Blog | Core Security

Cyber Security Awareness and Vulnerabilities Blog

Image
3 Reasons Every Organization Should Leverage Third-Party Pen Testers

3 Reasons Every Organization Should Leverage Third-Party Pen Testers

Penetration testing, also known as a pen test, is a security exercise that reveals an organization’s security vulnerabilities through a defined testing process. A penetration test may focus on networks, applications, physical facilities, individuals, and more.
Image
Password Attacks Thumbnail

6 Ways to Defend Yourself Against Password Attacks

Ever since Ali Baba uttered “open sesame,” thieves have been using stolen passwords to access hidden riches. In the digital world, password attacks have been and continue to be a common way for threat actors to gain access to an organization’s treasure trove of data. No matter how many emails we get from IT explaining what makes a good password, many of us still use the same basic password in multiple places simply because they’re easier to remember.
Image
How Mature is Your Vulnerability Management Program?

How Mature is Your Vulnerability Management Program?

Security vulnerabilities are one of the most common problems in cybersecurity today, as they may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. According to the statistics from the Common Vulnerabilities and Exposures list, 12,174 new vulnerabilities were uncovered in 2019—over 13 times as many as were discovered in 1999, when the database first came into existence.
Image
IGA and the Cloud: What You Need to Know

IGA and the Cloud: What You Need to Know

With the rise of cloud computing, organizations have expanded their reliance upon cloud platforms. Many have expanded their capabilities and capacity through cloud servers, while others have adopted a hybrid approach that includes both cloud and on-premise environments.
Image
core impact 20.1 blog

5 Most Notable New Features in Core Impact 20.1

We are so excited about our latest release of Core Impact. Version 20.1 was fueled largely by the valuable and genuine feedback our customers have shared with us. This release was jam packed with new features, including several new additions that offer added convenience and increased usability. To recap, we thought it would be helpful to highlight the top 5:
Image
How to Select the Right Third-Party Pen Testing Service

How to Select the Right Third-Party Pen Testing Service

As both cybersecurity breaches and compliance mandates increase, third-party pen testing services are no longer seen as optional. These teams specialize in ethical hacking that gives organizations insight into possible security weaknesses and attack vectors in their IT environment. Being in such high demand, more and more testing services are emerging, presenting businesses with a new challenge of selecting which service to use. How do you know which one is right for you?
Image
What’s the Difference Between IAM, IGA, and PAM?

What’s the Difference Between IAM, IGA, and PAM?

The identity security landscape has transformed considerably within the last two decades. And for good reason. Mitigating identity-related access risks has become essential as companies face threats every day, from virtually everywhere.
Image
health-care-identity-governance-doctor-with-ipad

Healthcare Identity Governance in the Era of COVID-19: Five Critical Issues Your Organization Can’t Afford to Overlook

The impact of COVID-19 has been far-reaching across nearly every sector. But none has been so greatly disrupted as the healthcare industry. Managing through this crisis has required healthcare systems to expand some aspects of their workforce and redeploy others virtually overnight in order to transform the way they offer services to patients.
Image
Performance gears

The Truth About Pen Testing Automation

With cybersecurity attacks perpetually on the rise, security teams are under more pressure than ever. While pen testing can help these teams by finding vulnerabilities before adversaries can, even pen testing comes with its challenges. A skills shortage, new and expanding regulations requiring testing, and other critical daily security duties increasingly leave cybersecurity professionals stretched thin.
Image
three-things-you-need-in-penetration-test

Three Things You Need in a Penetration Testing Tool

There are no blogs that meet your search criteria.
Image
pen testing for a remote workforce

The Importance of Penetration Testing for a Remote Workforce

As we continue to adapt in these unprecedented times, many workplaces have remained fully remote. In fact, some organizations have seen enough benefits from remote work that they are planning a permanent shift away from a traditional office environment, instead having their workforce either partially or fully remote. Whether temporary or permanent, remote work has been a large adjustment for everyone, though perhaps even more so for each organization’s security teams.
Image
Penetration Testing for Regulatory Compliance

Penetration Testing for Regulatory Compliance

While the shift from paper copies to digital storage has enabled organizations to increase efficiency in countless ways, bad actors have also launched countless attacks to steal private information. In order to protect this valuable data, many industries now have cybersecurity regulations. HIPAA has been expanded for healthcare and NERC applies to the utilities and energy sector, and higher education institutions must adhere to HEOA, to name a few.
Image
IT professionals in server room

How to Leverage a Comprehensive Privileged Access Management Security Approach

Effectively managing privileged access has become a top priority for many organizations seeking to protect their data and systems from unauthorized users. That’s because inappropriate access can expose valuable organizational data, compromise sensitive information, and adversely affect system reliability. The latest Verizon Data Breach Investigations Report found that the majority of data breaches leverage privileged accounts directly.
Image
Man looking at a computer

How Financial Services Organizations Can Mitigate Their Top Identity-Related Access Risks

Financial services organizations face numerous challenges in a constantly changing landscape. With increased cybersecurity threats, intensified regulatory requirements, an acceleration of digital transformation, large-scale mergers and acquisitions, and growing customer expectations, these organizations must pursue strategies and programs that mitigate risks, safeguard valuable data, and protect sensitive financial information within their organizations.
Image
How to Manage the Pen Testing Skills Shortage

How To Manage the Pen Testing Skills Shortage

According to the 2023 Pen Testing Report, 94% of cybersecurity professionals surveyed felt that penetration testing was somewhat important or important to their organization’s security posture, with 93% also reporting that penetration testing was at least somewhat important to their compliance initiatives.
Image
Pen Testing Stories from the Field: Combining Tools to Take Over an Entire Domain

Pen Testing Stories from the Field: Combining Tools to Take Over an Entire Domain

There is no single set of instructions on how to run a penetration test, and no one manual on how to be a pen tester. The only real constant is that each job is a combination of preparation and improvisation to adapt and adjust to each environment’s quirks. So one of the best ways to learn and improve your own penetration testing techniques and strategies is from your peers, whether it be through watching them on the job, or from talking shop at a conference and hearing how they handled an interesting assignment.

How to Revamp Your Organization's Cybersecurity Program

When cyberattacks and data breaches make the news, it’s usually because they’re at large companies like Facebook or healthcare organizations. But every organization, large or small, needs to be concerned about cybersecurity; hackers have begun to understand that, while smaller companies may have less data on hand, they may have access to covetable third parties.
Image
IT Security

Four Network Security Challenges for Organizations with a Remote Workforce

Recently, the need for being able to work remotely has dominated the news, making it clear that the ability to connect from anywhere may soon become the norm for more businesses and industries than ever before. While remote work may be coveted by many employees, it can easily fill your cybersecurity team with dread. Telework can create many new security weaknesses for an IT environment, and can significantly increase your organization’s chance of a devastating data breach. Read on to find out what makes these new network connections so vulnerable, and how you can reduce your risk.
Image
Data Security

How to Protect Your Business Against Common Cybersecurity Threats with SIEM

Organizations today may have a false sense of security when it comes to the security of their own environments. In fact, there are numerous ways companies make it easier for threat actors to gain access into their systems undetected. To complicate matters even further, the sheer volume of threats companies face makes it impossible to uncover security events quickly—even if many are benign.

Top 3 IT Strategies for Optimizing Productivity

Little fires everywhere – not just a best-selling novel and new streaming show starring Reese Witherspoon: it’s what most respondents said was the biggest impediment to productivity in their workday. Distractions in the form of meetings, urgent emails, and (worst case) system outages force even the most organized sysadmin to push tasks back and cause pileups in the future. Whether or not you’re using the same strategies to stay productive in IT as the ones highlighted below, learn how your peers avoid and overcome hurdles to keep focusing on high-impact tasks.
Image
Data Security

Common Security Concerns and How to Reduce Your Risk

What common security risks/entry points are you most concerned about? In our 2023 Pen Testing Survey we asked what common security risks concerned respondents most. While phishing (70%) and ransomware (72%) were the top concerns, other options had a high enough percentage to warrant further discussion. These included: 
Image
How Voice Biometrics Became a Real Game-Changer at a Large Financial Services Organization Computer with security shield VIDEO

How Voice Biometrics Became a Real Game-Changer at a Large Financial Services Organization

Voice biometrics, or voiceprint technology, has started gaining significant traction within the financial services industry. And for good reason. Passwords alone are no longer sufficient for protecting business-critical assets and applications. Instead, voiceprint technology instantly recognizes the voice patterns unique to each individual and can authenticate access securely. Industries like financial services are moving away from using passwords for account access and toward secure biometric authentication that is fast, convenient, secure, and cost effective.
Image
Security lock breaking

How to Deal With Orphaned Accounts in Your Business

According to the 2019 Verizon Data Breach Investigations Report, 62 percent of all data breaches last year involved the use of stolen credentials, brute force, or phishing. Nearly half of these types of breaches were directly attributed to stolen credentials. Stolen credentials are not only a risk through active user accounts, but can be a significant risk through orphaned accounts.
Image
identity-governance-lock

Why is Multi Tenancy Important in a SIEM Solution?

All SIEMs are well known for their ability to monitor IT infrastructures for potential threats, escalating them to the appropriate party. Though these solutions share this core function in common, SIEMs differ widely in terms of features. It’s important to evaluate your own environment to determine what your priorities are. For certain organizations, particularly MSPs, multi tenancy is a key functionality.