Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “Local Security Community Strikes Big in 2nd MACH37 Cohort”, 2) “QOTD: No, My Pen Testing Didn’t Disrupt Your Network. Your Crappy Network Disrupted Your Network.”, and 1) “Global Cyber Attack Maps”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered remote-access.
Building Up Your SOC through Internal Training: I’ve been doing some training lately and this little gem of an article on building up network analysts to staff a new Security Operations Center (SOC) caught my attention. One of the key points the author, Jack @jackcr Crook, made was it taking up to six months for a newer person just to be comfortable in their new analyst role and then an additional six months for them to really be effective at it. Hopefully, you could get at least some experienced people to shortcut a year-long process but I feel this is an accurate estimate. As expected with the first set of new analysts, they didn’t have much of a formal training program. Instead, Jack and his staff just started instructing them on tools through “weeks upon weeks” of coaching and mentoring and teaching lessons off that. (continued here)
Is Open Source Software More Secure?: This article caught my eye… Lasse Andresen of ForgeRock ponders why he thinks open source software is more secure than you think. I agree with many of his points however you need to understand a few things before reading his article and jumping all in to open source. First is my usual rant that “security” can’t be measured; it should instead be based on risk, which is at least somewhat measurable. Based on using this more measurable value, I would have rather seen this article titled “Open source software offers organizations less risk than you think.” (continued here)
Global Cyber Attack Maps: Not really too much to say here except that there’s some great eye candy to show up on your dashboard when visitors come through. I especially like Cyber Warfare Real Time Map by Kaspersky and Cyberfeed Live Botnet Map by AnubisNetworks for their visual appeal. Of course my all time favorites, although not as exciting looking, would probably be the ones from the HoneyNet and ShadowServer projects. Do you have any favorite dashboards not listed here or in the original article? Let us know in the comments below. (continued here)
Local Security Community Strikes Big in 2nd MACH37 Cohort: Congrats to the new class of security startups over at MACH37. I’m sure some of us in the security community even know a few of them. Joe Klein is starting Disrupt6, which if you know anything about Joe, you know it is going to be something IPv6 related. In this case that assumption is half true. His company looks to focus on identify protection from an IP address (both IPv4 and IPv6) perspective. And Mark Hardy, someone else you’ll find at many of the security cons, aims to help detect small fraudulent purchases through his company, CardKill. The remaining startups that fill out this cohort include Axon Ghost Sentinel, Fast Orientation, and IDentia. (continued here)
QOTD: No, My Testing Didn’t Disrupt Your Network. Your Crappy Network Disrupted Your Network: I found this quote mentioned in SecurityRamblings.com’s 2013 InfoSec Tweet Awards post a few months back. By @averagesecguy it eloquently stresses not only the traditional security aspects of your network but also its resiliency as well. Remember “availability” is part of security too. (continued here)
Hope everyone had a wonderful week! Have a great weekend!