Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

The Dangers of Free VPNs

If you use a free VPN, then you have to wonder how your provider earns money to cover their own costs. The answer often involves advertising, but it can also be through far more sinister means. Running a VPN service costs a significant amount of money. There are setup costs, infrastructure costs, labor and other running costs. The companies behind these services generally want to make a profit as well.

Security Orchestration Use Case: How to Automate Threat Hunting?

Threat hunting is the practice of iteratively and proactively hunting for threats or Advanced Persistent Threats (APT) that are launched by adversaries. Unlike traditional security systems such as antivirus program, firewalls, or SIEM, who use a reactive approach to threats, threat hunting utilizes a proactive approach to pursuing threats even before they compromise organization’s network or IT infrastructure.

How to Maintain Data Security When Employees Work Remotely

We all know the perks of allowing employees to work remotely. From lower overhead (less snacks and drinks to provide) to increased productivity and job satisfaction, working from home is becoming more and more common in today’s business landscape. Unfortunately, with this system comes many data security risks to consider. With so many devices being used for work and various network connections to monitor, how can you allow your employees to work remotely and still maintain data security?

Let's Chat: Healthcare Threats and Who's Attacking

Healthcare is under fire and there’s no sign of the burn slowing. Look, it’s no secret that hackers have been targeting hospitals and other healthcare providers for several years — and probably no surprise that healthcare is one of the top target industries for cybercrime in 2018. In the US alone, in fact, more than 270 data breaches affecting nearly 12 million individuals were submitted to the U.S. HHS Office for Civil Rights breach portal (as of November 30, 2018).

Latest Version of Tripwire IP360 Now Certified To Meet Most Current Common Criteria Certification Standards

Tripwire has demonstrated its ongoing commitment to meeting U.S. government and internationally recognized security standards by achieving the most current Common Criteria standards for its latest version of Tripwire IP360’s 9.0.1, specifying the certification as “Evaluation Assurance Level 2 augmented with Flaw Remediation” (EAL2+).

Security Orchestration Use Case: How to Automate Malware Analysis?

Malware Analysis is the process whereby security teams such as Incident Response Handlers perform a detailed analysis of a given malware sample and then determine its purpose, functionality, and potential impact. Conducting malware analysis manually is a cumbersome and time-consuming process as it involves a lot of security professionals, resources, and budget.

Risk Appetite vs Risk Tolerance

Although often used interchangeably, risk appetite and risk tolerance distinguish themselves from one another in a nuanced way. While most regulations and standards focus on the risk management process, few clearly define the differences between these terms in a meaningful way. However, to create an effective cybersecurity program, you need to be able to separate risk appetite from risk tolerance so that you can develop appropriate controls to protect data.