Category: Advanced Cyber Defenses

  • What to Do When Automated Application Security Testing Falls Short

    Posted on August 24, 2018 by Seth Art and Josh Belles

    As the number of applications developed explodes, the prospect of performing Application Penetration Testing on each application, with limited budgets and scarce resources, becomes increasingly daunting and seemingly impossible. Application risks will never be sufficiently mitigated by relying on automated scanning alone. Typically, there are three main dynamic options practiced today, and they vary in coverage, accuracy, and cost. Learn More

  • The Myth of the Operational Technology Air Gap

    Posted on August 2, 2018 by Nigel Stanley

    The cybersecurity field of operational technology (OT) is buzzing as companies increasingly realize that their production systems, manufacturing plants, chemical processing plants or industrial control systems are at risk from cyber-attacks. This realization is fuelled by a big uptick in hacker interest as such systems are insecurely connected to the internet and compromising them is a change from stealing credit card information. Learn More

  • Phishing your way Past Multi-Factor Authentication

    Posted on July 24, 2017 by Charles Worrell

    Let’s say an attacker gains access to a valid set of employee credentials. If you don’t have multi-factor authentication (MFA) in place, the attacker has hit the jackpot. They can quickly authenticate against any publicly available asset that accepts the compromised username and password.

    But what if you do have MFA in place? You have a federated single-sign-on portal as the gatekeeper to your sensitive public assets, and it’s protected with MFA. Learn More

  • Six Steps to an Effective Incident Response Exercise

    Posted on September 2, 2016 by Mark Coderre

    Incident Response drills shouldn’t be viewed as overhead, or a discretionary spend, because a poorly executed response to a cyber security incident translates to material financial, regulatory, and reputational costs for your organization.

    Effective incident response requires preparation; this includes not only preventing incidents, by ensuring that systems are secure, but also establishing an incident response capability so that you’re confident your organization is ready to respond. Learn More