Stop CISA!

I’ve been following cybersecurity legislation for a number of years, including all the proceedings with the Cybersecurity Information Sharing Act (CISA). After much deliberation, I believe that CISA remains fundamentally flawed and needs a lot more work before it becomes the law of the land. 

Topics: Cybersecurity threat intelligence CISA

Last Minute Cybersecurity Predictions for 2015

By now, every vendor, analyst, and media outlet has already published their cybersecurity predictions for 2015. I actually described some of mine on a Co3 webinar with Bruce Schneier last week, so I thought I’d put together a quick list. Here are ten predictions in no particular order.

Topics: Apple Cybersecurity threat intelligence cyber attack FIDO CISA

Confusion Persists around Cyber Threat Intelligence for Enterprises

Over the last few months, I’ve talked to a number of CISOs and security analytics professionals about threat intelligence as I’m about to dig into this topic with some primary research. 

One of the things I’ve learned is that large enterprises are consuming lots of open source and commercial threat intelligence feeds. In some cases, these feeds are discrete services from vendors like iSight Partners, Norse, or Vorstack. Alternatively, they also purchase threat intelligence along with products from security vendors like Blue Coat, Check Point, Cisco, FireEye, Fortinet, IBM, McAfee, Palo Alto Networks, Symantec, Trend Micro, Webroot, and a cast of a thousand others. 

Topics: Cybersecurity cyber threat intelligence CISA