Author: Tony Bradley

I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 2 dogs, 5 cats, 1 rabbit, 2 ferrets, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Twitter, Facebook, Instagram and LinkedIn.

We are living in very interesting times. Organizations of all sizes and across all industries have been migrating to the cloud for years. Those that were not already actively engaged in digital transformation at least had it on their radar with plans to start soon—and then the COVID-19 pandemic hit. Suddenly, office environments were shut down and entire companies were forced to work from home as various regions quarantined to contain the virus. Organizations had to accelerate the move to cloud platforms and software-as-a-service (SaaS) tools in order to keep revenue flowing. In the moment, the focus was almost entirely…

Read More

The concept of capture the flag competitions goes back hundreds of years from a military perspective, and it has become a staple of hacking and cybersecurity exercises. The basic concept pits teams against each other in a race to infiltrate or compromise a target or opponent and achieve victory by capturing that team’s flag. Capture the flag—or CTF—challenges are very common for software hacking, but Intel has taken the idea and focused it around hardware in an effort to identify weaknesses and find innovative solutions to ensure future hardware is more secure. A handful of recent, high-profile exploits within hardware…

Read More

TechSpective Podcast Episode 050 “Every company is a software company.” That is the quote that kicks off the Executive Summary page of the latest State of Software Security Report from Veracode. This is Volume 11 of the report, with a focus on looking ahead to identify how developers can continue to make applications better and more secure. Obviously, some companies produce microwave ovens, and some businesses repair garage doors. In a purely technical sense, not every company is a software company. But, the point of the quote is that, increasingly, no matter what industry a business is in, software and…

Read More

Every security vendor believes that their product solves a problem and helps customers protect against a breach, exploit, or compromise. However, not every vendor is confident enough in their ability to deliver on that promise to back it up with cash. Cybereason today unveiled The Cybereason Breach Protection Warranty that puts its money where its proverbial mouth is when it comes to protecting customers. Cybereason, which recently launched a complete brand refresh, is a leading player in the endpoint detection and response (EDR) arena. Cybereason recognizes that many of the sophisticated attacks today come from attackers trained in military and…

Read More

Forcepoint hosted the Cyber Voices Zero Trust Summit today. It was a virtual conference similar to the SASE CyberSummit they held back in June. One of the sessions that stood out was “A CISO’s Perspective on Zero Trust”—a discussion between Myrna Soto, chief strategy and trust officer for Forcepoint, and Andy Vautier, chief information security officer for Accenture. It was an engaging and enlightening session that highlighted the increasing need for ZTNA (zero trust network access) and SASE (secure access service edge) to help secure and protect the “new normal”. Let’s start with a brief overview of what ZTNA and…

Read More

The world of cybersecurity is constantly changing—technology is continuously evolving and the threat landscape is constantly shifting and expanding. Organizations need to adapt as well to ensure their security tools and policies can effectively protect against emerging threats. Forcepoint hosted a virtual conference today—Cyber Voices Zero Trust Summit—to discuss the evolving role of zero trust network access and the dramatic rise of relevance and importance for zero trust as the world adapts to a new era of remote connectivity in the wake of the COVID-19 pandemic. Zero Trust Network Access Matt Moynahan, chief executive officer of Forcepoint, kicked off the…

Read More

Qualys recently made its Multi-Vector EDR offering generally available. The product takes the idea of endpoint detection and response (EDR) and applies it in a more holistic way that extends beyond the endpoint to provide additional context and insight. When I first wrote about Qualys Multi-Vector EDR, I described it, “Multi-Vector EDR takes the concept of EDR and applies it more broadly to the entire environment. The Qualys Cloud Agent enables organizations to collect valuable telemetry that is sent to the Qualys Cloud Platform for deep analysis in real-time. Qualys Multi-Vector EDR provides comprehensive visibility and protection using a single…

Read More

The COVID-19 pandemic has brought much of the world to its knees and sent ripples across all regions and industries. One consequence of the pandemic has been the elimination of large gatherings—meaning no in-person conferences or conventions. Events like Black Hat and Microsoft Inspire made the shift to transition to streaming online—which is great, but does not make up for the networking between peers or the serendipitous conversations that typically occur, affectionately referred to as “Hallway Con.” IOActive is stepping up to try and fill that void with the IOActive Labs Blog and a new guest blog series. John Sheehy,…

Read More

You’re familiar with the phrase, “A picture is worth 1,000 words.” Well, Microsoft and Intel are applying this philosophy to malware detection—using deep learning and a neural network to turn malware into images for analysis at scale. Project STAMINA—an acronym for STAtic Malware-as-Image Network Analysis—converts malware samples into two-dimensional grayscale images that can be analyzed based on their unique criteria. Researchers from the two companies have worked together to develop this interesting approach to malware detection. STAMINA uses deep learning—a type of machine learning designed to create an intelligent system capable of learning on its own from unstructured and unlabeled…

Read More

Virtual Panel Event Complete with Drinks, Snacks, and Trivia When the world gives you lemons, make lemonade. Many vendors did just that around the time of what would normally have been the massive Black Hat and DefCon cybersecurity conferences in Las Vegas. The world has given us lemons in the form of COVID-19 and limitations on travel and group gatherings in an effort to contain the pandemic, so the conferences switched to online and many vendors hosted their own virtual events to fill the void. Intel took things a step farther and did their best to recreate the atmosphere of…

Read More