Endpoint Security – Cutting Through the Complexity With Clear-Cut Requirements

Author(s):

Alex Haynes, CISO, Cheshire Datasystems Ltd.

Endpoint Security

Endpoint security has evolved drastically over the past 10 years. While previously it only referred to ‘anti-virus’ and typically only on workstations, endpoint security has been replaced by a bewildering array of options that can do dozens of things. With the increase in options, we naturally get an increase in complexity, and combine this with … Read more

DLP Technology – Why Does it Fail?

Author(s):

Alex Haynes, CISO, Cheshire Datasystems Ltd.

DLP Technology

Long ago, before GDPR, there was a class of technology called DLP that claimed to solve all your data leakage and data protection issues.  An acronym that stands for “data loss prevention” (it can also be referred to as “data leakage protection” or “data loss protection,” depending on who you are talking to) was supposed … Read more

From the Spring 2021 Issue

How Much is Too Much When Paying Out a Reward for a Vulnerability?

Author(s):

Alex Haynes, CISO, Cheshire Datasystems Ltd.

how-much-is-too-much-when-paying-out-a-reward-for-a-vulnerability

There has been a lot of publicity surrounding ‘bug bounty’ programs that pay out seemingly large rewards for finding vulnerabilities in web applications. This trend has increased over the years as crowdsourced security programs have matured since their inception almost 10 years ago and their adoption has become mainstream. Should we pay out large sums … Read more

Credentials: Check and Protect

Author(s):

Alex Haynes, CISO, Cheshire Datasystems Ltd.

Protect Credentials from Breaches

Today, breaches continue unabated at the same alarming rate to which we have grown accustomed. More than 36 billion records were exposed in 2020 alone and that’s only counting those we know about. The real figure will rise far higher. The rate of these data leaks is so frequent that it is hard to track … Read more

From the Winter 2021 Issue

Automated Pentesting – Can it Replace Humans?

Author(s):

Alex Haynes, CISO, Cheshire Datasystems Ltd.

Automated Pentesting

In the past few years, cybersecurity automation in many spheres of Cybersecurity increased dramatically. However, pentesting remains stubbornly immune to this. While crowdsourced security has evolved as an alternative to pentesting in the past 10 years, it’s not based on automation. Rather, the alternative simply throws more humans at a problem and in the process, … Read more

From the Fall 2019 Issue

Avoiding Phantom Risk – Chasing Exploitability, Not Vulnerability

Author(s):

Alex Haynes, CISO, Cheshire Datasystems Ltd.

exploitability

The gravest warning a pen test report could contain are the words “The host may be vulnerable to remote code execution”.  It is hard to know what that immediately means. Did they get system access on a host? Nope. Was there a public exploit available for that version of software that enabled remote code execution? … Read more

From the Spring 2018 Issue

Crowdsourced Security – An Alternative to Pentesting?

Author(s):

Alex Haynes, CISO, Cheshire Datasystems Ltd.

cheshire-feature-image

Crowdsourced security programs have grown in popularity to the point where some enterprises have dispensed with traditional pentesting, using the crowdsourced model exclusively for auditing the security of their applications and infrastructure. What is Crowdsourced Security? Crowdsourced security methodologies invite a group of people (a crowd) to test an asset for vulnerabilities. The number of … Read more