As the number of remote workers grows, virtual private networks (VPNs) are becoming a popular way to grant remote access to employees while hiding online activities from attackers. With a VPN, your organization can secure network traffic between your site and users by creating an end-to-end secure private network connection over a public network. In this article, you will learn how a VPN works, what protocols are needed, what challenges are involved, and what alternatives are available.

Across a health system’s digital terrain, the most vulnerable assets are connected medical devices. If those devices become compromised, the infiltration could impact a patient’s privacy, health and safety. Moreover, it could shut down care delivery for days, weeks or longer, with long-lasting financial and reputational impacts. According to Deloitte, an estimated 70% of medical devices will be connected by 2023.

Fueled by the need to detect new, emerging threats while supplying meaningful feedback upstream to anticipate and prevent future ones, the modern SOC is the engine that protects organizations worldwide. The heart of that engine is common to all SOCs since they debuted more than a decade ago: people.

PCI DSS 4.0 couldn’t have come at a more opportune time, particularly as the global pandemic forces more individuals into online purchasing—from shopping and entertainment to healthcare and hospitality. With PCI 4.0 compliance mandated by 2025, it is critical to understand now what it will mean for client-side security, so businesses can begin the implementation process.

The best way to know if something works is to try it out. Ensuring that your security products are actually working is a fundamental task of routine maintenance. This is why it is so useful to use tools like Atomic Red Team that generate suspicious events based on ATT&CK techniques and see how Falco triggers alerts. In this blog, we will cover how to install and run the Atomic Red Team environment on a Kubernetes system for testing Falco rules.

Two years ago, the world shut down. We all lived through the start of the pandemic, when the world’s white-collar workforce was sent home en masse. Remote work became the only option for employees in many positions across many companies. This working environment was isolating, and staff required entirely new workflows just to keep business processes functional—but we survived it.

With the rise of ransomware and cyber attacks, the term defense-in-depth has risen to the forefront, but what exactly does it mean? At its core, defense-in-depth is a protection mechanism for network security–an approach that involves layering or using multiple controls in series to protect against possible threats. This layered concept provides multiple redundancies in the event systems and data are compromised.

One of the biggest decisions a rapidly evolving organization has to make when it comes to its IT infrastructure is whether to move to the cloud. At Tines, we love the cloud but understand that different security systems and environments require different deployment options. Some organizations need extra guardrails in place to access and manage their systems and data.

Software teams have focused on agility since the world embraced Mark Zuckerberg’s motto to “move fast and break things.” But many still lack the confidence or tooling to accelerate their processes. What’s more: in the race to release more, ship faster, and prioritize speed, many have neglected thoughtfulness and security – with Facebook itself becoming the poster child of data misuse.

What is it with these funny adversary names such as FANCY BEAR, WIZARD SPIDER and DEADEYE JACKAL? You read about them in the media and see them on CrowdStrike T-shirts and referenced by MITRE in the ATT&CK framework. Why are they so important to cyber defenders? How is an adversary born? You may think you have a problem with ransomware, bots or distributed denial of service (DDoS) attacks but you would be wrong. Because humans are behind every cyberattack, what you really have is an adversary problem.