Feed on
Posts
Comments

Category Archive for 'Security Architecture'

In the aftermath of the pentester´s failed attempt to get hold of Active Directory we started to discuss the long lead time of getting a pentester onsite. Sure, it´s mainly a question of resources and money but there is an underlying challenge seldom thought of. Today security functions is not static or passive. They have […]

Read Full Post »

How do you evaluate your security functions and how do you decide what security to invest in? Is an IDS the way to move forward or implementing the recommendations from NIST Digital Identity? Better stick with the IDS because it´s a thing you can implement so it is easier to measure the progress of the […]

Read Full Post »

One of my core skills is conducting risk analysis, to be more precise, I tell my customer to quit fiddling with esoteric attacks and focus on the real challenges, like good passwords, MFA and credential hygiene. One common question I get is: Who would like to attack us? We have no money reserves like a […]

Read Full Post »

I meet with many security departments in my line of work. One thing that has been showing it´s ugly face during the last two years is the reference to ‘The network group’, often spoken with a bit of fear. Anytime that I present Credential Theft Mitigation or Identity Security it is unavoidable that someone reference […]

Read Full Post »

On-prem or Azure

On question that often pops up in my discussions is when to move to Azure. There are many considerations to take into account when it comes to a move to Azure and similar but from a security perspective it is all about the speed of reactions to a threat. If you have a really tight […]

Read Full Post »

I was engaged in a minor workshop together with a bunch of security architects to work out a problem why it was to challenging to implement a new security architecture. No matter the document, workshops etc. they did nothing stuck. New solutions not following the architecture popped up all over the place and the architects […]

Read Full Post »

Last months I encountered a strange situation at a customer. I did a security review and deployed some simple log analytics tool to identify where Domain Admins logged on as we suspected that an intruder was roaming around in the environment. To my customer´s fear we more or less instantly saw that the Administrator account […]

Read Full Post »

As you know if you work in the field of Credential Theft Tier 0 is the most important thing to protect. With Tier 0 access I pwn a company, to use a security term. The implications from a contractual perspective is seldom considered when a company decides to outsource Tier 0, i.e. their Domain Controllers […]

Read Full Post »

I might be a bit naïve when it comes to Service Provider but, normally, I would expect contracts to contain just a bit of clauses regarding intrusions and loss of data but apparently this is seldom the case. Only thing that is measured is uptime in the SLA and with todays very efficient malware and […]

Read Full Post »

Following the previous post about consequences when you deploy the identity control plane we will now focus on the security that you need to apply. The security is to be divided in three parts: Identity management, Device and Identity. The identity is the full definition of the identity to the level you need to be […]

Read Full Post »

Next »