Blog

Blog

How Mature is Your Vulnerability Management Program?

Security vulnerabilities are one of the most common problems in cybersecurity today, as they may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. According to the statistics from the Common Vulnerabilities and Exposures list, 12,174 new vulnerabilities were uncovered in 2019—over 13 times as many as were discovered in 1999, when the...
Blog

IGA and the Cloud: What You Need to Know

With the rise of cloud computing, organizations have expanded their reliance upon cloud platforms. Many have expanded their capabilities and capacity through cloud servers, while others have adopted a hybrid approach that includes both cloud and on-premise environments. Gartner predicts that by the end of 2020, ‘75 percent of organizations will have deployed a multi-cloud or hybrid cloud model,’...
Blog

Tips for Helping Vulnerability Managers Sleep Easier

Wouldn’t it be nice to sleep easy at night and not have to worry if your vulnerability management program is really catching all the vulnerabilities that could be and are in your environments? Wouldn’t it even be nicer if you could get them prioritized by risk and truly make sure they are mitigated or remediated based on what attackers may try to leverage first? How about that resource(s) who now...
Blog

4 Steps to a Winning Vulnerability Management Program

Many winning vulnerability management programs have evolved to include additional solutions and workflows, beyond scanning, adding to a larger picture required to truly understand how an adversary could and will attack. Here are few best practices to keep in mind when maturing your own vulnerability management program: 1. Understand your company’s risk Do you know how much risk is acceptable to...
Blog

The Biggest Problem with User Access and How To Fix It

Did you know that one of the top nine attack types consistently covered in Verizon’s Data Breach Report are insider threats and privileged misuse? According to this year’s report, 66% of insiders steal information in hopes of selling it for cash, 17% are just unsanctioned snooping and 15% are taking it in order to take the information to a new employer. What is the root cause of all of these...
Blog

6 Realities for Effectively Managing Privileged Accounts

Big or small, every organization has accounts that hold ‘keys to the kingdom’ credentials. Almost every account holds some level of privilege that can potentially be compromised, resulting in not only financial, but reputational damage. Looking at top patterns in the 2016 Verizon Data Breach Investigations Report, insider and privileged misuse lands the second most common cause of breaches, 16% of...
Blog

4 Common Mistakes in Pen testing

Are you guilty of any of these mistakes in your pen-tests? Maybe you've never done these before and now you'll forever remember these as things to avoid when running any future penetration tests. 1. Improperly disposed network gear It’s surprising how often there are still configurations on network gear after disposal. This is putting your company at risk beyond their lifespan. 2. Devices with...
Blog

Jingle Bells, Retail Sells, Attacks Are on the Way (Part 1)

It’s that time of year where retail booms as the world goes shopping for gifts during the holiday season. It’s a time for retailers to shine. But, it’s also the time where retailers are most vulnerable to security risks as bad actors gear up to target them. In this two part series, we will discuss things retailers should consider this holiday season to better secure themselves from attacks and to...
Blog

How to Deal with Changing Financial Cybersecurity Regulations

Late last year the New York State of Financial Services (DFS) announced that New York would be proposing a "first in the nation" rule on cyber-security to go into effect on March 1, 2017 which would impact any bank, insurance company and anyone else covered by DFS. The rule requires any regulated company design a cybersecurity program that assesses its risks to ensure the safety and soundness of...
Blog

5 Most Notable New Features in Core Impact 20.1

We are so excited about our latest release of Core Impact. Version 20.1 was fueled largely by the valuable and genuine feedback our customers have shared with us. This release was jam packed with new features, including several new additions that offer added convenience and increased usability. To recap, we thought it would be helpful to highlight the top 5: 1. Flexible Licensing Core Impact now...
Blog

Getting Inside the Mind of an Attacker: Why Active Directories Are Popular Targets

Authored by: Julio Sanchez In today’s world, with the perpetual threat of breaches always looming, what’s the best way to ensure your organization stays safe? Oftentimes, the best security measure against cyber-attacks is to think like an attacker. When viewing things in this light, it’s immediately clear what makes for a prized gem within your infrastructure: Active Directory. Though such an...
Blog

How to Select the Right Third-Party Pen Testing Service

As both cybersecurity breaches and compliance mandates increase, third-party pen testing services are no longer seen as optional. These teams specialize in ethical hacking that gives organizations insight into possible security weaknesses and attack vectors in their IT environment. Being in such high demand, more and more testing services are emerging, presenting businesses with a new challenge of...
Blog

What’s the Difference Between IAM, IGA, and PAM?

The identity security landscape has transformed considerably within the last two decades. And for good reason. Mitigating identity-related access risks has become essential as companies face threats every day, from virtually everywhere. The focus on managing the access of people, digital identities, and privileged accounts has increased significantly to address these risks, and has put Identity...
Blog

Guest Post- Alex Naveira, Director, ITGA & CISO on Compliance

Guest Post- Alex Naveira, Director, ITGA & CISO on Compliance To continue this month's conversation on compliance, we have another special guest joining us on the blog today. Alex Naveira is the Director, ITGA & CISO at Miami Children's Hospital and oversees multiple locations. We asked Alex what compliance meant to him and he had a list of different kinds of compliance and said "which one?"...