Cyber Security Awareness and Vulnerabilities Blog

Performance gears

Do I Need Identity Governance & Administration (IGA)?

May 30, 2018
Identity Governance & Administration (IGA) is commonly defined as 'the policy-based centralized orchestration of user identity management and access control.' Identity governance helps support overall IT security and regulatory compliance. Put into simpler terms, IGA means leveraging the most intelligent and efficient path to mitigating identity risk in your business. 
IT Security

Security So Easy, A Sales Guy Can Do It

May 16, 2018
Much like how I complain that I’m not losing weight - even though my treadmill has become a clothing rack- security only works if you use it. And, yes, I know I picked on the sales guys (and girls) in the title but, your security has to be easy enough to use and understand that anyone in the organization can use it, no matter their level of security training. I have heard multiple reports from our customers in healthcare that have implemented comprehensive and costly software to help keep their PHI data safe on all devices and across all networks. The problem?
IT Security

SAO vs. SIEM: Not Enemies, But a Security Defending Duo

May 15, 2018
Security Information and Event Management (SIEM) solutions have been with us for more than a decade. Recently, Security Automation and Orchestration (SAO) products have moved into the spotlight, causing many to wonder if the days of SIEM are numbered. However, as both products continue to evolve, it’s becoming clear that it is less a matter of SAO vs. SIEM, but instead SAO and SIEM.
Cloud Security

How SIEM Protects Cloud Servers

May 6, 2018
IT professionals everywhere are taking a good look at security information and event management (SIEM) applications to help them oversee their vast technology infrastructures. What once were IT stacks housed solely on premises now include increased expansion into cloud repositories, resulting in the prevalence of hybrid approaches. The ability to monitor security across these wide-reaching environments has never been harder—or more paramount.

Introducing Access Assurance Suite 9.1

May 2, 2018
Today, we are thrilled to announce the next step in our Identity Governance and Administration journey, the release of Core Access Assurance Suite 9.1.
IT Security

Assess the Effectiveness of Your Security Controls with Penetration Testing

Apr 23, 2018
It’s important for all organizations to periodically assess and test security vulnerabilities, to better evaluate risk and be ready to detect, prevent and respond to threats as they happen. Vulnerability assessments, penetration tests and Red Teams help you identify and prioritize security risks, which also improves your overall security posture. Gartner recently released a detailed research report covering the use of penetration testing and Red Teams. The report describes the processes and suggests ways that organizations can use them to reduce risk.
Cloud Security

Cloud Misconfiguration and the Curse of the Inadvertent Employee

Apr 19, 2018
We all know that to err is human. The problem is some mistakes are an order of magnitude larger than others. If you forget to buy apples at the store, that’s unfortunate. But if you forget to lock down your cloud server with the proper security controls and hackers gain entry… That’s a problem that could cost your business dearly.

Ransomware Hits the City of Atlanta

Apr 19, 2018
On March 22, the city of Atlanta was brought to its knees by a ransomware attack. CNN reported that the malicious incident affected at least five of the city’s municipal departments, effectively locking down key functions for the police, courts, and more. The attackers asked for the $51,000 ransom to be paid in the bitcoin cryptocurrency.

What Tesla’s Cryptojack Attack Means for the Rest of Us

Apr 17, 2018
In February, Fortune, Wired, and other media outlets reported that hackers worked their way into automaker Tesla’s Amazon Web Services (AWS®) cloud account to mine for cryptocurrency. These so-called “cryptojacking” attacks are on the rise in concert with escalating cryptocurrency prices, prompting hackers to gain access to company networks to generate these virtual forms of tender.

The Latest Exploits Shipped to Core Impact 18.1

Apr 1, 2018
Summary for all of the exploits and updates shipped to Core Impact 18.1 since its release (on Feb 14th): 14 Updates Overall 3 Remote Exploits 5 Client-Side Exploits 3 Local Exploits 3 Product Updates Here is the list of published updates:
Security shield with keyhole

Introducing the Visual Identity Suite

Mar 19, 2018
We all know that there are clear problems in the industry when it comes to role design and entitlement certification. Problems like:
Cloud Security

Eight Steps Toward a Secure Hybrid Cloud Environment

Mar 15, 2018
Your business may already use an extensive cloud environment—or maybe you’re just evaluating your options for spinning up a single cloud server. Either way, this guide is your sanity check for aligning the security policies in place for your on-premise and cloud technology to protect data (and your company) from internal and external threats. Synchronized policies not only strengthen the security of data, but they also effectively enable your organization to maintain operations and prepare for regulatory audits.

Perspectives on the Changing Linux Ecosystem

Mar 12, 2018
In the early 1990s the Open Software Foundation formed a committee to select and standardize a new Management Platform Toolset for and from the UNIX ecosystem. After much soul searching over a few months the OSF Management Platform never arrived. One of the committee, from the team that invented The Newcastle Connection (1980s *NIX history, go Google it) made a compelling presentation explaining why they failed. He spent the next 40 minutes wearing two hats, an exquisite red silk Chinese mandarin hat (with feather), and a green canvas guerrilla cap.
Cloud Security

With Public Cloud OS Instances Growing, Security Challenges Grow, Too

Mar 12, 2018
“Some cloud vendors tout that systems deployed within their framework require little or no administration: You create an image with the software and applications that you want it to provide services for, spin it up in a management console, and Voila! you have an entirely new system online; with minimal cost, no hassle, little work. However, even with newer models for virtualization appearing on the horizon, this is not exactly how things are actually used today.”  

Customizable Reports with Core Impact

Feb 19, 2018
Today we're sharing how to use the customizable reports functionality available in Core Impact. In order to generate such agents, we'll use the "Network Report Generation" wizard. From the list of available reports, filter for type "spreadsheet" and select "Network Host Report". When clicking on "Duplicate" we'll get the prompt for a new report name. The new report can then be customized by selecting the "Edit" option.

New Release - Core Impact 18.1

Feb 13, 2018
It is our mission to continue to produce the most effective and efficient security products and services on the market. Today, I am happy to announce the release of Core Impact 18.1, our market leading penetration testing solution – where we put the focus on enabling user-testing and social engineering.
IT Security

When Security Becomes a DevOps Blind Spot

Feb 4, 2018
Speed is essential in today’s business climate, hence the rise of DevOps. Unifying development and operations compresses development cycles and enables more frequent deployments that align closely with business objectives. It’s no wonder executives love DevOps. But one question is often left unasked in DevOps strategy meetings: what about security? When speed and agility are paramount, it’s easy for data protection to take a backseat. Continuous delivery leaves little time to consider security controls.
What is?

Security Answers in Plain English: What is a Man-in-the-Middle Attack?

Jan 16, 2018
"I heard on the news about how some sites and mobile apps are vulnerable to Man-in-the-Middle attacks. What is a Man-In-The-Middle Attack, how does it work, and how can I protect myself?" Man-in-the-Middle (MitM) attacks are basically one website stepping in-between you and a legitimate website so that whatever you do on the legitimate website can be seen and stolen by the attacker who owns the site in the middle. There are two common ways this happens:

Lessons Learned at Gartner Identity and Access Management Summit 2017

Dec 10, 2017
More than 1,800 delegates from companies around the globe converged last week in Las Vegas for Gartner’s annual Identity and Access Management (IAM) Summit. Gartner IAM is unique in that it is solely focused on identity and access management rather than covering all areas of security. 

Tips for Success with Access Assurance Suite

Dec 6, 2017
So you’re using Core Access Assurance Suite (AAS). Maybe you’ve been using it for a while and have a routine down – but there may be ways to make your experience with this program even better. Every now and then it’s important to reassess the tools you are using to see how you can get more out of them. Today’s post is to share a few tips to help create a better user experience with the product through regular maintenance activities.

The Latest Exploits Shipped to Core Impact

Dec 3, 2017
Summary of all of the exploits and updates shipped to Core Impact 2017 R2 since Sept 26th (the last Dot release):
IT Security

Securing Your Organization From the Inside Out

Nov 27, 2017
One of the most common ways for breaches to occur is purely out of not knowing if or how it could happen. You can’t protect what you don’t know you have – or that you don’t know you have to. Here are some tips for auditing your data and putting some security action behind it.
Security Tips

How to Prepare for Attackers This Holiday Season

Nov 8, 2017
We’ve made it back to that time of year where retail booms as the world goes shopping for gifts during the holiday season. While it is time for retailers to shine, it’s also the time where retailers are most vulnerable to security risks as bad actors are gearing up too.  We have spent a good bit of time recently discussing how PCI-DSS regulations are only a starting point for truly securing your organization against cyber-security risk. In today’s blog we will talk about what may come this holiday season.
Organization security

How You Can Benefit From Penetration Tests

Nov 6, 2017
There are many reasons to penetration test your organization – and not just to adhere to compliance protocols. Nonetheless, sometimes that’s the routine we get caught in, isn’t it? We do it just because we have to, but we don’t leverage the findings from the tests to better secure our business. Well, today’s the day we start leveraging and seeing the true value behind penetration testing. Take a look at these four ways in which you can benefit from penetration tests.
5 Security Tips

5 Steps to Building a Vulnerability Management Program Pt. 3

Oct 25, 2017
As we reach the end of October and the end of Cyber Security Awareness Month, we are also ending our current series on building a vulnerability management program. We've given you five easy steps to follow to build or improve your vulnerability management program. Just because this month is only recognized once a year doesn't mean you should lose sight of its importance. If you are ready to get started building your security posture, let us know how we can help.