The events of 2020 helped to accelerate the convergence between information technology (IT) and operational technology (OT) for many organizations. As reported by Help Net Security, for instance, two-thirds of IT and OT security professionals said in a 2020 survey that their IT and OT networks had become more interconnected in the wake of the pandemic.

Tripwire Enterprise (TE) is at its heart a baselining engine. It’s been built to take information, create a baseline of it, and show when that baseline has changed. (It’s called a “version” in TE terms.) TE starts with a baseline version designated by an organization’s security teams. At some point, a change version with new information (file, registry entry, RSoP, command output, or data captured in some other way) emerges.

The California Privacy Rights Act (CPRA) is an extension of the 2018 California Consumer Privacy Act (CCPA). The goal of both laws is to enhance the privacy rights of California residents with regards to the personal information that companies collect about them, giving them the right to see, delete and limit the sale of that data. The CPRA will be fully implemented in mid-2023. In this article, we will take a close look at the provisions of CPRA and how it amends the CCPA.

When presented with an opportunity, people who never even planned to attack your organization may turn into a severe cybersecurity threat. Forget to block a dismissed employee from accessing your system and they may steal or alter your critical data. Grant a third-party contractor excessive access to your infrastructure and they may cause a serious data breach. That’s why it’s crucial to make sure you don’t give insiders an opportunity to turn malicious.

Technology companies love abbreviations and acronyms. Starting with what’s probably the original tech company, International Business Machines (better known as IBM), initials, abbreviations and acronyms continue to dominate the personal computer (PC), telecommunications (telco), security operations (SecOps), and many other tech industries.

Netacea recently surveyed 440 businesses from across the USA and UK to understand how much financial impact bot attacks are having across different industries. Read the full results in our report: The Bot Management Review: What Are Bots Costing Your Business?

Accountability is essential for AppSec analysts, managers, and CISOs. Learn how ASOC tools bring the visibility and transparency required. We have already discussed how application security orchestration and correlation (ASOC) makes the AppSec process more efficient and scalable. In this final post in our ASOC series, we will demonstrate how ASOC tools bring accountability to both the technical and business sides of application security.

Security analysts know this situation well: inundated by alerts, alternating between 10 different security tools, and feeling the pressure of responding to each and every threat. It’s typically around this point that SOC teams realize it’s humanly impossible to process the amount of data that needs to be processed, and they should start looking for a solution. Gretchen White, Chief Information Security Officer at Minnesota Judicial Courts, experienced this firsthand.

Nearly 80 per cent of all ransomware attacks in the first half of 2021 involved the threat of leaking exfiltrated data. Exfiltration is a popular pressure tactic as it introduces the threat to publish stolen sensitive data to a threat actor extortion website if a ransom payment is not received. Our team currently tracks over 40 threat actor extortion websites, with new sites belonging to new ransomware groups emerging each week.

A network vulnerability assessment is the reviewing and analyzing of an organization’s network infrastructure to find cybersecurity vulnerabilities and network security loopholes. The assessment can be carried out either manually or by using vulnerability analysis software — although the latter is preferred because it’s less susceptible to human error and usually delivers more accurate results.