The Log4j lessons: so what IS vulnerability management anyway?
When your IT-department is confronted with a serious threat such as Log4j, you should be able to focus on problems that precede the question of whether you should and can patch or not.
Rob Maas
The Log4j lessons: If it ain’t broke, fix it now!
Although Log4j and follow-up attack vectors are still a real threat for many organizations, it’s certainly not too early to draw lessons learned from this episode. What made Log4j different from other ‘classic’ 2021 vulnerabilities such as Citrix, Kaseya, and Hafnium (Exchange) is the fact that it was much harder for organizations to pinpoint if they were vulnerable.
The broken DMZ model
The DMZ model can be found in the physical world, with the DMZ between North and South Korea being the most well-known. The idea of this DMZ is that it is neutral territory. Whenever there needs to be some sort of discussion impacting both parties, they meet in the DMZ. When network operators first started implementing the DMZ model, the idea was same.
Network segmentation is not Zero Trust
The terms network segmentation and Zero Trust are used more and more and have turned into real buzzwords. We are asked more and more often whether or not we can segment the network. What is actually being asked is, can we help set up a Zero Trust environment.
Context is key: the data challenge of cybersecurity
Content vs Context Properly assessing this data isn’t a challenge that’s solved by throwing a set of general rules at it, which is what virtually all these products do. The complexity is in the relevance of the data in relation to your environment. It’s important to make the clear distinction between content and context here. … Read more
