Documenting Firewall Rules
For years, firewall managers have been required to justify why a firewall rule was added to the rule base. In the past, lots of us met that requirement by putting the change control ticket number in...
View ArticleRisk Analysis: What and Why
When FireMon announced that it had acquired Saperix Technologies and their patent pending, MIT Lincoln Labs developed, risk analysis technology, many people nodded their heads but didn’t really...
View ArticleClik here to view.
Risk Management Is About Efficiency
One of the early epiphanies for any risk manager is when they realize that to totally eliminate risk is frankly not worth it. The truth is that to eliminate risk, if it is even possible, would usually...
View ArticleDissecting Big Firewall Rules
A while back, I worked with one of our clients who was put in a tough spot by their external auditors. The auditor flagged every firewall rule that accepted traffic and used the “Any” object in the...
View ArticleClik here to view.
Security and Network Device Back Up: An Often Overlooked but Important Part...
Disaster Recover (DR) and back up long ago became staples of a competent network and security strategy. Backing up databases, applications and data can be as simple as setting up a schedule or...
View ArticleClik here to view.
Preventative Security Controls Will Fail: What to Do?
I read a quick blog post this morning from Rick Holland at Forrester. In fact, part of my title is borrowed from a line in his post. As security professionals, I think it is important to recognize that...
View ArticleHe Who Finds the Entry Point First Wins
The amount of news generated around attacks in 2011 has been overwhelming. In just the last week, the reports around SCADA based attacks have reached almost histrionic levels. Attacks on NASA, AT&T...
View ArticleRisk Analyzer released today
I am very excited to announce the release of Risk Analyzer, FireMon’s patented risk analysis application providing enterprise visibility into risk exposure (Press Release). The product is a...
View ArticleDon’t buy another security product
Gary Fish and I had a great conversation with Alan Shimel on his Security Exe podcast last week. If you have a few minutes, you can listen to our discussion here:...
View ArticleClik here to view.
Accurately measuring & scoring risk: are we too holistic in our approach?
The most recent post on our blog noted that understanding your organization’s exposure to risk is no small task. I have seen enterprises attempt to manage risk through feel or intuition, or simply...
View Article
