Target Breach: Vendors, You're Not Wrestlers, And This Isn't The WWE

Yesterday, Bloomberg Businessweek ran a story providing some alarming details on the Target breach.  The article, “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It,” didn’t paint a pretty picture of Target’s response. 

Some of the highlights in case you haven't read it yet: 

  • Six months before the incident, Target invested $1.6 million in FireEye technology.
  • Target had a team of security specialists in Bangalore monitoring the environment.
  • On Saturday November 30, FireEye identified and alerted on the exfiltration malware. By all accounts this wasn't sophisticated malware; the article states that even Symantec Endpoint Protection detected it. 
Read more

You Should Attend Next Year’s RSA Conference Innovation Sandbox

Last week I attended the RSA Conference (RSAC) Innovation Sandbox for the first time.  Not only was I an attendee, but I also was fortunate enough to host a CTO panel during the event. For those that aren’t aware, the Innovation Sandbox is one of the more popular programs of the RSAC week.  The highlight of the Innovation Sandbox is the competition for the coveted “Most Innovative Company at the RSA Conference” award.  This is basically the information security version of ABC’s Shark Tank.  If you want to learn about the up-and-coming vendors and technologies, this is one place to do it. To participate, companies had to meet the following criteria: 

  • The product has been in the market for less than one year (launched after February 2013).
  • The company must be privately held, with less than $5M in revenue in 2013.
  • The product has the potential to make a significant impact on the information security space.
  • The product can be demonstrated live and on-site during Innovation Sandbox.
  • The company has a management team that has proven successful in the delivery of products to market.
Read more