The cybersecurity world has so many acronyms, and yet we pretend to know what all of them are. However, there are many occasions that leave us wracking our brains, trying to remember what one stands for. Is it a product? An organization? A process? One acronym that everyone should know is OWASP—the Open Web Application Security Project. OWASP is a vital non-profit that works to improve software...

Security Information and Event Management (SIEM) solutions can take much of the tedium and guesswork out of monitoring, managing, and prioritizing critical security events. That’s why increasing numbers of cybersecurity professionals are embracing SIEM. In the 2022 SIEM Report from Cybersecurity Insiders, 80% of cybersecurity professionals consider SIEM to be very important or extremely important...

With cybersecurity threats perpetually looming, many organizations have come to rely on penetration testing to assess their security stance and uncover weaknesses. According to the 2023 Pen Testing Report, 86% of respondents reported they pen test at least once a year. But are security teams testing every aspect of their IT infrastructure? Internal and external network penetration tests...

As security threats persist, cybersecurity professionals are increasingly relying on penetration testing to uncover weaknesses and assess their security stance. According to the 2023 Pen Testing Report, 94% of respondents reported pen testing was at least somewhat important to their security posture. Organizations use a variety of methods to conduct such tests, using pen testing services, in-house...

Making a decision on a new cybersecurity tool is never easy—particularly when it’s unclear how rival products compare. It’s tempting to simply type “product vs. product” into Google and see if one stands out as the clear favorite. However, sometimes you can find that two products have been mistakenly grouped together and aren’t actually in competition, but rather, they are in separate categories....

Core Impact has further enhanced the pen testing process with the introduction of two new modules. The first module enables the use of .NET assemblies, while the second module provides the ability to use BloodHound, a data analysis tool that uncovers hidden relationships within an Active Directory (AD) environment. In this blog, we’ll dive into how Core Impact users can put these new modules into...

Security Information and Event Management (SIEM) solutions are often seen as a necessity only for large enterprises with massive environments to monitor for security threats. While this may have been true over a decade ago, in the early days of SIEM. Since then organizational IT infrastructures have become increasingly multifaceted, and the threat landscape continues to evolve. These days, small...

In The New Normal in Cybersecurity Part 1, we examined three leading trends in the cybersecurity community over the past year. In this installment, we will take a look into the future and make predictions about where the cybersecurity landscape is potentially headed in 2022 and beyond. #1: New Laws and Regulations In the future, it’s likely that new laws and regulations will be enacted as the U.S....

The past year has shown organizations that uncertainty and a transformed reality are the new normal in business. While remote work was intended as a temporary response to the global pandemic, it is now considered a regular part of the business environment—fundamentally altering the way companies operate. This means organizations have had to respond in real-time to shift their cybersecurity...

The MITRE ATT&CK Framework was created in 2013 to create a comprehensive document of tactics, techniques, and procedures that cyber attackers were regularly using to breach the defenses of individuals and organizations. Since then, it has grown to be a global knowledge base that has helped to standardize defensive security and remains accessible to all security professionals. This framework...

Ekoparty began as an underground hacking event, but has grown into one of the foremost cybersecurity conferences in Latin America. This year was the 20th anniversary of the incredible infosec event, which takes place every year in Buenos Aires. In order to discover insights from this year’s conference, we talked with two experts from Core Security who attended, and also served as trainers at the...

The latest release of Core Impact has arrived! Version 21.2 underscores our alignment with the cybersecurity community, incorporating the MITRE ATT&CK™ framework to provide further insights into security weaknesses. We’ve also added additional features to Core Impact’s attack map, making the penetration testing process even more intuitive. The MITRE...

Like a lot of organizations today, your company is facing increasing demands to support and protect countless systems, applications, and platforms that contain sensitive business data by controlling access to this critical information. On top of this, you are pressured to meet ongoing regulatory compliance and industry mandates. Nearly every industry today has specific regulatory requirements and...

It’s a well-known fact that TV shows and movies pride themselves on their complete and total accuracy when it comes to portraying historical events, illnesses, or jobs. That’s how we know that everyone in olden times spoke in British accents no matter what country they were in, people with tuberculosis casually cough up blood while otherwise carrying on as normal, and all doctors wander about in...

Make no mistake, the pace of mergers and acquisitions (M&A) has reached a fever pitch in the last year. Throughout 2021, M&A activity has continued to trend sharply upwards—with the rate of announcements projected to be the biggest ever in recorded history. Based a recent report in S&P Global Market Intelligence, by the second quarter of 2021, the “total global M&A value surpassed $1 trillion,”...

Having your Active Directory breached is bad enough, but an attacker who gains persistence is even more dangerous. The longer they are able to hide in your Active Directory forest, the better chance they have of gaining access to your organization’s crown jewels. Undetected, they can comfortably wait for the most opportune time to take control, stealing your organization’s most sensitive data and...

Vulnerability scanners are valuable tools that search for and report on what known vulnerabilities are present in an organization’s IT infrastructure. Using a vulnerability scanner is a simple, but critical security practice that every organization can benefit from. These scans can give an organization an idea of what security threats they may be facing by giving insights into potential security...

Cybersecurity has become an increasingly popular topic in day-to-day conversation, and the conclusion is always the same: organizations need to make cybersecurity a priority and work to create the best security strategy possible. However, there’s a big difference between understanding what you need versus knowing how to get it. Many organizations are still in the early stages of developing and...

What is Intelligent IAM?Intelligent IAM (IIAM) encompasses all the administrative processes used in Identity and Access Management (IAM), but the processes are influenced by real‐time data. IAM solutions that use intelligence continuously collect, monitor, and analyze large volumes of identity and access‐related information, combining data not only from provisioning and governance solutions but...

If you’re like most IT or security professionals, it seems harder than ever to manage the complexity of user access. Keeping track of access rights, roles, accounts, permissions, entitlements, credentials, and privileges is a never ending—and sometimes thankless—proposition. And it’s riskier than ever before. In fact, according to the 2021 Cost of a Data Breach Report, compromised credentials are...