Cyber Security Awareness and Vulnerabilities Blog

Image
Flying padlock

Why Intelligent and Visible Identity Governance is a Game Changer for Organizations

Nov 6, 2019
Let’s face it. Regardless of the Identity Governance and Administration solution you use for provisioning and access reviews, you are most likely relying on what is fundamentally a web version of spreadsheets or lists of entitlements in a web portal for role design and access certifications. Just basic lists of who has access—or should have access—to what. Role-based access may seem far too challenging or out of reach for your organization. So how do you go from this extremely manual, error-prone, and list-based process to a more strategic, effective, and streamlined approach? 
Image
Shield with keyhole

When Should You Replace Your Free SIEM Tools?

Nov 5, 2019
Free Security Information and Event Management (SIEM) solutions have significant benefits, providing visibility into security environments and enabling proactive vulnerability management for many small and mid-sized organizations. However, these tools often come with limitations that will lead security teams to consider commercial options. How do you know when it’s time to upgrade?
Image
Identity & Access Management

Three Reasons Micro-Certifications Are Essential in Identity Governance

Oct 26, 2019
Access certification is one of the most important types of reviews within organizations today. An access certification, also called an attestation, occurs when a manager reviews a user’s access and validates that the user still requires—or no longer requires—access to an application, system, or platform. If access is considered unnecessary, then it should be removed.

Three Action Items to Consider After Completing a Pen Test

Oct 22, 2019
In order to complete a successful penetration test, a great deal of time is often spent in the planning stage. Time should also be invested into the post-test process. Going through the results of pen tests provides a great opportunity to discuss plans going forward and revisit your security posture overall. Seeing pen tests as a hoop to jump through and simply checking it off a list as “done” won’t improve your security stance. It’s important to plan time for a post-mortem to disseminate, discuss, and fully understand the findings.

Three Benefits of In-House Penetration Testing Capabilities

Oct 20, 2019
There are daily reminders seen in the news, or heard second hand, of hackers stealing or exposing data. Having just one pen test often exposes security weaknesses that are not adequately protected with compensating controls,  Which will help with  setting priorities and mitigating the associated risk. This begs the question, how could you improve your cyber security posture if you had a pen testing capabilities in-house?

How Commercial Pen Testing Tools Can Make Your In-House Testing Program More Effective and Efficient

Oct 20, 2019
Penetration testing is an undeniably effective way to improve an organization’s security, allowing cybersecurity professionals to safely validate the exploitability of security weaknesses, before a malicious attacker does. Though threat actors are more persistent than ever, the good news is that more and more organizations have recognized this and want to begin their own penetration testing program in-house. With the advent of increasingly more sophisticated penetration tools, organizations can build and grow their own successful penetration testing program.
Image
IT Security

You Can’t Protect What You Can’t See: Improving Cybersecurity with Monitoring Solutions

Oct 6, 2019
When a data breach hits the headlines, questions often arise for those not familiar with cybersecurity. How did the organization not realize what was going on? Why did they ignore all the warning signs? Those more familiar with just how massive IT infrastructures can be understand that the issue is not a matter of ignoring warning signs, it’s an inability to see them at all. Security monitoring solutions like a SIEM can provide valuable insights and prioritize alerts, distinguishing between those that could lead to thwarting a devastating breach, and those that are harmless incidents.
Image
Digital gears

Keeping Up with the Bots: How the Rise of RPA Impacts IGA

Oct 2, 2019
Robotic Process Automation (RPA) is a type of automation technology currently transforming the way businesses operate. RPA software robots manipulate and communicate with business systems and applications to streamline processes and reduce the burden on employees. RPA can automate tasks, including claims processing and call center support to data management, IT services, and invoice processing, and everything in between. Opportunities for automation exist virtually everywhere throughout the business, enabling greater organizational performance and efficiency.
Image
Performance gears

Six Strategies to Ensure You Give the Right Access to the Right People at the Right Time

Sep 30, 2019
Part 2 of the Improving Your Security-Efficiency Balance Series:   One of the primary challenges organizations wrestle with in identity governance is how to achieve the right balance in their company between security and efficiency.
Image
Digital lockpad inside circle

How to Strike the Right Balance Between Prioritizing Security and Increasing Efficiency

Sep 24, 2019
Part 1 of the Improving Your Security-Efficiency Balance Series:   Organizations of all sizes today face a unique balancing act when it comes to user access. Employees require access to multiple organizational systems, applications, and data to successfully do their jobs—from human resource information systems (HRIS) and customer relationship management (CRM) platforms to accounting software, patient care systems, or collaboration tools. Yet granting user privileges to these systems inherently creates risk to the organization.
Image
IT Security

Evaluating Security Information and Event Management (SIEM) Solutions: The Pros and Cons of Freeware

Sep 17, 2019
With data breaches causing seemingly endless damage, from record breaking numbers of exposed records to millions spent on remediation, it’s clear that organizations must build stronger security portfolios than ever before.
Image
Flying padlock

Navigating Toward a Password-Free Future with Privileged Access Management

Sep 12, 2019
Privileged accounts exist nearly everywhere within the organizational environment. Managing and protecting these privileged accounts has led to the rise of Privileged Access Management (PAM) solutions. These tools enable companies to centralize user administration, improve controls for granting user access, and more effectively manage and monitor privileged access to critical assets.
Image
People icons connected

How to Identify and Prevent Insider Threats in Your Organization

Sep 10, 2019
Insider threats are on the rise. Whether they come from accidental insiders who are prone to phishing attempts or malicious insiders who are seeking to expose sensitive data, insider attacks have significantly increased in recent years. According to the 2019 Insider Threat Report from Cybersecurity Insiders, sponsored by HelpSystems, 70 percent of cybersecurity professionals surveyed believe that the frequency of insider attacks has increased in the last year alone.

The Human Element of Pen Testing and the Role Tools Can Play

Sep 4, 2019
Science fiction novels, TV shows, and movies often demonstrate the possibility of, and perhaps the danger of, computers and machines taking over the day to day jobs that humans once completed. While this has come to fruition in some instances, like with many factory jobs now being completed by highly specialized robots, more often than not, these inventions and innovations serve as tools to enhance human skills, not replace them. This is the case in the cybersecurity world, especially when it comes to penetration tests.
Image
Typing on computer with security shield

How Identity Governance and Administration (IGA) Improves Security, Efficiency, and Compliance

Aug 29, 2019
In the complicated, tangled web of managing user rights, permissions and accounts, keeping track of who has access to different resources can seem nearly impossible. Organizations today are facing increasing demands, mandates, and compliance regulations as they manage access and support countless devices and systems that contain data critical to the organization. Identity Governance and Administration (IGA) solutions have provided the capability to create and manage user accounts, roles, and access rights for individual users in an organization.
Image
IT Security

When is a False Positive Not a False Positive in Cybersecurity?

Aug 15, 2019
The phrase “false positive” has become so ubiquitous in Information Security that we often don’t stop to consider what it means or how it is used. Many use the term to describe every alert generated by a tool that does not lead to the discovery of a true infection when investigated. If every alert activated for trivial information is considered a false positive, this may overstate the intention and function of the tool and may even give the user a false sense that the tool has more features than it actually does.
Image
Alert symbol in computer code

Silencing the Bells: How a SIEM Can Prevent Alert Fatigue

Jul 29, 2019
Security teams are perpetually busy protecting their organization’s data, so with the incessant pings of relentless security notifications, it’s no wonder that they feel as though their ears are ringing. As organizations grow and add more and more tools, the danger of alert fatigue grows. With hundreds of alerts pouring in, it’s difficult to discern which ones truly need attention. Worrisome vulnerabilities and dangerous malware can easily slip through the cracks, even though a security team was technically warned of the threat.
Image
Security Tips

10 Reasons Linux Attacks Happen and How to Avoid Them

Jul 28, 2019
It was once hard to believe, but Linux users are now starting to understand that the malware-free experience they once had is quickly disappearing. And it’s a big wake-up call.
Image
Security Tips

How to Use Social Engineering Penetration Tests to Protect Against Phishing Attacks

Jul 22, 2019
As long as you have an email address, you will forever be sent phishing emails attempting to lure you into some malicious activity. While we’re all familiar with the concept of these emails, it’s another thing entirely when it comes to designing one. Pen testers are given just such a task when they are charged with simulating a phishing campaign for an organization.
Image
Security Tips

How to Manage Identities for Contractors, Consultants, and Other Non-Employees

Jul 17, 2019
For years, organizations have recognized the need to pay close attention to and manage the access that their employees have with the help of identity governance and administration solutions.  More recently, organizations are also being faced with the reality that they need to apply the same level of governance to non-employees as well. According to a 2018 Opus-sponsored Ponemon study, 59 percent of companies said they have experienced a data breach caused by one of their vendors or third parties.
Image
Security Compliance

Secure Transactions: A PCI DSS & PA-DSS Overview and Compliance Checklist

Jul 8, 2019
  With the advent of the Internet in the late 1990s, credit card fraud surged. Though credit card companies came out with their own individual security programs, merchants accepting multiple types of credit cards had difficulty meeting multiple standards.  Eventually, credit card companies banded together to create the Payment Card Industry Data Security Standard (PCI DSS), which was introduced by card service operators worldwide in 2004.                                               
Image
Virus Protection

Sophos Alternative for UNIX Centralized Management for Antivirus: We're Here to Stay

Jun 10, 2019
Recently, Sophos announced that as of January 2020, management of their antivirus solution for UNIX via their centralized management console would no longer be supported. In reaction to this decision, we would like to take the time to reaffirm our commitment to maintaining support for UNIX cybersecurity. We’re dedicated to not only continuing service for these critical operating systems but releasing ongoing updates that will provide additional value and evolve with these technologies.
Image
Red and blue colors combining

What’s Your Defense Strategy? Best Practices for Red Teams, Blue Teams, Purple Teams

May 29, 2019
Want to determine the safety of a car? Perform a crash test. One of the most common ways to test the strength of something, particularly when it comes to technology, is by putting it through a stress test. Naturally, this same principle is a critical component of cybersecurity. One of the most effective ways to try and find your security infrastructure’s weaknesses, and your security team’s ability to detect and respond to attacks, is through red team/blue team tests.
Image
ROI

One (Big) Way to Reduce Helpdesk Costs While Increasing Security

May 21, 2019
  IT teams handle a great number of tasks that enable an organization to run smoothly. These include handling questions related to technical support for the company’s computer systems, software, and hardware, in addition to performing regular system updates and meeting periodic training needs. Yet research shows that helpdesks are also spending anywhere from 20-50 percent of their time dealing with password requests. Why are helpdesks so bogged down with password management tasks, and how can you free up their time while also prioritizing security?
Image
Computer with ransomware

Diversionary Tactics: The Use of Ransomware as Misdirection

May 9, 2019
Companies today are seeing a disturbing trend when it comes to the most common attacks they are facing. Ransomware is on the rise and no OS is immune. In fact, most reports show that malware on Linux has tripled since 2015. According to the 2019 Malware Report from Cybersecurity Insiders, respondents ranging from technical executives to IT security practitioners from organizations of varying sizes, across multiple industries, offer clarity on what kinds of attacks their organizations are experiencing.