I’m not putting any links to BeeFence since it was a startup I had the honor to be one of the founders of (which obviously went down the road of many other startups…), but the neat thing about it was the technology (did I mention I was the CTO ). Basically – we had what we called “Active Validation” (or sometimes “Interrogation”) of sessions. We generalized it a bit more to cover additional protocols rather than just focus on Web2.0 (think what it can do to the NIDS/IPS world…).

Makes me think of getting back on the startup bandwagon, although I’d have to make some sense out of the drawer-full of ideas I’ve been filling over the past few years having been engaged in web security and cloud security recently… you never know

Related posts:

1. Two steps forward, one step back – controling botnets…
2. Identity crisis
3. Clouds, and the winds that blows them away…

Funny how technology sometimes is way simpler than you imagine it would be. As per the new twitter based botnet channels, and the fancy web2.0 communications that are available for usage (see older post at here), utilizing the age-old mechanism of anonymously posing messages on a newsgroup is humbling.

Nevertheless, it’s the same new story (Google groups were chosen because of the web interface and the uptime reputation), just dressed up in old clothes (pun intended…). The same advice that I gave 2 years ago, which I gave last year, and again 3 months ago, is still valid – forget about putting out fires (that’s your off-the-shelf AV). Focus on proper mitigation, a solution that shows you how the technology is an extension of the company’s research, and forward thinking attitude. Look for solutions that are more behavioral in nature in order to identify mal-intent communications, and act proactively based on the predictions and research done.

Basically – don’t settle for mediocracy!

Stay safe.

Related posts:

1. AHA! A blast from the past…
2. Getting a business degree as part of Security Research?
3. Identity crisis

In Israel, insurance agencies are not yet at the stage where they provide full access to insured parties online to their insurance and policy information, but should be getting ready to do so. Some of the considerations and implications of creating the infrastructure for such access is discussed in the article in light of the risk management requirements set forth by regulation for such organizations. Financial institutions have been facing the same issues for years now since online banking have become a standard so it’s a great opportunity to reexamine what policies are applicable and what technologies can be used to enforce them in a very similar environment.

Related posts:

1. Practical vs. Regulatory – the votes are in!
2. Identity crisis
3. Clouds, and the winds that blows them away…