My guest this week is Jeff Williams, co-founder and Chief Technology Officer at Contrast Security.
The reason that I wanted Jeff on the program is that his technology was massively interesting to me, given that application attacks are the single biggest vector for security breaches. In 2017 There will be 111 billion new lines of code produced resulting in endless complexity.
His product was an Innovation Sandbox Finalist at RSA this year. So I wanted to understand more.
I have tried to integrate application level firewalls and experienced working through real & hard human challenges of coders and network security people trying to defend and deploy at the same time I wanted to understand his technology better AND because iterative application development is going to be even more important for companies for their security to move at the pace of the business innovation and applications development and testing becoming more and more iterative and agile. So how do we do this? Continue reading →
What is the best next generation Firewall product? This is a big question.
It is mostly based on numbers of users. When you have many users on the same Firewall, UTM Firewalls are the best option. They are now integrated with built-in IPS . UTM firewalls, or Next Generation Firewalls (whatever marketing wants to call them), are not port-based and are so fast these days that you can certainly buy the feature set that handles URL inspection, IPS, SSL inspection, etc.
I have observed that CIOs are usually hesitant to go toe-to-toe against a regulator or an auditor. One of the major issues is that a lot of times, after reviewing a risk assessment, we are operating from purely intuition. It is important that you take a rigorous approach to preparing for these discussions by combining intuition with critical thinking and rationale.
By using your own intuition in combination with critically thinking through complex problems, you are able to develop a defensible argument. You are now able to validate surface assumptions and estimates before presenting, and placing information before auditors.
Just having the framework for discussing and debating topics with your auditor is extremely valuable. There are a few tools and tricks I want to share with you that will help you to better prepare a defensible argument that is backed with rigor, critical thinking, and logic. It can be very powerful to go before authorities this way, and I want to be able to help you do this. Continue reading →
During a recent security assessment RedZone asked the customer a standard question about password management:
“Are your passwords being changed on this outsourced web server?”
With Heartbleed,WordPress, and SSL vulnerabilities, an assessor must ask this question. The customer was insistent that the passwords are being changed frequently. That same day the customer received notification from the FBI that their site was hacked, and was being used as spam relay. Vast quantities of data were being hoisted from their site. Why? Because they had not recently changed their passwords. They had made the process of guessing the password easy. The attacker literally had to do nothing except guess a password.
Kevin Kelly, I think, may be the smartest person in the world…and I am only half-joking. I have been deeply interested in his work, and his thinking has influenced mine.
His 2010 book What Technology Wants changed my perspective on Information Technology in 2010; his book Cool Tools is a compendium of the best tools cultivated from his years of research. Among other resources I like is his blog post 1000 True Fans; his latest book just released this summer titled The Inevitable; and his podcast interviews on London Real, Tim Ferriss, Lewis Howes, and Chase Jarvis.
I asked him to come onto the show to get into topics that I had not heard him dive into from the perspective that I was curious about… I know you will be too.