1 month, 17 days ago

Zero Trust on a Beer Budget

I have a good friend that has a small business (roughly 100 employees and 2 office locations, everything lives in the cloud, no real “network” to speak of) that is doing well.  A few weeks ago, over barbeque and range time (some folks play golf, we sho…

4 months, 9 days ago

Lacking Smart Third-Party Risk Regulation, JP Morgan Chase, Bank of America, Wells Fargo, And American Express Create Company, TruSight

  The third-party ecosystem continues to flummox risk managers. Regulators keep pushing for stronger oversight, but they fail to offer real standards or tools to make this possible. What’s worse, technology and service providers  have only h…

4 months, 15 days ago

TIP of the Iceberg: Research Announcement on Threat Intel Platforms

A common feature in the threat intelligence platform (TIP) space is aggregation of data and providing an interface for managing threat intelligence — this seems to be where the product visions diverge. While many of these platforms have been arou…

5 months, 18 days ago

Forrester.com Experienced A Cybersecurity Incident

Today, we announced that Forrester.com experienced a cybersecurity incident this week. To date, our investigation has determined that the attack was limited to research reports made available to Forrester clients on Forrester.com. There is no evidence that confidential client data, financial information, or confidential employee data was accessed or exposed as part of the incident. […]

5 months, 19 days ago

CSI: Your Network – Reconstructing the Breach

September 2017 was a busy month. Three major breach notifications in Deloitte, the SEC, and Equifax… and my first Wave dropped, coincidentally on Digital Forensics & Incident Response Service Providers. Following all this commotion, I had a client reach out and ask me how… How are investigators able to reconstruct digital crime scenes to identify […]

5 months, 29 days ago

The B2B Breach Trifecta: Equifax, SEC, and Deloitte

The B2B Breach Trifecta: Equifax, SEC, and Deloitte As rumors emerged this morning about a compromise of consulting firm Deloitte, this becomes the third breach announced in just a few short weeks of organizations that share a similar profile: Each one is primarily – or exclusively – a B2B organization. There are some questions worth […]