Following the Wh1t3 Rabbit - Practical Enterprise Security

Enterprise Security organizations often find themselves caught between the ever-changing needs of the agile business, and the ever-present, ever-evolving threats to that business. At the same time – all too often we security professionals get caught up in “shiny object syndrome” which leads us to spend poorly, allocate resources unwisely, and generally de-couple from the organization we’re chartered to defend. Knowing how to defend begins with knowing what you’ll be defending, why it is worth defending, and who you’ll be defending from… and therein lies the trick. This blog takes the issue of enterprise security head-on, challenging outdated thinking and bringing a pragmatic, business-aligned, beyond the tools perspective … so follow the Wh1t3 Rabbit and remember that tools alone don’t solve problems, strategic thinkers are the key.

Rafal (Principal, Strategic Security Services)

Displaying articles for: June 2012

From fear to feature - deploying code faster as a security feature?

Is the thought of deploying software multiple times per day making your security-focused brain freak out?  What if I told you that there are security-minded people out there that think deployment at these insane paces is a good idea, and more importantly - good for overall software security?  Intrigued?

The Patchwork Cloud - Data: The final frontier of the collapsing perimeter

If you missed today's Converged Cloud ( #ConvCloud on Twitter ) chat at 1:00pm Eastern - you missed a big one.  Lots of information security professionals and IT leaders discussed what keeps them up at night with respect to cloud - and I believe we reached a "Eureka!" moment too...

Labels: patchwork cloud

Advanced Persistent Threat (APT) - Separating the unicorns from the reality (again)

APT. Advanced Persistent Threat is real... but the thinking around how we address real threats to our enterprises needs to evolve, relatively soon.  The key is to understand, and respond to the changing landscape... 

BYOD - The reality of allowing foreign bodies into your network

Earlier this morning I asked my Twitter followers to quickly check the temperature down in Hades ...because there simply had to be icicles hanging from the rafters after I saw this first tweet in response to my BYOD post.  Historically, the security community has had a negative reaction on the whole BYOD (bring your own device) concept ... but when we all start thinking alike and agreeing - maybe we're onto something here?

The Patchwork Cloud - "Breaking laws you didn't know applied"

What if I told you that in the future there will be no "servers" in the data center, physical servers that is.  In the future there will just be large inter-connected fabrics of CPU, memory, network, and storage components - and this will all be completely borderless in the International sense.  Also - right now as you read this - someone is breaking some law while using a cloud-based data synchronization service ... makes those security measures you are implementing a little ..inadequate ... doesn't it?

Are enterprises really hacking the hackers?

There is a highly sensational news story being circulated from Reuters currently about companies hacking back at hackers... is this a good idea?  Is it legal?  Will it achieve anything besides causing you to spend lots of effort and capital on a potential wild-goose chase?  Let's analyze this ...

Taking a run at the "Hindsight is 20/20" rule

Hindsight is 20/20, at least that's what "they" say.  I don't know about you, but I'd like to see that change, even a little bit... we're building a community of people who are genuinely interested in identifying, exposing, and helping solve some of the toughest problems we have yet to uncover ...will you join us?  What are you waiting for an invitation?

Labels: enterprise2020

Reflecting on HP Discover 2012 - 5 Things I'm taking home from Las Vegas

The dust has settled, I've gotten most of the Las Vegas sand out of my pockets, and I've caught up on sleep - so it must be time to reflect back on HP Discover 2012, from Las Vegas, and all that happened.  Here is my list of the Top 5 Take-Aways from our premier customer-driven conference, where the theme was Make it Matter...

Detecting unknown application vulnerabilities "in flight"

At the heart of DevOps is the notion that you should be able to diagnose and repair issues with your applications in production.  Yes, this includes security issues which are being identified by attackers which you didn't previously know about, and that haven't yet turned into an incident (that you know of).  This post is a quick reaction to Nick Galbreath's presentation on "Data Driven Security" and I think the talk and this post are worth your read.

The Resilient Enterprise - Resolving issues faster

In a conversation that's been evolving over the last couple of weeks, Matt Groeninger and myself have been talking with others over Twitter about how we can make issue resolution faster.  This means that we want to not only restore service during an outage, but we also want to make sure we understand the root cause and put in a long-term fix while we're at it ... this is a tough problem... or is it?

The Patchwork Cloud - To rent or buy your cloud?

I read a lot. That should not surprise you.  Today I got an interesting poke on Twitter that the folks over at PistonCloud have written up an interesting blog post in response to last night's mysterious Amazon outage ... and it caught my attention.  To be fair, many folks I know have commented on the post, and on Amazon's issues - but as always you can expect a slightly different viewpoint from me here goes.

Guest Post: OODA vs.. D3A - Which is actually more appropriate?

Hello again friends and colleagues!  I get really excited when someone takes the time to not only read and think about a thought or post I had - but goes all the way to writing their own reply.  This is one of those posts I'm excited to put up on behalfof C.J. Wallington who took the time to explain why he thought my love for OODA was a little off ... and why D3A is more appropriate to incident response in the world of IT.

The Resilient Enterprise - Learning to Fail, Part 2

Welcome to part 2 of the 2-part series on learning to fail in the enterprise.  We're not advocating that enterprises actually go out and learn to fail on purpose, simply that we should learn from our failures and short-circuit the process of coming back to life, and getting on with business.  Here are a few examples...

Do you really need a CISO to have security?

What's in a name? Does a rose by any other name really smell as sweet?


Does an organization absolutely need a CISO to have security, or can someone else in the organization take the responsibilities without having the title?

The Resilient Enterprise - Learning to Fail, Part 1

If the agile enterprise is to become a reality, not just something we talk about at conferences and write books about, then it needs to be a core ideal, served by every technical and non-technical function and products and services to enable that core ideal.  The road to the agile enterprise starts with an awakening to DevOps.  Step 1, learning to fail, recover and move on.  Let's talk about this...

The Resilient Enterprise - Taming chaos with automation

Today I'm at day 1 of HP Discover here in Las Vegas, and let me start off by telling you that the blog post is still in the back of my mind as I walk the show floor and stand in the back of the crowd and watch our engineers do demos and explain technology.  The theme is "Make it Matter" ... and on that theme I'm trying to make sure I make my blog posts matter to those of you that I've met so far walking around, and over Twitter.  Those of you that are on board with the idea that stability is bad and a little chaos is good are looking for a way to make it real, tangible, and something you can implement.

Stability is bad for your business

I had a hard time believing this when I first heard it - but stability is bad for your IT, and your business.  The more stable a system is, the worse off it is when it comes to being resilient ... how is that possible you ask?  Read on, and let me know if you agree.

The dangers of chasing the next Flame [malware]

Has the discovery of the Flame custom cyber weapon (yes, I said cyber weapon) thrown your world into turmoil?  Are you going crazy trying to figure out how to defend against this advanced, custom-coded threat while you fail at resiliency fundamentals and "Security 101"?


Let's take a rational, tempered look at what's going on ...

About the Author(s)
Follow Us
Twitter Stream

Community Announcements
HP Blog

Technical Support Services Blog

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation