Collaborate Disseminate
Mention IT security, and most people immediately think of software-based protections against software-based threats: ransomware, viruses, and other forms of malware. But recognition of the importance of hardware security—upon which all software securit… Continue reading Security beyond software: The open source hardware security evolution
A well-tuned data breach playbook can provide security teams with a clear roadmap for working through the breach response process. Foreseeing every possible twist and turn of a breach may be impossible, but through extensive wargaming, teams can simula… Continue reading Wargaming an effective data breach playbook
It used to be that people were the greatest cybersecurity vulnerability, but this is no longer true. The rise of the internet made people more connected than ever. Attackers capitalized on that fact and targeted employees directly to gain access to an … Continue reading The new weakest link in the cybersecurity chain
Access control has become a main concern when it comes to developing secure web applications, and the NSA has a lot to say about it. Especially when it comes to the biggest access management pitfall developers make. In 2021 OWASP listed ‘Broken Access … Continue reading 5 steps to building NSA-level access control for your app
Adversaries don’t need to use sophisticated methods to gain access to enterprise systems or to deploy ransomware – they can just buy or steal credentials and log in. By burdening users with the near-impossible task of maintaining “secure password… Continue reading Why it’s time to move towards a passwordless future
The answer to the question “Why does software continue to have so many vulnerabilities?” is complex, because the software itself is so complex. There’ve been many articles written that cover the lack of tools to test for vulnerabilities, the security k… Continue reading April 2023 Patch Tuesday forecast: The vulnerability discovery race
Breaking down the silos between disaster recovery (DR) and cybersecurity has become increasingly important to ensure maximum business resiliency against outages, data breaches, and ransomware attacks. Yet, many organizations still operate these functio… Continue reading How can organizations bridge the gap between DR and cybersecurity?
We’ve been developing machine learning-based cybersecurity systems for many years and began developing automation for analysis in our labs in 2005. These early automation projects have since evolved into full-blown machine-learning frameworks. Si… Continue reading Malware and machine learning: A match made in hell
Cyberattacks tend to come from two angles: criminals take advantage of employees with privileged access or of security weaknesses in your hardware/software infrastructure. These broad categories encompass attack vectors such as phishing, man-in-the-mid… Continue reading What you need before the next vulnerability hits
Cybersecurity is such a complex field that even the best-trained, best-equipped, and most experienced security managers will sometimes struggle to decide which of several paths to take. Let’s consider uncategorized web traffic, for instance. I define t… Continue reading Known unknowns: Refining your approach to uncategorized web traffic