experience that customers expect across channels, and if the organization is in a regulated industry, compliance issues likely increase the team's workload. To best detect threats and respond to incidents quickly, many organizations decide they need a security operations center to provide proper protection and continuous prevention. Then they must decide whether to build an internal Security Operations Center (SOC) or outsource. Advantages and Disadvantages of an Internal SOC The advantages of building an internal SOC include: A dedicated staff that knows the particular environment an... (more)

[session] Bridging the Gap with MongoDB on AWS | @CloudExpo #API #Cloud #Agile #Security

Bridging the Gap with MongoDB on AWS MongoDB Atlas leverages VPC peering for AWS, a service that allows multiple VPC networks to interact. This includes VPCs that belong to other AWS account holders. By performing cross account VPC peering, users ensure networks that host and communicate their data are secure. In his session at 20th Cloud Expo, Jay Gordon, a Developer Advocate at MongoDB, will explain how to properly architect your VPC using existing AWS tools and then peer with your MongoDB Atlas cluster. He'll discuss the security advantages you immediately gain, easier configuration of whitelisting networks and potential cost savings on bandwidth. Speaker Bio Jay Gordon is a Developer Advocate at MongoDB focused on providing users with a great experience with our Cloud products. He joined MongoDB in 2016 after many years as working as a System Administrator and D... (more)

Hybrid Cloud Security: Part 3 | @CloudExpo #SDN #API #SaaS #Cybersecurity

In the first article of this three-part series on hybrid cloud security, we discussed the Shared Responsibility Model, and examined how the most common attack strategies persist, are amplified, or are mitigated as assets move from data centers to the cloud. In part two, we talked about the unique security challenges that are introduced by public cloud environments. In this third and final installment, we'll review why it's essential to approach hybrid cloud security with different methods, tools and best practices than those used in the data center. Bridging the Silo Between On-Premises and Cloud Environments For today's resource-constrained IT teams, the explosion of public cloud services has only increased the complexity of securing critical infrastructure. Until recently, it has been a challenge for IT professionals to find security tools that are specifically de... (more)

[demo] @AlertLogic's Cloud Security | @CloudExpo #SDN #IoT #DevOps

AlertLogic's 'Security Built for the Cloud' Demo Download Slide Deck: ▸ Here Download Slide Deck: ▸ Here In their Live Hack" presentation at 17th Cloud Expo, Stephen Coty and Paul Fletcher, Chief Security Evangelists at Alert Logic, provided the audience with a chance to see a live demonstration of the common tools cyber attackers use to attack cloud and traditional IT systems. This "Live Hack" useds open source attack tools that are free and available for download by anybody. Attendees learned where to find and how to operate these tools for the purpose of testing their own IT infrastructure. They also witnessed a cyber-attack from both sides - attacker and defender. An inside view of how indicators of compromise are researched to develop security content to be deployed for detection based on these attacks. Download Slide Deck: ▸ Here Speaker Bios Stephen Coty ... (more)

[slides] Securing the #SDDC | @CloudExpo @TufinTech #DevOps #Docker

Securing the Software Defined Data Center Download Slide Deck: ▸ Here The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin, will discuss the main security considerations enterprises face when rolling out SDDCs and how they can harness key functionality of a virtual environment to achieve more granular security controls across hybrid environments. Speaker Bio Reuven Harrison is CTO and Co-Founder of Tufin. He brings more than ... (more)

[video] Join @EnzuInc June 6-8 in New York | @CloudExpo #SDN #DataCenter

"A lot of times people will come to us and have a very diverse set of requirements or very customized need and we'll help them to implement it in a fashion that you can't just buy off of the shelf," explained Nick Rose, CTO of Enzu,  in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY. 20th International Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS - ... (more)

What Is #MQTT? | @ThingsExpo #IoT #M2M #RTC #DigitalTransformation

The mad dash to connect virtually every noun to the internet or the Internet of Things is creating a massive M2M network for all the devices, systems, sensors and actuators to connect & communicate on the Internet. With that, they need a communications protocol to understand each other. One of those is Message Queue Telemetry Transport (MQTT). MQTT is a “subscribe and publish” messaging protocol designed for lightweight machine-to-machine (or IoT) communications. In this episode of Lightboard Lessons, I light up how MQTT works. ps Related: IoT Ready Infrastructure IoT Effect on Applications IoT Influence on Society What are These "Things? The Intruders of Things Internet [email protected], taking place June 6-8, 2017 at Javits Center, New York City, is co-located with 20th [email protected] and will feature technical sessions from a rock star conference facult... (more)

Extreme Computing | @CloudExpo @NVIDIA #HPC #BigData #IoT #AI #ML #DL

Download Slide Deck: ▸ Here Download Slide Deck: ▸ Here Extreme Computing in the Cloud...How to Get It for FREE! Extreme Computing is the ability to leverage highly performant infrastructure and software to accelerate Big Data, machine learning, HPC, and Enterprise applications. High IOPS Storage, low-latency networks, in-memory databases, GPUs and other parallel accelerators are being used to achieve faster results and help businesses make better decisions. Download Slide Deck: ▸ Here In his session at 18th Cloud Expo, Michael O'Neill, Strategic Business Development at NVIDIA, focused on some of the unique ways extreme computing is being used on IBM Cloud, Amazon, and Microsoft Azure and how to gain access to these resources in the cloud... for FREE! Download Slide Deck: ▸ Here Speaker Bio Michael O'Neill is an established leader for NVIDIA. He provides specializ... (more)

[session] IoT Security Certifications By @PECB | @ThingsExpo #IoT #M2M #Security

IoT Security Certifications In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), will provide an overview of various initiatives to certifiy the security of connected devices and future trends in ensuring public trust of IoT. Speaker Bio Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldwide recognized certification against various international standards. He also has extensive experience as a trainer and an educator in the fields of Information Security, Risk Management and IT. Throughout his career, he has worked in North America, Latin America and Asia with individuals and various companies of all sizes. The World'... (more)

Denouement of DevOps | @DevOpsSummit #DevOps #API #IoT #Microservices

Axis of Upheaval: The Denouement of DevOps Download Slide Deck: ▸ Here Whether you like it or not, DevOps is on track for a remarkable alliance with security. The SEC didn't approve the merger. And your boss hasn't heard anything about it. Yet, this unruly triumvirate will soon dominate and deliver DevSecOps faster, cheaper, better, and on an unprecedented scale. In his session at DevOps Summit, Frank Bunger, VP of Customer Success at ScriptRock, discussed how this cathartic moment will propel the DevOps movement from such stuff as dreams are made on to a practical, powerful, and insanely valuable asset to enterprises. You may call it DevSecOps, or SecDevOps, or maybe even DevOpsSec. Choose your own adventure. Download Slide Deck: ▸ Here Speaker Bio A long-time Silicon Valley startup veteran and technologist (Ensim, Bromium, ScriptRock), Frank Bunger couples deep, ... (more)

[slides] @LeeAtchison Talk at @CloudExpo | @NewRelic #IoT #AI #ML #DevOps

Download Slide Deck: ▸ Here Download Slide Deck: ▸ Here Fly Two Mistakes High - Keeping High Availability in the Cloud When building large, cloud-based applications that operate at a high scale, it's important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. Download Slide Deck: ▸ Here "Fly two mistakes high" is an old adage in the radio control airplane hobby. It means, fly high enough so that if you make a mistake, you can continue flying with room to still make mistakes. In his session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed how this same philosophy can be applied to highly scaled applications, and can dramatically increase your resilience to failure. Download Slide Deck: ▸ He... (more)