Earlier this spring Robert Westervelt wrote a story about a panel he attended at the InfoSec World Conference and Expo. The session featured three security pundits who, according to Mr. Westervelt, chided the audience for focusing on compliance, buying appliances, and automating security processes. Instead, the trio recommended identifying core company assets, hiring and training talented people, and analyzing logs to identify intruders. While delivering their message, they apparently offended a decent number of attendees. I read several accounts of the event and these points seem core to what happened at the panel.Read more...
Entries filed under 'information security policies'
Threat Research Blog
The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.