article thumbnail

Five considerations for cloud migration, from the House of Representatives CISO

SC Magazine

Companies transitioning to the cloud have to think of cybersecurity as more than firewalls, access controls and incident response, and define goals of security that go beyond confidentiality, integrity and availability, said Randy Vickers, chief information security officer for the U.S. Sean Gallup/Getty Images). Technical review.

article thumbnail

Startup Traceable turns to CISO investors for next phase of growth

SC Magazine

Their platform operates as both a web application firewall and run time application self-protection, using machine learning to monitor their customers’ APIs and applications, identify baseline user and application behaviors and over time, learn how to best to detect and block malicious activity.

CISO 59
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New SEI CERT chief and first ever federal CISO: old cybersecurity models have ‘been overcome’

SC Magazine

That includes the architectures, the computing platforms, the algorithms and the people and the process as well. We would build our architectures with that perimeter defense model where we’re going to have a firewall and we’re going to deny everything except for those things that we want to let through. And that’s been overcome.

CISO 109
article thumbnail

A Reactive Cybersecurity Strategy Is No Strategy at All

CyberSecurity Insiders

A foundational approach to cybersecurity empowers CISOs to see abnormalities and block threats before they do damage. These developments have made the perimeter so porous that the old approach of simply hiding behind a firewall and keeping the rest of the world at bay is no longer feasible. by David Ratner, CEO, HYAS ( www.hyas.com ).

DNS 140
article thumbnail

IoT Devices a Huge Risk to Enterprises

eSecurity Planet

It also feeds into the larger argument for adopting a zero-trust architecture , a methodology that essentially assumes that no user or devices trying to connect to the network can be trusted until they’re authenticated and verified. There also is the zero-trust architecture, according to the ThreatLabz report.

IoT 133
article thumbnail

DDoS Myths: Blackholing and Outsourcing Won’t Stop Everything

eSecurity Planet

When CISOs evaluate their IT infrastructure, they assign scoring priorities to different systems. However, the reliance of systems on each other has increased significantly, with APIs, microservice architecture, and other interdependencies. However, there are limitations to this strategy.

DDOS 84
article thumbnail

Berkshire Bank Banks on Salt for API Protection

Security Boulevard

I especially enjoyed my conversation with Ryan Melle, SVP and CISO at Berkshire Bank. Because traditional solutions, such as web application firewalls (WAFs) and API gateways, lack the ability to correlate API activity over time, they can’t adequately protect this expanding attack surface.

Banking 52