ISE® Lions' Den and Jungle Lounge 2016
QUANTIFYING CYBER RISK: A Success Story in Municipal Government> Download Whitepaper
The City of San Diego has personally identifiable data of its residents, which, if compromised due to a security
breach, could force the City to pay for credit monitoring for those individuals affected by the breach. And while
its 911 emergency system isn’t a revenue-generating asset, it is an essential service delivered by the City and a
loss of service could pose liability issues, not to mention reputation and trust issues among City residents.
Late to the game: Multifactor Authentication is hard even if you’re Amazon> Download Whitepaper
It’s not often that Amazon is late to any game. Consistently cited as the leader -- quite often
defining the cutting edge -- of supply chain and delivery logistics, e-reading technology, DRM-free
digital music distribution and countless other technologies, there is one crucial technology that
Amazon was late to adopting: multi-factor authentication. You’ve been able to protect your Google
Account with MFA since February 2011 (Enterprise customers got the feature in September 2010 --
more than 5 years ago!). Apple launched the feature in March 2013, not long after Mat Honan,
Senior Staff Writer for WIRED experienced an “epic hack” that disabled his computer and mobile
device hardware, and compromised his Google, Twitter, Amazon and Apple accounts in the matter
of a few minutes. A key part of that attack chain? Amazon. Just a few weeks ago, in November
2015,Amazon finally announced the availability of two-factor authentication to protect your
Amazon account.
Runtime Application Self Protection (RASP) Evaluation Criteria> Download Whitepaper
RASP, or “Runtime Application Self Protection” is the evolution of two precursor technologies:
Web Application Firewalls (WAF), and Static Application Security Testing (SAST), and related
technologies.
WAF solutions, also known as Layer 7 firewalls, were the first industrial-scale solutions for application security. Operating at the highest network protocol layer (layer 7), WAFs attempt to increase the sophistication and accuracy of traditional “packet-filter” firewalls. The inventive rationale that gave birth to WAFs was simple: if the firewall can understand the application’s protocol and parameter semantics, then more accurate exploit detection will result. For simple applications, WAF’s thesis worked with some benefit. But as application complexity grew – accompanied by the rapid emergence of new application types and technologies such as JSON, REST, etc. – the ability of WAFs to provide accurate exploit detection without false positives and endless human-tuning has not materialized. Today it is rare to find a WAF deployed in unconditional blocking mode for any application, and this is testament to the inherent inaccuracy of WAF technologies.