Compliance Remains a Key Driver of Cyber Security Budgets

By |November 27th, 2016|Compliance, DFARS, SMB|

New DoD Compliance Regimens Two major compliance regimens, DFARS and NISPOM, ratchet up this month, for all DoD contractors and sub-contractors. Many defense contractors are SMBs. These regulations break some new ground in terms of the level of cyber security investment and types and protection levels expected of contractors. Different compliance regimens, in particular

IoT security: Prevention should mean… prevention

By |October 5th, 2016|KSE|

Prevention: you keep using that word... This past week the infosec industry and others took notice of two disturbing events. First was the huge Yahoo breach in which 500 million (or possibly more) data records have been stolen. The second event was a huge DDOS attack on Brian Krebs, a leading investigative reporter of cyber

Fahrenheit WAF Langsec Research: Part 4 – Detection Ceiling

By |August 17th, 2016|Fahrenheit|

Calculated Impact of Langsec Design Flaws on Detection Success   Part 3, explained why current WAF design flaws impact their ability to detect Web application attacks, using Chomsky Language Hierarchy and Formal Language Theory. Langsec informs us that current WAF design using signatures, will miss attacks. Mathematically speaking, all signature-based technologies such as scanning, WAF, ids/ips and

Fahrenheit WAF Langsec Research: Part 3

By |August 15th, 2016|Fahrenheit|

Formal Language Theory and Chomsky Language Hierarchy Part 2  presented that Langsec gives us an understanding of the design limitation of current WAFs, and all signature based detection, such as AV. In langsec, decidability matters. In order to have proper attack detection, and therefore security, one needs decidability. The notion of context in language recognition is