Resources

Hands typing on keyboard
Guide

Identity & Access Governance Buyer's Guide

Comprehensive Identity and Access Governance (IAG) solutions provide value in many areas by: Improving the productivity of managers by simplifying identity and access certification processes Saving time for employees by speeding up the process to request and receive access to resources (especially when the request system is integrated with automated provisioning) Providing more data to speed up...
IGA
Core Access Datasheet
Guide

Doing Healthcare Identity Governance Right

Healthcare Organizations Face Extraordinary Challenges in a Dynamic, Complex Landscape During the last two decades, the healthcare industry has seen increasing regulations, an acceleration of technology, consolidation, and the pressure to increase operational efficiencies and decrease overall costs, while meeting growing patient demands. Addressing these issues, while staying focused on delivering...
IGA
Computer keyboard with digital people icons
Guide

7 Identity and Access Management Fears (And How to Overcome Them)

The growing scope and complexity of enterprise identities is becoming virtually impossible for organizations to securely and efficiently manage through traditional methods. Unfortunately, poor or underdeveloped Identity & Access Management (IAM) strategies leave the door wide open for devastating breaches. But Identity and Access Management (IAM) doesn't have to be scary. IAM solutions can also...
IGA
IAM
Security icons
Guide

2019 Insider Threat Report

Insider attacks come in all shapes and sizes. Accidental insiders are susceptible to phishing attempts, while malicious insiders may expose or sell sensitive customer data. In order to learn more about how organizations are handling these attacks, Cybersecurity Insiders conducted a comprehensive survey of organizations and their security teams, exploring the evolution and ongoing challenges of...
Threat Detection
IGA
Digital man at computer
Guide

2020 Pen Testing Survey Report

Pen testing is a security strategy in which ethical hackers assess an environment’s security posture by exploiting weaknesses, simulating what would happen if an organization was hit with a real-world attack. These tests provide organizations with invaluable information that can be a roadmap to remediation. The 2020 Pen Testing Report highlights results from a comprehensive survey of more than 800...
Penetration Testing
IT Security
Blog

Securing Your Organization From the Inside Out

Wed, 05/20/2020
One of the most common ways for breaches to occur is purely out of not knowing if or how it could happen. You can’t protect what you don’t know you have – or that you don’t know you have to. Here are some tips for auditing your data and putting some security action behind it. Take Inventory of Your Data Before starting anything, are you aware of the data you’re collecting – or storing? Depending...
Cloud Security
Blog

What does “Compliance” mean to a Healthcare CISO?

Fri, 05/08/2020
The role of the healthcare CISO has expanded exponentially since the HITECH Act of 2009. CISOs were traditionally charged with the responsibility to maintain the IT environment consisting of applications and infrastructure. Today they are taking on an expanded organizational role consisting of innovation, operational responsibility and compliance. Although, the governance for compliancy...
Compliance
Pen Testing Stories from the Field: Combining Tools to Take Over an Entire Domain
Blog

Pen Testing Stories from the Field: Combining Tools to Take Over an Entire Domain

Tue, 04/21/2020
There is no single set of instructions on how to run a penetration test, and no one manual on how to be a pen tester. The only real constant is that each job is a combination of preparation and improvisation to adapt and adjust to each environment’s quirks. So one of the best ways to learn and improve your own penetration testing techniques and strategies is from your peers, whether it be through...
Penetration Testing
Blog

How to Revamp Your Organization's Cybersecurity Program

Mon, 04/06/2020
When cyberattacks and data breaches make the news, it’s usually because they’re at large companies like Facebook or healthcare organizations. But every organization, large or small, needs to be concerned about cybersecurity; hackers have begun to understand that, while smaller companies may have less data on hand, they may have access to covetable third parties. And, they’re less likely to have...
Phishing
Compliance
Blog

Top 3 IT Strategies for Optimizing Productivity

Tue, 03/24/2020
Little fires everywhere – not just a best-selling novel and new streaming show starring Reese Witherspoon: it’s what most respondents said was the biggest impediment to productivity in their workday. Distractions in the form of meetings, urgent emails, and (worst case) system outages force even the most organized sysadmin to push tasks back and cause pileups in the future. Whether or not you’re...
Article

Reversing & Exploiting with Free Tools: Part 3

In part two of this series, we learned to solve the exercise stack1 using x64dbg, debugging tool that allows us to analyze a program by running it, tracing it, even allowing us to set breakpoints, etc. In those tools we’re not only running the program, we can also reach the function to analyze and execute it. But even when a tool like this is easy to use, there are many cases where it’s not...
Blog

What is the California Consumer Privacy Act?

Thu, 01/23/2020
The California Consumer Privacy Act (CCPA), the latest data privacy law in the Golden State, went into effect on January 1st, 2020. Some have compared it to the UK’s GDPR (General Data Protection Regulation), and they’re not far off – like the GDPR, the CCPA is intended to protect individuals’ private data by making data collection and usage more transparent between consumers and companies. What...
Blog

How to Choose: Penetration Tester vs. Red Team

Tue, 08/22/2017
Don’t be misled into thinking that because you have a Penetration Tester that you have a Red Team – or that because you have a Red Team you have a Penetration Tester. While some functions may overlap, you are getting two different things when enlisting the help of each.
Penetration Testing
Red Team
The Threat and Vulnerability Management Maturity Model
Blog

The Threat and Vulnerability Management Maturity Model

Thu, 02/21/2013
There are differences between each of the high-profile hacks you’ve seen in recent headlines, but there are also a few consistent characteristics of the modern breach. Inevitably, we discover known software vulnerabilities were left unpatched, networks were exposed and critical assets were open to attack.
Threat Detection
IT Security
Blog

The Exponential Nature of Password Cracking Costs

Mon, 02/11/2013
Flavio De Cristofaro used to run our Security Consulting Services (SCS) group and long time password cracking enthusiast was recently asked to present at AppSecLatam2012 on Lessons learned from Recent Password Leaks. The following is his analysis on the exponential nature of password cracking costs. The exponential nature of password cracking costs Let’s assume for a moment that you suffered a...
IGA