Blog Posts

9 Critical Capabilities For Digital Risk Protection Program

Posted by CISO Platform on October 24, 2019 at 12:41pm 0 Comments

Digital Risk Protection ( DRP ) is a term possibly popularized or coined by Forrester to describe the market of tools and technologies to protect from the risks posed by externally facing digital assets. As per Forrester: “Most buyers (77%) are purchasing DRP tools as net-new solutions for their organizations (as opposed to replacing an existing capability). They’re adding DRP to their existing security technology stacks to better tackle digital risk activities — namely, to improve their external digital risk visibility and to streamline the ensuing remediation.” Here are the Critical Capabilities For Digital Risk Protection.

>> Download the Complete Report…


How mature is your Application Security Program?

Posted by Pushkal Mishra on August 30, 2019 at 7:00pm 0 Comments

Business applications are vital for the successful functioning of any organization. Therefore, managing their information security risks are just as important as the business itself. If I ask about different measures you take to ensure security of your applications, you might reply with few initiatives such as periodic secure code reviews, external scans, vulnerability assessments & penetration testings and perhaps audits etc. But what If I asked how mature is your program?

One way to answer that would be to compare your program with the industry practice and identify relative position of your organization. For example, if the industry benchmark is 2 (out of 3) and you are at 0.05, then there are many things that need your immediate attention.

So how do I measure vis-à-vis industry?

No alt text provided for this image

The answer to that…


Learn More About the Key Use Cases Of Network ATP Technology

Posted by CISO Platform on September 4, 2019 at 12:37pm 0 Comments

Advanced Threat Protection (ATP) is used to protect against sophisticated, highly skilled, well funded and motivated threat actor . The solution uncovers advance threats across Endpoints, Network, Email and Cloud. These solutions are used to detect advanced persistent threats that existing controls are not able to detect or are simply not capable of doing it.

Advance threat protection is not about a single security solution, It is about a combination of security controls, best practices/procedures, security awareness and continuous monitoring. It is more of a program based approach than a single solution. Although we understand Advance threat protection has a broad scope, here in this category we have focused on tools/solutions those employs both signature based and signature-less methods (Advance Sandboxes, Behavioral analytics, Advance correlation/machine learning, Deception technique etc. ) to detect advance threats by analyzing Web, and Network traffics.…


How to choose your Security / Penetration Testing Vendor?

Posted by CISO Platform on September 3, 2019 at 9:30am 0 Comments

A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization. Another reason to hire a security testing company is that one may find it difficult to hire and retain Penetration Testers. Following tips will help to choose penetration testing vendor.


# Tip 1: Evaluate technology achievements of the vendor

Good indicators of vendor’s technology competency are:

  • Does the vendor have proprietary tools and technology?
  • Is the vendor known and respected in security research community?
  • Has the vendor published original technology research in the Penetration testing…

Top 10 SIEM Log Sources in Real Life?

Posted by Dr. Anton Chuvakin on August 27, 2019 at 4:00am 0 Comments

[cross-post from Anton on Security blog]

One of the most common questions I received in my analyst years of covering SIEM and other security monitoring technologies was “what data sources…


[Security Operations Analysis] Chapter 2: Information Security Incident Response

Posted by Mohamed marrouchi on August 23, 2019 at 6:30pm 0 Comments

Hi CISO This is the Chapter 2 Information Security Incident Response. It is a part of Security Operations Analysis - Crowdsourcing eBook on Peerlryst - Click Here


Identifying and responding to data security incidents is at the center of security activities. The group appointed to security operations is relied upon to monitor the organization's advantages inside extension and respond to security events and incidents, including the identification and examination of what might be considered indicators of compromise (IOC).

In this chapter we are going to discover the following topics:

  • Incident response Timeline
  • Incident Detection
  • Incident…


What Is The Easiest Way To Allow Only Indian Public IP Addresses To Connect To My Web Server?

Started by CISO Platform on Thursday. 0 Replies

“What is the easiest way to allow only Indian public IP addresses to connect to my Web server? I want my public server to be inaccessible for any foreign IP address.” (question posted on behalf of a CISO member) Continue

[Nominate] Suggest Your Favourites For Top 100 Global IT Influencers 2020

Started by CISO Platform. Last reply by Jason Lau Nov 11. 1 Reply

Recommend an influencer whom we might have missed: We have chosen 82 and look forward to remaining 18 nominations. Now you can suggest us names with their contribution.----> Just reply to the discussion and add your favourite influencer!Continue

Can anyone share their experiences with DNIF and aujas as they are their partner for implementation

Started by CISO Platform Oct 4. 0 Replies

Anyone can share their experiences with DNIF and aujas as they are their partner for implementation (question posted on behalf of a CISO member) Continue

Need Views on Concept Shifting The Security to Left

Started by CISO Platform Sep 27. 0 Replies

Concept Shifting the Security to Left.. to get views and is it practical? Also how and what tools & processes required for it to be successful ?  (question posted on behalf of a CISO member) Continue

XSS game developed by Google to train new recruits:

Started by pritha. Last reply by Mason Dobson Sep 22. 1 Reply

A new way to security...XSS game developed by Google to train new recruits: https://xss-game.appspot.comContinue

Tags: CrossSiteScripting, xss, appspot, google

Wanted To Get Feedback on Arcon, for Privilege Account/Access management

Started by CISO Platform. Last reply by CISO Platform Sep 4. 1 Reply

Anyone using Arcon, for Privilege Account/Access management? Wanted to get feedback? (question posted on behalf of a CISO member) Continue


© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service