defendyourdomain

Defeat cyber attackers
Security is a battlefield. Join our chat about protecting your data from every angle.
IBM LinuxONE
Q9: Which is a bigger source of threats - internal or external?
Nick Sardino
Organizations are constantly under attack from external threats, it’s never ending. #overwhelming
John Mertic
I'd say both, both internal is more often overlooked.
Adam Jollans
Et tu Brute - internal threats are less expected
Diana M Henderson
Insider attacks are often more costly, but outsider attacks are more prevalent given their variety (DDoS, malware, ransomware). Both are painful @IBMLinuxONE
Major Hayden
@StevenDickens3 Exactly. Don't prep for just insiders or just outsiders. Assume they're both on the way.
Nick Sardino
Internal threats are more concerning though because they come from players and places and at times we don’t expect #insiderThreat
Craig Mullins
I'll use my consultant's answer again: it depends
Steven Dickens
@majorhayden 100% agree, did you see the Twitter insider who shut down President Trump's twitter account...
Craig Mullins
Depends on your business, your client profile, your staff, etc. etc.
Nick Sardino
@dianamhenderson The increase in outsider attacks from state sponsored entities is extremely alarming to me.
Steven Dickens
@craigmullins everyone is open to social engineering...
Erika Hernández
you usually trust people within your organization, so being attacked from the inside was usually unexpected and for so more dangerous.
Craig Mullins
You have to be prepared to protect against both
Ryan Fay
Both. Internal you have home field advantage, external you get the advantage of more team collaboration due to the external nature of the threat. Again, this all depends on your team - their wherewithal and bandwidth to quickly find the RCA.
IBM LinuxONE
Q4: What does "operationalizing #security" mean to you?
Nick Sardino
Making security part of a company’s daily hygiene and management processes
John Mertic
Not thinking about security at the tail end of application development
Major Hayden
Make it automated and free up the humans to do really valuable work.
Diana M Henderson
Operationalizing #security speaks to one of the growing movements around #DevSecOps and integrating security into the application development lifecycle through to deployment in production
Major Hayden
Security isn't a dev problem or an ops problem. It's a problem for everyone to tackle.
Steven Dickens
@majorhayden or run it on a box where its encrypyted 100% of the time, all the time
Diana M Henderson
Security is present by design, not bolted on.
Nick Sardino
@jmertic "Security by design" is a concept that has come up in a lot of our client discussions. @IBMLinuxONE was designed with security in mind.
Major Hayden
@NickSardino Quite true, and @IBMLinuxONE has some nice built-in security features to boot. ;)
Steven Dickens
@jmertic agree, you can't bolt security on at the end..
John Mertic
@NickSardino Security still has to be part of the full stack of the application. Including having a good way to see the code you are pushing into production.
Diana M Henderson
@jmertic agreed. Security cannot be added on at the end
Nick Sardino
Key to security operations is rapid detection and incident response. A data #breach may feel inevitable. #SOC
John Mertic
It would be great to see more #devsecops minds looking at this code and seeing how to invest more into algorithm development for finding issues as they pop up https://github.com/o...
Steven Dickens
@majorhayden also make it pervasive, and get people to focus on other more valuable up the stack activities
Craig Mullins
When security is imbued into everything we do in IT, then we have operationalized security; we are not there yet
IBM LinuxONE
@NickSardino Complementing your thought, you could get more information here: http://ibm.co/2gB8HQ...
Ryan Fay
IMO it means baking the security aspects directly into the product at each step of your methodology. What used to be something more of an afterthought has become the number 1 area of concern for many folks. It's really a mindset of the biz.
IBM LinuxONE
Q1: What are the top #security challenges facing businesses today?
Nick Sardino
Most organizations are worried about the threat of a breach and meeting complex compliance mandates
Craig Mullins
Threats are all over the place! Cybercrime, APT, Fraud, Physical Threats, Terrorism, Insider Threats, Hacktivism and Nation-State Threats
Diana M Henderson
Malware, patching maintaining security hygiene, adapting firewalls, high impact events and internal or external threats are a few of the challenges facing organizations today
Nick Sardino
Nobody wants to be the next big name in the headlines. Reputational risk is a huge concern.
Craig Mullins
Adapting your security strategy for the #cloud is a current challenge
Fabiana Carranza
I consider its malware and the budget needed for a proper cyber security program
Major Hayden
Business are challenged with making data always available to the customers/employees while keeping it safe from attackers.
John Mertic
I'd add the fear of the unknown - code origins, account credential sharing, and data origins.
Major Hayden
Today's software-defined-everything world make it challenging to use older methods for securing infrastructure.
Craig Mullins
Staying current as hackers adapt and modify their attack methods is also challenging
Major Hayden
Today's software-defined-everything world makes it challenging to use older methods for securing infrastructure.
Major Hayden
@craigmullins Knowing when to go to (which) cloud is quite a challenge, too. ;)
Craig Mullins
And let's not forget #GDPR, which comes into full force next year. There are many security aspects to compliance
Diana M Henderson
Partnering with compliance officers to address changing geo and industry regulations often keeps security professionals busy
Nick Sardino
@majorhayden @craigmullins agreed on the challenges of security in the cloud
Steven Dickens
@craigmullins HIPAA, PCI DSS the list goes on
Ryan Fay
Everything from the GDPR to the fundamentals (SSAE-16 SOC 1/2/3 Type1/ 2, HIPAA, PCI DSS AoC, Trustwave Certificate, HITRUST, U.S. Government OIG and SAM, GLB).