Successful mitigation of today’s security threats requires an approach that is both on the offensive and on the defensive. Here, we give our take on how to approach and handle specific security challenges, as well as our reaction to some of the latest industry topics.
08.09.17
Carbon Black’s Cb Response product is one of the more popular endpoint detection and response (EDR) tools available in an ever-growing marketspace. However, as a function of how the tool is architected, it is also a prolific data leaker. This threat report blog will help security organizations understand how our vulnerability assessment experts harvested data… Read more »
05.03.17
4 To-Do’s to Help Keep Your Company’s Network Safe from an Attack You work hard to hire smart people, but people make mistakes, and it takes only one employee to click the link or run that nasty code–and suddenly an attacker has access to your network. Even your best employee is at risk of falling… Read more »
03.09.17
The news that WikiLeaks released hundreds of documents revealing the CIA’s methods for hacking into smartphones and other Internet-connected devices has received global attention. So, what does the average person need to do to protect themselves if they are an Apple, Android or smart home gadget user? Some vendors have been proactive in publicly disclosing… Read more »
02.13.17
Defining and managing PCI scope is arguably the most critical part of any PCI compliance program. An overly narrow scope can jeopardize cardholder data, and an overly broad scope can add unnecessary cost and time to any PCI program. PCI compliance is an ongoing process and requires an annual assessment that can add up to… Read more »
01.31.17
Three Key Areas of Failure and What to Look Out For There’s a lot of talk right now about the current state of endpoint protection solutions. Which technology has a future? Which technology should you be looking at? It’s good information to know, but more valuable is knowing which solution would work best for you… Read more »
11.14.16
With today’s announcement of the FriendFinder Network website hack and the announcement that over 412 Million passwords were cracked, there is and will be a lot of discussion about the need for better protection of passwords at rest. While this is true, we caution that one of the most common issues that get lost in this discussion… Read more »
11.14.16
So, as we come to the end of 2016, it is time to start looking ahead to the security challenges our customers will face in 2017. 2016 was full of security events from the hacking successes that made the news during the election year, to the deluge of ransomware that everyone is facing, to the… Read more »
10.10.16
Can you believe it’s already October? We have to wait until the 31st to celebrate Halloween, but October 1st kicked off “National Cyber Security Awareness Month (NCSAM)”. National Cyber Security Alliance, in partnership with the Department of Homeland Security, runs this annual campaign in an effort to “engage and educate public and private sector partners… Read more »
05.27.16
PCI Scope reduction is a great way to make PCI compliance simpler and to reduce risk. Scope reduction reduces the attack surface area and the number of systems that must be maintained to the PCI standards…. “Less is more.” This blog post discusses web page redirects, which are an excellent method to get many systems… Read more »
04.25.16
As penetration testers, through the years, we have learned one indisputable fact: There is no such thing as a 100% secure network. Sure, we have encountered wide variances in the maturity level and effectiveness of information security programs of various organizations, but we have yet to encounter an organization that is impenetrable – not even… Read more »
