White Papers

Whilst maintaining a high level of security is difficult already, the asymmetry of tasks is enormous - your software teams have to patch and fix all their apps, and your security operations team has to protect your entire perimeter. Your adversary, on the other hand, only has to find one way in through any application.

Ed Amoroso shares technical and architectural guidance for how modern multi-cloud infrastructure can be secured using typical measures available from commercial vendors.

David Hechler speaks with three women who have built successful tech careers and discusses the status of women in the field, why so many feel under-appreciated and what can be done.

Platform advice is offered for SOC analysts and DevOps teams addressing security risks.A patchwork of locally integrated, developed, and open source point security solutions is shown to be suboptimal. Instead, an end-to-end commercial security platform is shown to be a better option.

This research note, jointed produced by TAG Cyber and Sepio, makes the case that rogue devices represent a particularly intense threat to financial service organizations.

For one company, Ubiq Security, development tools that enable securing coding practices don’t go far enough. Their mission is to introduce a security platform that enables developers to incorporate data encryption directly into applications, in minutes, and with as little as three lines of code and two API calls.

The Synack Crowdsourced Security Testing platform is proven to reduce enterprise security risk through a continuous crowdsourced testing methodology enhanced by machine learning and artificial intelligence.

A maturity model based on human layer security factors is introduced using questions than can help an organization self-assess its effectiveness in reducing the cyber security risk associated with inadvertent human error or malicious decisions by people.

Enterprises’ attack surfaces are ever-expanding, and cyber criminals are taking advantage of the known unknowns to compromise and exploit well-meaning but often under-resourced security programs.

By establishing a program to systematically manage the firmware health of PCs in an enterprise, meaningful cost reductions can be obtained by extending replacement intervals.

A simple iterative process is introduced to help guide IT, network, and cyber security teams in the introduction of zero trust access to their enterprise.

Requirements are offered for enterprise security teams to use in selecting automated platforms for their security performance management (SPM). 

In this new TAG Cyber Analyst Report, the technique of data sharding is shown to provide effective back-end security controls for stored and hosted resources in cloud. The method specifically reduces the risk of trusted cloud administrators intentionally or accidentally causing a data breach condition.

TAG Cyber covers the recent announcement by Respond Software of its First Responder Service, which provides human concierge support for SOC teams. The First Responder Service is built on the company’s flagship Respond Analyst platform, which focuses on Robotic Decision Automation for enterprise and managed security service operations.

Canadian enterprise information management (EIM) company OpenText announced its intention this past week to acquire for $1.4B, Boston-based Carbonite, a provider of personal and business backup and recovery solution to prevent data loss. 

Today, Waltham-based cyber security technology company Randori announced general availability of their new Recon platform, which allows enterprise security teams to understand, and hence gain better control of their attack surface.

An identity-based improvement is offered to zero trust security with a BlackRidge Technology case study. The paper is based on discussions with John Hayes of BlackRidge Technology. 

Ed Amoroso of TAG Cyber and Reena Choudhry of Shape Security collaborate on an explanation of the progression of automated cyber attacks through three generations. Worms are should to evolve to botnets, which are then shown to evolve to imitation attacks which automated normal user behavior.

Thirty years ago, a researcher wrote a small piece of software that saved his company from a cyber attack by a college student. The software examined inbound TCP packets for ACK=0, which denoted the start of a session. If a new session looked funny for any reason, then the packet was dropped. Weird source IP addresses or unauthorized destination services were typical justifications for disallowing inbound packets. The code was well-written and it worked.

This Cyber Security Framework for Autonomous Machines is offered as a high-level security and compliance requirements guide for developers creating autonomous machines including future connected cars, robots, medical devices, and industrial controllers. The framework is written in an abstract manner so that it can address each of these diverse areas without imposing specific design decisions. The framework is written in the style of the NIST 800-53 Rev 4 Cybersecurity Framework to simplify its application and use, perhaps as an appendix to any NIST assessment for a computing entity with autonomous machine characteristics.

Commercially-available, end-to-end encryption software application solutions address cyber threats from advanced nation-state actors by securing mobile voice communications from eavesdropping. Existing mobile security frameworks, such as explained in a recent Department of Homeland Security (DHS) study, provide a good base for analysis, but are shown to have dealt insufficiently with the threat to mobile voice and corresponding encryption-based safeguards. A secure cyberspace thus requires increased attention to securing voice in addition to data when using mobile devices.

Several existing and new architectural methods are explained that increase the resilience and survivability of distributed cloud security orchestration as found in the vArmour solution set.

This brief technical note outlines the underlying design and functional operation of the Cyberlytic platform, including how web traffic is analyzed for evidence of cyber security threats, processed using artificial intelligence-based methods, and then assigned risk scoring based on the sophistication, capability, and effectiveness of the observed attack.