On January 31st, 2020, the Office of the Undersecretary of Defense for Acquisition and Sustainment (OUSD A&S) published V1.0 of the Cybersecurity Maturity Model Certification (CMMC). The CMMC builds on DFARS both in terms of required practices and by establishing “trust, but verify” relationships with DoD contractors.

When it comes to building a security program, one of the most frequently overlooked areas is that of vendor management. Organizations focus significant resources on internal security, such as vulnerability scans, centralized log management, or user training, while not extending the same diligence towards their third-parties. Organizations end up trusting the security of their network and data to an unknown and untested third-party. As we all know, a chain is only as strong as its weakest link.

For the majority of people in the information security world, the act of offensive hacking is something they are tasked with protecting against but have little ability to do themselves. That is like asking a professional boxer to enter the ring without knowing how to throw a punch. Sure, you may be able to get in and last a few rounds, but eventually, a formidable opponent will wear you down and knock you out.

Can IT departments build a secure, compliant and usable knowledge management solution with Microsoft software? We’ll look at the advantages and disadvantages of using Microsoft SharePoint as a knowledge management system and what can be done to enhance and extend the platform’s capabilities.

Today we announced that, in a few weeks, we will be releasing the next generation of Egnyte. Instead of separate products, Egnyte Connect and Egnyte Protect, we will be offering the comprehensive breadth of our solution under one, open framework: the Egnyte Content Services Platform.

Out of the box, Node.js offers the http library for making requests, but it isn't particularly user friendly and requires some customization before it can be easily used. As a result, a large ecosystem of third-party libraries have emerged to make AJAX and HTTP requests easier. Some offer cross-platform (browser and Node.js) support, while others focus on bundle size or developer experience. With some many options, how do you choose?

The FBI recently reported that in 2019, cybercrime cost businesses $3.5 billion, a number they say is likely grossly underestimated. Another study from Accenture that spanned 11 countries across 16 industries found that the complexity of attacks is also increasing. As a result, the average cost of cybercrime for an organization grew from $1.4 million to $13.0 million.

I have often heard it said that "data is the new oil" - it has value if it can be extracted and used correctly. How to extract value and leverage this opportunity - and occasional threat - is what I most commonly hear is keeping today's executives awake at night. From mom-and-pop shops to global enterprises, within nonprofits and the public sector, every leader wants to become data-driven. Unlocking the power of data is, obviously, critical to success.

A formal, written vendor or third-party risk management policy is the first step in developing your vendor risk management program, and essential to that program’s success. Vendor risk management encompasses third-party risks as well as that of your vendors’ vendors — fourth-party risks — and is an important component of any cybersecurity program.

During a penetration test, it's not an uncommon practice for a penetration tester to launch a password attack against Active Directory. Many times this password attack uses a list of domain user accounts that were enumerated or even just a list of potential domain user accounts that were generated randomly. Many penetration testers will either perform just a single password attack or at least 2-3 attempts, depending on domain's password lockout policy is set to.