Is network PVR the best direction for the big studios ?
The distribution of video over multicast-broadcast networks and content storage at by users with Windows PCs and PVRs has created a huge threat surface for digital content. Typical to flawed security countermeasures, HDCP and AACS exacerbate and enlarge the threat surface rather than enhance revenues and reduce risk. In this article we will show that […]
Where your living room meets your PC
I recently got a new notebook (a Lenovo Thinkpad X-Series) and it’s great (my old Acer Travelmate dual core is still chugging along and refuses to die although the screen is beginning to fade – so the time had come to update personal technology). The first thing I noticed was that it comes with an […]
SOX IT Compliance
A customer case study – SOX IT Compliance We performed a Sarbanes-Oxley IT top down security assessment for a NASDAQ-traded advanced technology company. The objectives for the study were to evaluate the internal and external threats that impact the company’s information assets. Using the Business threat modeling (BTM) methodology, a practical threat analysis PTA threat model was constructed and a number […]
DLP for telecom service providers
A customer case study: Using DLP to protect customer data at a telecom service provider Our first data loss prevention (DLP) project was in 2005 with 013 Barak – now 013 Barak/Netvision. It followed on the heels of an extensive business vulnerability assessment and management level decision to protect customer data. It’s significant that 013 […]
DLP in on-line trading
A customer case study – DLP helped diamonds.com be more secure and more competitive. We designed and implemented a large scale IT infrastructure modernization project that was tasked with improving availability, scalability and security of the online diamond trading networks at diamonds.com and diamonds.net. Network DLP appliances were deployed in the US and in EMEA […]
Digital content protection
A customer case study – Digital content protection for VOD on a TCP unicast network One of our most interesting projects recently was a digital content protection and secure content distribution software development projects in the field of IPTV and video on demand. We were called in at a critical stage in project delivery to […]
Cloud security assessment
A customer case study – cloud security assessment Faced with a steep bill for securing a new cloud application, a client asked us to help find a way to reduce their risk exposure at the lowest possible cost. By using the Business Threat Modeling methodology and PTA (Practical Threat Analysis) software, we were able to build a […]
Catch 22 and Compliance
Let’s say your’e a payment processor going through a PCI DSS 2.0 audit: Does this sound familiar? (just replace certain words by certain other compliance related words): Without realizing how it had come about, the combat men in the squadron discovered themselves dominated by the administrators appointed to serve them. They were bullied, insulted, harassed […]
Why less log data is better
Been a couple weeks since I blogged – have my head down on a few medical device projects and a big PCI DSS audit where I’m helping the client improve his IT infrastructure and balance the demands of the PCI auditors. Last year I gave a talk on quantitative methods for estimating operational risk of […]
Will security turn into a B2B industry?
Information security is very much product driven and very much network perimeter security driven at that: firewalls, IPS, DLP, anti-virus, database firewalls, application firewalls, security information management systems and more. It is convenient for a customer to buy a product and feel “secure” but, as businesses become more and more interconnected, as cloud services […]
