Author
 Adam Ely
Twitter
LinkedIn
RSS
E-Mail

Profile of Adam Ely

COO, Bluebox
Blog Posts: 15

Adam Ely is the founder and COO of Bluebox. Prior to this role, Adam was the CISO of the Heroku business unit at Salesforce where he was responsible for application security, security operations, compliance, and external security relations. Prior to Salesforce, Adam led security and compliance at TiVo and held various security leadership roles within The Walt Disney Company where he was responsible for security operations and application security of Walt Disney web properties including ABC.com, ESPN.com, and Disney.com.

Articles by Adam Ely

Intelligence Sources From Unlikely Places

10/6/2010
No matter how hard we try to protect our networks, there is always the chance something will go awry. From hackers breaking into our mail servers to laptops infected with malware, we must watch for issues and get help where we can. Most of us have our traditional tools in place to watch for issues from the desktop to the servers: log analysis tools, IDS, AV reporting, and anything else we can possibly gather information from to help us fight threats and know what has burrowed into our infrastruc

Post a Comment

The Case For Outbound Filtering

9/30/2010
We filter and block what comes into our networks, but often forget about what goes out. Attackers know this, and their attack plans even rely on it. Malware that has compromised an internal machine is often programmed to connect to a command-and-control system that resides outside the enterprise. And of course, attackers use outbound connections to transmit stolen data to their own repositories.

Post a Comment

Know Your Product's Security Capabilities

8/16/2010
To build-out enterprises we utilize technologies in all forms. From the routers that shape the network to interrupters that understand the software powering our web servers, third parties have a hand in how secure our enterprise is. It is important when selecting third party technologies that security be kept in mind but we don't always get much of a choice. If we need a desktop operating system, we are pretty limited. If we need a widget for our website, however, we have more options. No matte

Post a Comment

The Limits Of Intuition

8/5/2010
We in IT often rely on gut instinct to make decisions. We pride ourselves on the ability to look at a problem and quickly find a solution. We see a vulnerability, know a nasty exploit exists, and react by telling everyone the vulnerability must be patched. Instict and intuition play a useful role in decision-making, but it's a lot more limited than many people would like to admit, particularly in the realm of security and risk management. It's foolish to think that the complex risks that a corpo

Post a Comment

Insecurity On The Go

7/23/2010
Thanks to laptops, smartphones, iPads, and other new mobile devices, our enterprises now extend to the local coffee shop, hotels and even cars on the interstate and commuter trains. Organizations let users purchase their own devices and connect them to the enterprise in the name of productivity, but this policy also introduces risks. And IT shops know it. According to a recent InformationWeek Analytics survey on mobile device management (MDM), the number of respondents citing security as the pri

Post a Comment

IDS Best Practices

7/16/2010
Intrusion detection systems (IDSs) have a bad reputation. Yes, they can be noisy and generate lots of false positives, both the network- and host-based products. But they are very useful to have at the WAN edge and within your LAN, and you can correct the signal-to-noise ratio through proper tuning and by understanding your environment. In fact, knowing your environment is the foundation of everything we as security professionals do. If we don't understand what data flows between two points or

Post a Comment

Malware Busters

7/9/2010
I've been seeing many organizations struggle with malware lately, so I thought I'd offer a refresher on dealing with malicious software and all the ways it can creep into your organization. Removing malware and rebuilding infected systems eats up IT time and resources (not to mention the potential fallout from any stolen information), so your best bet is to prevent the compromise in the first place. Here's how.

Post a Comment

Should You Secure Your LAN Like Your WAN?

7/2/2010
Everyone knows organizations should never send sensitive data such as credit card or social security numbers across the Internet unencrypted, but many organizations think traffic inside their firewalls doesn't require as much protection as traffic that goes outside the perimeter. That's not the case. Attacks can be perpetrated by an employee or by an attacker who finds a foothold on the network. Being attacked by a stranger is a problem, but company employees can do just as much--or even more--d

Post a Comment

Rogue Hunter: How To Track Wild Access Points

6/24/2010
Rogue access points (AP) can show up on a network for any number of reasons. A user may set up an AP so he or she can bring a laptop to the break room and still have an Internet connection. A contractor or an internal engineer may set up a wireless router to create a test network and then forget to disable it at the end of the test. People who set up unauthorized APs usually don't mean any harm, but that doesn't make it harmless. If you think attackers aren't looking for wireless connections or

Post a Comment

Stupid Firewall Tricks

6/17/2010
Firewalls have a bad reputation in many organizations, but it's not always the firewall's fault. Often, organizations use firewalls in places where they aren't really needed. For example, common practice dictates that we should place firewalls with stateful packet inspection enabled in front of Web servers. But does this really make any sense? Why perform stateful packet inspection on a stateless protocol? Why use a firewall in front of Web property when 99 percent of the requests are allowed?

Post a Comment

White List Or Black List?

6/10/2010
I have spent my week deep in thought on how to secure connections from third-party business partners into my organization. Many of these partners work as an extension of the company, such as outsourced development and operations. These partners have access to source code, business documents, and other sensitive data we would prefer that no one could get to. Data theft is a serious concern, as are other issues, such as a malware infection that hops from a partner's system onto our network.

Post a Comment
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 State of Unified Communications
2014 State of Unified Communications
If you thought consumerization killed UC, think again: 70% of our 488 respondents have or plan to put systems in place. Of those, 34% will roll UC out to 76% or more of their user base. And there’s some good news for UCaaS providers.
Video
Slideshows
Twitter Feed