Susan Brown

Three (Totally Legal) Strategies for ‘Fighting Back’ Against Cybercriminals

The idea of ‘fighting back’ against hackers is both scary and risky business. Most security professionals would strongly advise against it, in part because one false move could land you behind bars. But ‘fighting back’ doesn’t have to translate into attacking an attacker’s IP address, setting up lethal traps for hackers, or purposely damaging systems--it’s about defending your own networks, while working to identify and gather evidence of the attack and attackers.

Tenable’s Paul Asadoorian will be presenting alongside John Strand, Senior Instructor with the SANS Institute, on this topic at RSA today, March 1, 2012. They’ll share practical advice on how to responsibly integrate offensive measures into your network security strategies. They’ll also cover legal considerations, relevant case studies of people and organizations that strategically (and legally) fought back, sensible techniques, and strategies for determining if offensive countermeasures are right for you.

Not All ‘Cybers’ Are Created Equally

By Marcus Ranum, Tenable CSO

What do these four terms have in common?

Cyberwar, Cybercrime, Cyberespionage, and Cyberterror.

  • They all start with the word ‘Cyber’
  • They’re all bad stuff
  • And they’re all consistently confused with each other, despite significant differences (and sometimes conflicts) between them

    Many people already know my position on ‘Cyberwar’ but things have changed significantly over the past four years in IT and physical security, technology, the government, and the military. The actual ‘Cyber’ landscape is much more nuanced than many seem to realize, which has created an unnecessary public perception of extreme vulnerability (which can lead to fear, which can be dangerous).