SecureIQLab Establishes APAC Office in Kathmandu, Nepal
SecureIQLab has officially established its Asia-Pacific (APAC) office in Kathmandu, Nepal, marking a significant milestone...
AVAR 2025: Asia’s Digital Velocity vs. the Reality of AI Security
AVAR 2025 velocity vs security
The Missing Layer: Why Observability Needs Validation
Observability needs validation
“Secure-by-Design” and “Secure-by-Default” Badges from SecureIQLab — and Why They Matter in WAAP
What do the Secure-by-Design and "Secure-by-Default" badges really mean?
SecureIQLab brings independent outcome-based validation to Mplify at Global NaaS Event (GNE)
SecureIQLab joins forces with Mplify
Enterprise browsers – when your regular browser’s security just isn’t good enough
Your regular browser may not be secure enough for modern threats, enterprise browsers can help.
AI testing – harder than it looks
As AI overload becomes a real thing, ominous, outsized claims are becoming annoyingly de rigueur....
Cloud firewalls get a (welcome) overhaul
Cloud firewalls are usually just a cluster of virtual machines running security software in a...
Cyber Criminals Have A New Best Friend – The University of Oregon
The views and opinions expressed in this blog do not necessarily reflect the views and...
Blackhat 2025 – Test AI before you trust
At Blackhat, there wasn’t a space of 10 feet not festooned with overtly optimistic promises...
Chatbots, AI, and PayPal
To start with, this isn’t really about PayPal, they just gave me a great example...
Testing Ain’t Easy
Recently, I bought a Ring security system. I had to. My fiancé said she wouldn't...
Exploits, Vulnerabilities and Payloads – Who Knew?
I can't count how many times I've heard vulnerabilities called exploits and exploits called vulnerabilities....
Brew Your Own ALE
When we at SecureIQLab test security products, we go above and beyond reporting efficacy and...
Support Your Local Pub By Using ALE
For a time when I worked at Microsoft, in my department, the booze cart would...
WAAP Pricing Considerations
Comparing prices for Web Application and API Protection (WAAP) solutions often feels like comparing apples...
Are You Configured for Failure?
Every year, an exorbitant amount of money is spent on ensuring companies' digital safety, yet...
Spooky Action from a Distance
The first question that popped into my mind when I became aware of the global...
Pledge vs Reality – Secure by Design
A few weeks ago, I stumbled upon the website of a company that has recently...
Make WAAP Interesting Again by Quantifying Operational Efficiency and Secure by Design.
The adoption of the cloud is the biggest driver of the DevOps development process. Before...
To Breach or Not to Breach
The rapid adoption of could computing was yesterday’s news 5 years ago. Today’s news is...
Efficiency is All You Need
A chance encounter with Texas’s beloved company’s Chief Human resources officers tempted me to ask...
Panda is Not Cute Anymore
SecureIQLab’s threat intel and research team recently discovered a data dump purporting to belong to...
The Only Credible 2024 Cyber Security Predictions
If you’re like me, you’re tired of blogs and whitepapers that all make the same...
Guardians of the Cloud: Navigating the Advanced Frontiers of Cybersecurity
Once upon a time, in the realm of digital technology, there lived a powerful guardian...
Navigating the XDR Landscape: Choosing the Right Solution through Independent Test Results
In the rapidly evolving digital landscape, organizations are confronted with the mounting challenge of safeguarding...
Data Validation, Customer Service and an Unnamed Hotel: A Cautionary Tale!
Here at SecureIQLab, we kinda like triangles. Nothing against parallelograms, but we’re triangle folk. There...
Holy Shift Batman! IT’s 2023!
When an organization decides change is on the horizon, the horizon comes in a little...
LastPass, LostPass, or HallPass
I believe that all of our readers have heard about the LastPass Breach. There is...
The Myth of Password Cracking AKA Bad Analysis
Fact: The value of a great test can be negated by inaccurate, or missing analysis. Now...
Planet of the APIs
Yeah, sure I had fun making the Planet of the Apes pun, but this really...
Putting Firewalls to the Test
The next generation firewall (NGFW) was invented by a gentleman named Jean-Luc Picard on September...
The Case Against Default Libraries
Windows has a sort of handy feature, but nobody has ever found it. Well, yeah,...
2021 Post-Mortem and 2022 Year of Resilience
Once upon a time, I proclaimed I had the solution to the problem. A wise...
Vulnerabilities, Exploits, and Payloads
Unless you’ve been living under a rock or have a life, you’ve heard more about...
Passphrases and the Passphrase Token Attack
Never say “passphrase” around a pedant. Peasants and pheasants are OK, but pedants will bring...
Must Have Uppercase, Lowercase, and Basket case.
If there’s one thing I hate more than bad password advice it’s okra. But this...
Content Disarm and Reconstruction: Eh, What’s Up Docx?
Previously I wrote about content disarm and reconstruction (CDR) with respect to steganography. Stego is...
Content Disarm and Reconstruction: Don’t Let A Drunk Dinosaur Smoke Your Enterprise
In a previous blog, I discussed content disarm and reconstruction (CDR) at a high level....
Kaseya, Maersk, and Microsoft: Do You Do Due Diligence?
I subscribe to the Consumer Protection Law360 newsletter. Although I can’t justify a subscription to...
Content Disarm and Reconstruct
For years I have been asked by reporters about data breaches as they made the...
Fighting Diversity With Diversity
How do you fight diversity with diversity? To answer that question, we need to understand...
Don’t Get Your Breaches in a Knot
A few years ago, I wrote a blog about why enterprises don’t care about the...
Business Center Insecurity – The Case for DRM
Right after your hotel thanks you for your business, let me than you for your...
WAF or Gaffe: Comparing Cloud Web Application Firewalls
As a history buff, I was delighted when my manager asked me to write a...
What Is SASE? Part One: Zero Trust
Before I go any further, I’ve got to walk the walk. To the right is...
If You’re Not Going To Take Privacy Seriously Neither Will I
If privacy ever did exist, it’s gone the way of the unicorn. Yes Victoria, unicorns...
From Supply Chain to Kill Chain: Biometric Security
Before I proceed, for the pedants out there, yes, I know that the Greek Trojan...
The Supply Chain Looks Like A Bunny Rabbit With A Drum
Just in case you are not familiar with the Energizer Bunny take a quick look...
Biometric Legal Implications
Disclaimer: Neither SecureIQLab nor I are lawyers. Nothing in this blog should be construed as...
ICS Security
Oddly enough, one of the last sectors to accept security technology was industrial systems. For...
Inciting Supply Chain Attacks GoDaddy Style
GoDaddy took an axe and gave education 40 whacks. And when they saw what...
Cybersecurity Controls are the next Frontier of the Evolving Cyberattack Surface (Part 2)
In this post, we break down what the recently-discovered FireEye and supply chain attack shows...
Cybersecurity Controls are the next Frontier of the Evolving Cyberattack Surface
“Change is the only constant.” -- Heraclitus Your cyberattack surface is the part of the...
Container Security 2021
With 2020 (thankfully) coming to a close, it's time to focus on 2021. The world...
Why SecureIQLab Was Established
The security landscape is drastically changed in the Post-COVID world. Before the pandemic, the journey...
