Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Minimizing Cyber Risk in Microsoft Environments

Microsoft’s enterprise software powers the majority of large environments. Though often hybridized with open source solutions and third party offerings, the core components of Windows Server, Exchange, and SQL Server form the foundation of many organizations’ data centers. Despite their prevalence in the enterprise, Microsoft systems have also carried a perhaps unfair reputation for insecurity, compared to Linux and other enterprise options.

Integrity Management: What It Is and How It Can Protect Your Data

In a previous article, I noted that organizations are witnessing a surge in integrity-based attacks targeting their networks. Enterprises can defend themselves against these types of threats by turning to the National Institute of Standards and Technology (NIST) Cybersecurity Framework. They can then pair the risk-based approach with NIST SP 800-53 and other security control catalogs that enable integrity management.

BreachSight: an Engine for Securing Data Leaks

When we began building a Cyber Risk Research team at UpGuard, we knew there were unavoidable risks. We would be finding and publishing reports on sensitive, exposed data in order to stanch the flow of such private information onto the public internet. It seemed likely the entities involved would not always be pleased, particularly as the majority of the exposures we discovered would be attributable to human error and/or internal process failures.

Vendor Risk: The Hidden Challenge of GDPR Compliance

The European Union’s GDPR regulations go into effect in May of this year. In essence, GDPR is a strict data privacy code that holds companies responsible for securing the data they store and process. Although GDPR was approved in April 2016, companies affected by the regulations are still struggling to reach compliance by the May 2018 deadline.

How UpGuard Monitors Linux Systems for Meltdown and Spectre

Meltdown and Spectre are critical vulnerabilities affecting a large swathe of processors: “effectively every [Intel] processor since 1995 (except Intel Itanium and Intel Atom before 2013),” as meltdownattack.com puts it. ARM and AMD processors are susceptible to portions of Meltdown, though much less at risk than the affected Intel hardware. Exploiting Meltdown allows attackers to access data from other programs, effectively allowing them to steal whatever data they want.

Securing GitHub Permissions with UpGuard

GitHub is a popular online code repository used by over 26 million people across the world for personal and enterprise uses. GitHub offers a way for people to collaborate on a distributed code base with powerful versioning, merging, and branching features. GitHub has become a common way to outsource the logistics of managing a code base repository so that teams can focus on the coding itself.

Check your Amazon S3 permissions. Someone will.

Nearly all large enterprises use the cloud to host servers, services, or data. Cloud hosted storage, like Amazon's S3, provides operational advantages over traditional computing that allow resources to be automatically distributed across robust and geographically varied servers. However, the cloud is part of the internet, and without proper care, the line separating the two disappears completely in cloud leaks— a major problem when it comes to sensitive information.

Egnyte Integrations Now Available on Your Desktop

If you’ve tried any of the business tools tightly integrated with Egnyte Connect, you probably enjoy added simplicity and more powerful workflows. A single right click enables teams to co-edit in Office Online or Google Docs and get signatures in DocuSign or AdobeSign. Once signed, files are automatically saved to their original Egnyte folders.

Ten Cool Things Your SIEM Should Do

A Security Information and Event Management (SIEM) is a security solution usedto identify, record, monitor, and analyze security events and incidents within a real-time IT environment. SIEM also centralize all the data. In addition, an effective SIEM solution must have certain capabilities to prevent colossal Data Breaches. The following sections delve into ten things that your SIEM solution should do.