Captain's Log, Stardate 2021.11.05

circle
circle

Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack

Lamboozling Attackers: A New Generation of Deception | ACMQueue / Kelly Shortridge, Ryan Petrich

2021-11-05 Captains Log - JupiterOne

Innovation in deception has languished for nearly a decade because of its exclusive ownership by information security specialists. This wasted potential motivated our design of a new generation of deception systems, called deception environments.

These are isolated replica environments containing complete, active systems that exist to attract, mislead, and observe attackers. By harnessing modern infrastructure and systems design expertise, software engineering teams can use deception tactics that are largely inaccessible to security specialists.

Read the full story...



Modern Cybersecurity: Tales from the Near-Distant Future | Book Download

Modern Cybersecurity - Hardcopy or Digital - JupiterOne JupiterOne recently released a book featuring seven security practitioners telling their stories (Target, DoD USAF, sweetgreen, Cobalt, NTT Data Services, JupiterOne, Cyber Leadership Forum). The stories describe the details of major business problems experienced when implementing cybersecurity - and how they overcame them.

We had over 900 downloads and figured, "Hey, people found it interesting. Let's keep going!" The book is available on Amazon, or you can download the digital copy for free.


SBOM Myths vs Facts | NTIA

2021-11-05 Captains Log  - JupiterOneThe NTIA Multistakeholder Process on Software Component Transparency1 seeks to provide industry-agnostic guidance and resources to support adoption and implementation of Software Bill of Materials (SBOM).2

As the practice of SBOM expands beyond trailblazing industries (e.g., Financial Services and Healthcare) and becomes more widely adopted, the resulting network effect will amplify the initial and inherent benefits that SBOMs provide. With increased awareness comes increased opportunity for misunderstanding.

This document is intended to help the reader to understand and dispel common, often sincere myths and misconceptions about SBOM. This list is not intended to be comprehensive. For more common questions and concerns, see the SBOM FAQ.

“The future is already here – it's just not evenly distributed.” -- Willam Gibson

Read the full story...



Penetration Testing and the Inequality of Time | Cobalt / Tyler Shields

The Inequality of Time

Attackers have infinitely more time to breach a system than we do to defend it. The inequality of time problem stems from the fact that there is a mismatch between the time available to an assessment team and the time available to the attackers.

When conducting a penetration test or security assessment, companies are always limited on the amount of resources they can throw at the problem. They either have a finite number of people available, time for those people, or money to contract with the right people. 

Attackers, on the other hand, have the luxury of infinite time. If they are dedicated and focused, they can take all the time that they need to penetrate your defenses.

Read the full story...



Korean Phrases You Missed in 'Squid Game' | Wired Video

Screen Shot 2021-11-05 at 2.43.07 PMThe on-screen English translations of 'Squid Game' didn't always match up to the characters' dialogue.

Korean English professor and director of the Korean Language Program at Columbia University, Joowon Suhexplains the phrases English speakers might have missed out on while watching the hit Netflix show.

Read the full story...


Resources

 

Modern Cybersecurity - Hardcopy or Digital - JupiterOne

 

 

avatar

Posted By Mark Miller

Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.

Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.

As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).

To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

PREVIOUS ARTICLE

cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.