Category Archives: Published work

CSO: How to make your multicloud security more effective

Posted on by
Reply

The days of debating whether cloud or on-premises is the best location for your servers are thankfully far behind us. But lately, more enterprises are shifting their workloads as they realize that security and simplicity matter. This movement isn’t uniform because of the richness and complexity of multicloud computing in the modern era.

In this piece for CSOonline, I look at ways to be more purposeful about cloud security and focus on containing and managing tool sprawl with recommended courses of action that you can take.

My love affair with MS-DOS

Posted on by
Reply

I wrote this in 2011 when I was running a piece of the ReadWrite editorial, and recently discovered it. Other than making a few corrections and updating the dates, I still share the sentiment.

Can it be that DOS and I have been involved with each other for more than 40 years? That sounds about right. DOS has been a hard romance, to be sure.

Back then, I was a lowly worker for a Congressional research agency that no longer exists. I was going to write “a lowly IT worker,” until I remembered that we didn’t have IT workers 40+ years ago: Information Centers really didn’t come into vogue for several years, until the IBM PC caught on and corporations were scrambling to put them in place of their 3270 mainframe terminals. Back in 1981, we used NBI and Xerox word processors. These were big behemoths that came installed with their own furniture they were so unwieldy. We had impact printers and floppy discs that were eight inches in diameter. The first hard drives were a whopping 5 MB and the size of a big dictionary. But that came a few years later.

At the agency, one of the things that I figured out was how to hook up these word processors to a high-speed Xerox printer that also was the size of a small car. We had to use modems, as I recall: you know those things beeped that used to be included on every PC? When was the last time you used a PC with an internal modem, or a floppy disc? I can’t remember, but it has been probably more than a decade for both. Remember the hullabaloo when Apple came out with a laptop without a floppy? Now we have them without any removable storage whatsoever: they are called iPads. Steve Jobs always was ahead of curve.

Basic MS-Dos Commands - BCA Nepal

Anyway, back to DOS. I used to pride myself on knowing my mistress’ every command, every optional parameter. And we had EDLIN, a very primitive command line editor. It wasn’t all that hard – there weren’t more than a dozen different commands. (Of course they are preserved by Wikipedia.) When a new version came out, I studied the new manuals to ferret out tricks and hidden things that would help me slap my end users who would love to do format c:/s and erase their hard drives.

And new versions of DOS were a big deal to our industry, except for DOS 4, which was a total dog. One of my fondest memories of that era was going to the DOS 5 launch party in the early 1990s: Steve Ballmer was doing his hyperkinetic dance and sharing the stage with Dave Brubeck. To make a point of how bad DOS 4 was Brubeck tried to play “Take Five” in 4/4 time, before switching to 5/4 time as it was intended. Those were fun times.

But DOS wasn’t enough for our computers, and in the late 1980’s Microsoft began work on Windows. By 1990, we had Windows v3 that was really the first usable version. By then we also had the Mac OS for several years and graphical OS’s were here to stay. DOS went into decline. It didn’t help that a family feud with DR DOS kept many lawyers engaged over its origins either. As the 1990s wore on, we used DOS less and less until finally Windows 95 sealed its fate: the first version of Windows that didn’t need DOS to boot.

I won’t even get into OS/2, which had a troubled birth coming from both IBM and Microsoft, and has since disappeared. My first book, which was never published, was on OS/2 and was rewritten several times as we lurched from one version to another, never catching on with the business public.

Once PC networks caught on, DOS wasn’t a very good partner. You had 640 kilobytes of memory – yes, KB! — and network drivers stole part of that away for their own needs. Multitasking and graphical windows also made us more productive, and we never looked back. For a great ten minute video tour and trip down memory lane, see this effort by Andrew Tait showing successive upgrades of Windows OS .

But DOS was always my first love, my one and true. I still use the command line to ping and test network connectivity and to list files in a directory. There is something comforting about seeing white text on a mostly black screen.

Yes, we haven’t been in touch in many years, and now when I need a new OS I just bring up a VM and within a few minutes can have whatever I need, without the hassle of CONFIG.SYS or AUTOEXEC.BAT. (Here is a column that I wrote a few years ago about getting Windows NT to work in a VM.) But happy birthday, DOS, and thanks for the memories. It’s been lots of fun, all in all.

Red Cross provides help and hope to St. Louis man displaced by May tornado

Posted on by
Reply

Steven Reason in a shelter after being misplaced from a tornado

Steven Reason is one of the many St. Louis residents displaced by the May 16th tornado that tore through the metropolitan area. He found refuge at one of the American Red Cross shelters set up immediately after the storm. He was watching a YouTube video and dozing off “when I heard the warning on my phone,” he said. “I could hear the wind blowing outside my apartment. I share his story on the Red Cross chapter blog here.

The tornado passed within a few blocks of my home, fortunately, I wasn’t affected other than a few hours without power. But thousands of my fellow St. Louisians have been rendered homeless or have other dire circumstances. Please support your local Red Cross if you don’t live in the area, and if you have the ability to volunteer your time here, contact me if you are interested in helping. There is much to be done.

CSOonline: Threat Intelligence Platforms Buyer’s Guide

Posted on by
Reply

The bedrock of a solid enterprise security program begins with the choice of an appropriate threat intelligence platform (TIP) and then to use this to design the rest of your program. Without the TIP, most security departments have no way to integrate the various component tools and develop the appropriate tactics and processes to defend their networks, servers, applications and endpoints.

What is newsworthy is that the threat universe has gotten a lot more complex and focused. For example, the Verizon VDBIR found that threats aimed at VPN and edge devices have surged to more than eight times what was reported last year.

The early TIPs were very unsophisticated products, often just cobbled together intelligence feeds of the latest exploits, with little or no details. Today’s TIP has a lot richer information, including underlying complexities and specifics about how the threat operates I talk about what some of these are in my latest post for CSOonline, along with short summaries of several TIPs from Bitsight, Cyware, Greynoise, Kela, Palo Alto Networks, Recorded Future, SilentPush and SOCRadar.

CSOonline: Top tips for successful threat intelligence usage

Posted on by
Reply

Enterprises looking to stem the tide of breaches and attacks usually end up purchasing a threat intelligence platform (TIP). These can take one of several forms, including a managed cloud-based service or a tightly coupled tool collection that provides a wider risk management profile by tying together threat detection, incident response and vulnerability management. More than a dozen vendors offer TIPs, and I will be posting my buyer’s guide in a few weeks that go into more details of some of them. In the meantime, you can examine my top tips tor selecting a TIP here on CSOonline.

 

 

CSOonline: CNAPP buyer’s guide: Top cloud-native app protection platforms compared

Posted on by
1

It is time to re-examine my review of cloud native protection products, commonly known as CNAPP. The category has expanded to include more devsecops coverage, such as API and supply chain security, and more posture management tools for tracking data and SaaS apps.

The category is also under scrutiny because the CNAPP vendor landscape has shifted, most notably around Wiz. They recently were purchased by Google, who will maintain it as a separate division. Check Point Software has formed a strategic partnership with Wiz, and has discontinued selling its own CloudGuard CNAPP and will migrate its customers to Wiz. Lacework has been purchased by Fortinet and is now called Lacework Fortinet FortiCNAPP. Palo Alto Networks has rebranded and reconstituted its CNAPP offering as part of its Cortex Cloud product line.

My review for CSOonline has been updated to include 11 CNAPP vendors. 

CSOonline: Agentic AI is both boon and bane for security pros

Posted on by
Reply

AI agents are predicted to reduce time to exploit by half in two years, here is what you need to know to figure out if your business need agentic AI and how to find the right one. Agentic AI has proved to be a huge force multiplier and productivity boon. But while powerful, agentic AI isn’t dependable, and that is the conundrum. In this post for CSOonline, I describe some of the issues and make some recommendations for how to safely and productively deploy this tech.

 

CSOonline: Attack time frames are shrinking rapidly

Posted on by
Reply

Times are tough for cyber pros, quite literally. Two common malware time scale metrics — dwell time and time to exploit — are rapidly shortening, making it harder for defenders to find and neutralize threats. With attackers spending far less time hidden in systems, organizations must break down security silos and increase cross-tool integration to accelerate detection and response. I explain the reasons why these two metrics are shortening and what security managers can do to keep up with the bad guys in my latest post for CSOonline.

Red Cross: Helping victims of an apartment fire in Little Rock on New Year’s Eve

Posted on by
Reply

The afternoon of the last day of 2024 saw a fire break out in the Midtown Park apartment building in Little Rock. And while confined to a single seven-story building, this like so many other fire incidents show the powerful role that the American Red Cross continues to play. Certainly, the fires surrounding Los Angeles continue to gather news attention, but this one building is a microcosm of how the Red Cross can focus on the various resources to help people move on with their lives and get the needed assistance.

The building had 127 occupied apartments: eleven residents were taken to the hospital for treatment, four of whom had critical injuries. Sadly, there was one fatality. The Red Cross was quickly on the scene, establishing a shelter at a nearby church with more than 40 volunteer nurses. You can read more on the Red Cross blog about what happened.

CSOonline: A buyers guide for SIEM products

Posted on by
Reply

Security information and event management software (SIEM) products have been an enduring part of enterprise software ever since the category was created back in 2005 by a couple of Gartner analysts. It is an umbrella term that defines a way to manage the deluge of event log data to help monitor an enterprise’s security posture and be an early warning of compromised or misbehaving applications. It grew out of a culture of log management tools that have been around for decades, reworked to focus on security situations. Modern SIEM products combine both on-premises and cloud log and access data along with using various API queries to help investigate security events and drive automated mitigation and incident response.

For CSOonline, I examined some of the issues for potential buyers of these tools and point out some of the major issues to differentiate them. This adds to a collection of other buyers guides of major security product categories: