Tag Archives: Data breach

Visibility: The Missing Layer of Information Security

No one wants an attacker or malware in their systems. That’s why the information security community spends so much time and effort on prevention. We try our best to implement defenses that stop today’s threats, while imagining new safeguards to catch future ones.

The problem is, complete prevention is simply an infeasible goal. We’re all human. No matter their competence, engineers will occasionally make mistakes that expose new vulnerabilities. Furthermore, even if we had that unattainable “perfect security system,” users would still mess up and introduce new threats. Meanwhile, crafty hackers continue to find new holes to exploit. No matter how great your defense, it’ll never be perfect.

Visibility: The Missing Layer of InfosecThat’s why visibility should play an important role in your information security strategy. Since you can’t stop every attack, you need to have mechanisms that help you detect them. That way, you may be able to respond before it’s too late.

Recently at Gartner’s ITxpo Symposium, I gave a presentation called Visibility: The Missing Layer of InformationSecurity. In this talk, I share how data breaches have increased, while at the same time, it takes us to longer to identify them. I also share a detailed timeline covering four major breaches from the headlines, and illustrate how long the attackers were in these organizations before the breach was even discovered. Next, I show how visibility tools can help you discover breaches more quickly, perhaps even allowing you to mitigate them before the attackers make off with your data. Finally, I offer six things we can learn from these breaches.

If any of this sounds interesting to you, Garter has made my presentation available on-demand. Click here to learn how visibility tools, such as WatchGuard Dimension, can plug the missing gap in your information security program. — Corey Nachreiner, CISSP (@SecAdept)

Corey Nachreiner, CTO, speaking at Gartner IT Expo

000Webhost has 000 Security – Daily Security Byte EP. 169

A popular hosting company suffered a network breach and lost over 13M user records. Not only did the company not know about the breach until five months later, the stolen records included clear text passwords. Watch today’s video to see what you can learn from this web hoster’s mistakes; of which they made many.

(Episode Runtime: 2:23)

Direct YouTube Link: https://www.youtube.com/watch?v=ILnyVCV3spA


— Corey Nachreiner, CISSP (@SecAdept)

TalkTalk Hacked by Teenager? – Daily Security Byte EP. 166

Last week, TalkTalk’s suffered a data breach for the third time this year. It took awhile for the details to surface, but it looks like the attackers exploited a SQL injection flaw in TalkTalk’s website to steal 4M customers’ personally identifying information. Watch today’s information to learn the latest news about this breach, and what you should do if you’re a victim.

(Episode Runtime: 3:32)

Direct YouTube Link: https://www.youtube.com/watch?v=IQhwPq24khk


— Corey Nachreiner, CISSP (@SecAdept)

Data Breachapalooza – Daily Security Byte EP.153

It’s bad enough that we seem to learn about a new data breach every week, but today we learned about four new data breaches, including one that leaked 15M customer record. Watch today’s video to learn which companies were affected, what data was stolen, and what users should do about it. I also discuss how businesses might protect themselves.

(Episode Runtime: 5:24)

Direct YouTube Link: https://www.youtube.com/watch?v=Ayba0H2PjY0


— Corey Nachreiner, CISSP (@SecAdept)

Backdoors and Watering Holes – WSWiR Episode 162

Cyber security has become mainstream. Nowadays, there’s more information security (infosec) stories each week than the average IT professional can keep up with. If you find yourself falling behind, let our daily and weekly videos keep you informed. If you watch my Daily Security Bytes, you can probably skip this weekly summary. However, if you prefer to recap the week in one go, this video is for you.

This week’s episode includes surprising new updates to the Ashley Madison hack, a backdoor in a bunch of consumer routers, and a watering hole attack targeting the EFF. Watch the video below for the scoop, and check out the references section for more.

(Episode Runtime: 8:41)

Direct YouTube Link: https://www.youtube.com/watch?v=DkcT9sFEfWc

Show Note: A couple notes this episode. First, while I posted last week’s summary video to YouTube, I was not able to blog about it due to my early week travel. If you missed it, you can view it here, or just subscribe to my YouTube channel to see my videos right when they come out. 

Also, I will be traveling in Europe all week to attend WatchGuard partner conferences. I will try to post some videos, but I probably won’t get to one every day, and will post them at unusual times. 



— Corey Nachreiner, CISSP (@SecAdept)

Ashley Madison Hemorrhaging Data – Daily Security Byte EP.129

As if yesterday’s Ashley Madison data dump wasn’t bad enough, the attackers have released new stolen data. Learn what new information is at stake, and what you can do to protect your data in today’s video.

(Episode Runtime: 1:39)

Direct YouTube Link: https://www.youtube.com/watch?v=4Yk7OOST1ag


— Corey Nachreiner, CISSP (@SecAdept)

IE 0day & AM Hack Update – Daily Security Byte EP.128

I missed yesterday’s daily video due to an offsite meeting, so today’s episode contains two important stories; an emergency update to fix a zero day vulnerability in Internet Explorer (IE) and the latest update to the Ashley Madison breach. If you run a Microsoft network, or you know anyone that had an account on Ashley Madison, you’ll want to watch the video below to learn what you can do to protect yourself from attackers.

(Episode Runtime: 2:18)

Direct YouTube Link: https://www.youtube.com/watch?v=w9CI3Fk5NiE


— Corey Nachreiner, CISSP (@SecAdept)

Black Hat & DEF CON Aftermath – WSWiR Episode 160

Two weeks ago, the Black Hat and DEF CON conferences unveiled tons of new security research, which means last week was packed with interesting security stories. If you find yourself falling behind on security news, and need a “one stop shop” to keep you up to date, this weekly video does just that.

Last week’s stories included many car hacks, a OS X firmware worm, a big UK breach, tons of patches, and more. If you don’t watch my Daily Bytes, you can catch up all at once with the weekly video below. More importantly, I couldn’t cover many other interesting stories from last week, so if you are interested in those, check out the Reference section below.

(Episode Runtime: 15:10)

Direct YouTube Link: https://www.youtube.com/watch?v=AAIiPp3os1k



— Corey Nachreiner, CISSP (@SecAdept)

Carphone Warehouse Gets Robbed – Daily Security Byte EP.122

UK smart phone shoppers will probably want to know about the latest security breach. This week a popular mobile retailer, Carphone Warehouse, lost 2.4 million customer records. Learn what data is at risk, and what you should do if you’re affected in today’s video.

(Episode Runtime: 2:38)

Direct YouTube Link: https://www.youtube.com/watch?v=YS_f-ViBDcI


— Corey Nachreiner, CISSP (@SecAdept)


Get every new post delivered to your Inbox.

Join 8,147 other followers

%d bloggers like this: