September 20, 2016 by Pete Kofod

Ransomware In 2020: Still A Threat?

Critical to develop intuitive solutions

Ransomware is very much here to stay. First and foremost, ransomware should not be considered a technology threat; rather it is a criminal tactic that exploits any set of endpoint vulnerabilities.

The age-old crimes of theft, fraud and extortion have merely found new homes in a cyberspace. It is important to note that criminal enterprises require the ability to anonymize and subsequently launder their ill-gotten gains.

Continue reading at Information Security Buzz...

Cell Structure Security

August, 2016 by Pete Kofod

The Sixth Flag recognized in Four Gartner Reports

TSF named a 2016 Gartner Cool Vendor in Enpoint Computing

Market Guide for Desktop as a Service

1 August 2016 | Analyst(s): Nathan Hill | Michael A. Silver | Federica Troni | Tiny Haynes

As IaaS and SaaS adoption increases, end-user computing leaders are asking Gartner whether DaaS is ready to deploy. In this research, Gartner clarifies vendor service options and capabilities, and defines the criteria with which EUC leaders should consider DaaS in a complex and confusing market.

Cool Vendors in Endpoint Computing, 2016

11 May 2016 | Analysts: Michael A. Silver | Nathan Hill

Desktop virtualization is a driving force for innovative endpoint computing technologies. I&O leaders who seek increased ease of use, reduction in technology and flexible options for BYOD and CYOD while still managing legacy applications have unique choices from emerging vendors. ...
Analysis by Michael Silver Why Cool: The Sixth Flag offers their Workspace-as-a-Service (aka DaaS) ...

IT Market Clock for Hybrid Infrastructure Services

22 June 2016 | Analyst(s): David Groombridge | David Edward Ackerman | Daniel Barros | William Maurer | DD Mishra | Akimasa Nakao | Mark D. Ray

After years of growth in cloud services, organizations are realizing that they must manage a hybrid of cloud and traditional infrastructure services for the indefinite future. Sourcing managers can use this research to select which infrastructure services to invest in and which to retire. ... : Amazon, Citrix, dinCloud, Dizzion, Evolve IP, Microsoft, nGenx, NaviSite, The Sixth Flag, VMware Analysis by: Mark Ray, DD Mishra and David Groombridge ...

Hype Cycle for Unified Workspaces, 2016

6 July 2016 | Analyst(s): Nathan Hill | Federica Troni

Unified workspaces involve the secure and contextual delivery of diverse applications and data to end users. The technologies in this Hype Cycle represent the future state of user-centric computing, increasingly augmented by machine learning, and are a vital foundation of the digital workplace. ...

Cell Structure Security

January 27, 2016 by Pete Kofod

Employing Clandestine Warfare Tactics to Secure Your IT Systems

Using Cell Structure Security to go beyond Layered Defense.

In late 1970, a faction of the Palestinian Liberation Organization (PLO) emerged named the Black September Organization (BSO). Over the next several years, the BSO would go on to commit some of the more notorious acts of terrorism in Europe, including their famous attack during the 1972 Munich Summer Olympics.

While the PLO operated in a traditional hierarchical organizational structure, the BSO were highly compartmented teams of 3-5 members. Communications relied on intermediaries and operators were never aware of any identities outside their immediate team. This configuration is known as a "cell structure." It is a system that is highly resilient to external compromise and severely limits the ability of an attacker to further exploit the organization beyond the cell. Should the "cell" be compromised, the parent organization immediately isolates and collapses the cell.

What does clandestine warfare have to do with IT system security?


February 19,2016

Mitigate cyber breach losses by containing the cell

How the Cisco Vulnerability Further Demonstrates the Need for Cell Structure Security.

The technology sector was rocked again by what will likely prove to be a catastrophic security headache. Cisco announced on February 10 that a critical vulnerability in their widely deployed Cisco ASA Firewall appliance had been found and recommended system administrators patch their systems immediately. For those interested or affected, the details can be found here.

There is a saying among technology professionals that nobody ever got fired for buying a leading vendor solution. The belief is that selecting industry leaders mitigates both technical and strategic risk. While industry leaders have rightfully earned the leadership mantle in the technology industry, the expression serves as an indictment of organizations' technical leadership on several levels.

As a matter of sheer principle, it suggests a lack of professional rigor by "going with the crowd." It may offer advantages in terms of long-term technology viability, economies of scale as it applies to acquisition and support costs, and the ease of staffing. There is a flip side of course. Security problems are magnified.

read more ...

The Backdoor

December 22, 2015 by Pete Kofod

What the Juniper Revelation Means to You

Juniper Networks, a leading networking equipment vendor, announced on December 17, 2015 that they had discovered "unauthorized code" in their ScreenOS software.

ScreenOS is the operating system used to run their widely deployed firewall and VPN equipment. The software appears to have been surreptitiously inserted, granting attackers full access to the firewall and the ability to read encrypted traffic.

Juniper is the firewall vendor of choice for the Unites States Department of Defense as well as for the banking sector. Consequently, this vulnerability impacts virtually every government agency, Fortune 100 Company as well as the broad technology sector including social media firms and their customers. In other words, everybody is impacted.

To make matters worse, it appears this intentional "back door" has been a part of the ScreenOS since 2012. Given how much sensitive traffic is protected by Juniper equipment, the consequences will likely prove to be disastrous.

read more at The Frugal Networker...