-
22 Mar 2012Don’t underestimate the value of firewall rulebase analysis
Are firewalls sexy? No...but you must understand that they're an integral part of your overall information risk equation. From configuration flaws to rulebase anomalies to overall system inefficiencies, your firewall rulebases can make or break security, business continuity and other critical parts of your IT operations.Last week, AlgoSec's Nimmy Reichenberg and I recorded a webinar titled How to Automate Firewall Operations, Simplify Compliance Audits and Reduce Risk that you may ...
Continue Reading... -
09 Mar 2012
My upcoming webcast on firewall management
Join me and AlgoSec's Nimmy Reichenberg next week for a unique discussion on strategies for improving firewall management.We all know it's the elephant in the room...Today's enterprises have firewalls that are so complex and so fragile yet no one's really taking care of them. Any processes that do exist around rule management, rule changes and firewall risk analysis are often manual - and oh so painful.I know, I know, firewalls ...
Continue Reading... -
11 Oct 2011
What can you really say about your network?
Here's a new guest blog post I wrote for AlgoSec (a Roswell, Georgia-based company with some really solid firewall management applications) where I talk about something near and dear to all of us in IT:Do you really understand your network?...it's more than just a sappy relationship. :-)By the way, in case you missed it, I wrote a whitepaper for AlgoSec recently that you may be interested in as well:Firewall Management: ...
Continue Reading... -
26 Sep 2011
Common firewall management challenges whitepaper
Here's a new whitepaper I recently wrote on the ins and outs - and dos and don'ts - of managing enterprise firewalls:Firewall Management: 5 Challenges Every Company Must AddressIn the paper I cover things such as rules and regulations impacting firewall management, assessing firewall policy risks, managing changes and being able to prove where things stand with your firewalls at any given point in time.Enjoy!...
Continue Reading... -
12 May 2011
Amazon’s cloud outage, big deal…?
Here's a great piece from my colleague Jonathan Feldman on why Amazon's recent outage is irrelevant. It reminds me of my what I've always preached: if it's got an IP address, a URL or human beings involved, it's fair game. Something's going to happen eventually.It's our job to help our businesses/clients to be able to respond appropriately and minimize the impact when something does occur. You've gotta have a fall ...
Continue Reading... -
28 Sep 2010
New Windows identity & access management resources
Here are some new pieces I wrote for SearchWindowsServer.com on Windows IAM - pros, cons, and considerations:Are identity and access management payoffs worth the fuss?The compliance benefits of Windows identity and access managementSix ways to improve identity and access management (IAM) for WindowsFinding the value in Microsoft Forefront Identity Manager 2010Enjoy!...
Continue Reading... -
16 Sep 2009
Third-party apps still a big security issue
A while back I wrote about the importance of patching third-party software on your enterprise desktops. Apparently third-party applications are still out of the security loop. It's a seemingly small problem but it can have pretty big consequences....
Continue Reading... -
20 Apr 2009
Neat open source SIM tool
I attended a local networking event here in town last week where a representative from AlienVault presented their open source security incident/event management tool called OSSIM. I had to endure a painful sales pitch (that wasn't supposed to be a sales pitch, mind you) and a simple-minded "use this product for all your needs" approach to information security...but the tool actually looks promising. It's a "free" way to pull together ...
Continue Reading... -
30 Dec 2008
What if you had to pay for your software licenses?
I've learned the hard way and have since touted the benefits of automating as much as you can when it comes to IT and security management. Software licensing is no different. Here's an interesting story about a time-consuming costly software license audit from Microsoft and AutoDesk that could happen to any given organization at any given time. I suspect the outcome would've been much less painful had this gentleman been ...
Continue Reading... -
03 Sep 2008
Upcoming PCI updates and the firewall change management disconnect
I was reading about the upcoming PCI DSS version 1.2 updates and noticed something that struck a chord. It's the requirement to review firewall rules every 6 months instead of every three. Wooo - what a nice break the Council has given everyone. Seriously folks, is anyone really reviewing their firewall rules on a regular basis? I don't mean loading up the PIX or Check Point or whatever interface, scrolling ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
