don.maclean@dlt.com'

Don Maclean

March 19, 2019
Patching Up Configuration Management premium
Configuration management is a many-headed beast, but the biggest beast with the sharpest teeth is the patch monster.  Every day, a new vulnerability, a new patch – and an old decision:  patch and maybe break something (I’m looking at you, Spectre and Meltdown), or stay online and be vulnerable.  This model – “panic patching” — […]
premium
don.maclean@dlt.com'
March 18, 2019
Infrastructure Security: What’s an Infrastructure? premium
By now, you’ve heard it a hundred times: the perimeter is breaking down, no more “crunchy outside” to protect a “chewy inside”, no more castle-and-moat model of network infrastructure security. If there is no inside and outside, then where do defenses belong? What security architectures make sense for such amorphous network? If a network is […]
premium
don.maclean@dlt.com'
March 15, 2019
Endpoint Security: It’s a Whole New World premium
Once upon a time, endpoint security was just a hall monitor: it watched for known bad files identified with a simple signature and sent you an alert when the file was blocked. To be safe, it would scan every machine daily, an intrusive activity that slowed down machines, and sped up the heart rates of […]
premium
don.maclean@dlt.com'
March 14, 2019
The Impact of the Insider Threat premium
Insider Threat: it’s one of the biggest and most persistent issues in cybersecurity. High-profile cases – Manning, Snowden, and others – have kept the issue in the public eye; government security personnel are rightfully concerned. In addition to the willfully malicious, though, many insiders lack ill intent, but pose a threat just the same. Perhaps […]
premium
don.maclean@dlt.com'
March 13, 2019
What is the Importance of Application Security premium
Do developers at your company keep application security top of mind when coding? Do they have training in secure code development?  Do they have the tools to develop code securely? If they find a security issue, can they quickly fix the issue in all instances throughout a large-scale application? If they use open-source code, do […]
premium
don.maclean@dlt.com'
March 12, 2019
A Closer Look at Blockchain and Supply Chain Risk Management premium
“Build it in, don’t bolt it on” is a mantra we all learn when we study cybersecurity, yet we see it in practice far too rarely. Our adversaries also know this principle and have begun to implement it by infecting the supply chain – hardware and software – as close to the source as possible. […]
premium
don.maclean@dlt.com'
March 8, 2019
Phishing, Smishing premium
Phishing, vishing, whaling, spear-phishing: the list of clever new terms seems constantly to change. A successful attack by any other name, though, is just as sweet to the adversary. Terminology aside, the fundamental problem is this. Phishing is the most common and effective way to steal data because it goes after the biggest chink in […]
premium
don.maclean@dlt.com'
February 28, 2019
Zero Trust: Buzzword or Hack-Buster? premium
“Trust but verify”:  a Russian proverb Ronald Reagan often used to characterize U.S.-Russia relations, especially regarding nuclear weapons. The Internet has made it clear that the “trust” part of the proverb may not work so well. Today, we may have to say “Never trust; only verify”. Acknowledging that no entity, especially the kind made of […]
premium
don.maclean@dlt.com'
February 28, 2019
Security = Fundamentals + Innovation premium
Every security professional knows that the adversary has the advantage. Security professionals have to find every vulnerability (good luck with that) and remediate it, and the enemy only needs to find one vulnerability and exploit it. This asymmetry underlies their economic advantage: finding one vulnerability gives access to a huge number of systems. In addition, for […]
premium
don.maclean@dlt.com'
February 28, 2019
Compliance: It’s Still (an even bigger) Thing premium
You have heard it enough to make you aim a fire extinguisher at your firewall:  “compliance does not mean security”. Compliance work can consume up to 70% of security budgets in Federal government agencies, and it is common to spend more money identifying, documenting, and gaining approval for a remediation than the remediation itself costs. […]
premium
don.maclean@dlt.com'