Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Using SharePoint as a Knowledge Management System: Pros and Cons

Can IT departments build a secure, compliant and usable knowledge management solution with Microsoft software? We’ll look at the advantages and disadvantages of using Microsoft SharePoint as a knowledge management system and what can be done to enhance and extend the platform’s capabilities.

Announcing Egnyte's Next-Gen Content Services Platform

Today we announced that, in a few weeks, we will be releasing the next generation of Egnyte. Instead of separate products, Egnyte Connect and Egnyte Protect, we will be offering the comprehensive breadth of our solution under one, open framework: the Egnyte Content Services Platform.

The Top Node.js HTTP Libraries in 2020

Out of the box, Node.js offers the http library for making requests, but it isn't particularly user friendly and requires some customization before it can be easily used. As a result, a large ecosystem of third-party libraries have emerged to make AJAX and HTTP requests easier. Some offer cross-platform (browser and Node.js) support, while others focus on bundle size or developer experience. With some many options, how do you choose?

What is the Next Generation Threat Hunting

The FBI recently reported that in 2019, cybercrime cost businesses $3.5 billion, a number they say is likely grossly underestimated. Another study from Accenture that spanned 11 countries across 16 industries found that the complexity of attacks is also increasing. As a result, the average cost of cybercrime for an organization grew from $1.4 million to $13.0 million.

Delivering on Data's Promise Requires a Personal Touch

I have often heard it said that "data is the new oil" - it has value if it can be extracted and used correctly. How to extract value and leverage this opportunity - and occasional threat - is what I most commonly hear is keeping today's executives awake at night. From mom-and-pop shops to global enterprises, within nonprofits and the public sector, every leader wants to become data-driven. Unlocking the power of data is, obviously, critical to success.

Why You Need a Vendor Risk Management Policy

A formal, written vendor or third-party risk management policy is the first step in developing your vendor risk management program, and essential to that program’s success. Vendor risk management encompasses third-party risks as well as that of your vendors’ vendors — fourth-party risks — and is an important component of any cybersecurity program.

Avoiding SMB Rate Limits During Authentication Attacks

During a penetration test, it's not an uncommon practice for a penetration tester to launch a password attack against Active Directory. Many times this password attack uses a list of domain user accounts that were enumerated or even just a list of potential domain user accounts that were generated randomly. Many penetration testers will either perform just a single password attack or at least 2-3 attempts, depending on domain's password lockout policy is set to.

Is your business PCI DSS compliant?

How Chooseus Life Insurance lost its customers’ cardholder details and their trust In August 2019, reporters began flocking to Chooseus Life Insurance’s head office in Detroit after news leaked that thousands of the company’s customers had lost money due to a security breach. The CEO of this life insurance company released the following statement: “We have had your trust for two years.

What is a Whaling Attack?

A whaling attack is a type of phishing attack that targets high-level executives, such as the CEO or CFO, to steal sensitive information from a company. This could include financial information or employees' personal information. The reason whaling attacks target high-ranking employees is because they hold power in companies and often have complete access to sensitive data.

Zero Trust Approach to Threat Intelligence - BSidesSF Preview

Zero Trust is a security concept that is based on the notion that organizations should not take trust for granted, regardless of whether access attempts originate from inside or outside its perimeters. An enterprise needs to verify any attempt for connection to its systems before granting access. At the same time, the defensive layers that define the Zero Trust model should enable access for enterprise users no matter where they are and no matter what device they’re using.