It's no longer enough to simply ensure that your organization's systems and enterprise web presence are secure. Your risk management program needs to look beyond the perimeter of your organization to properly vet the third and fourth-party vendors who will have access to your data without being subject to your internal risk management process. The use of third parties in your supply chain or for data handling create potential risks that can be compounded by these third-party weaknesses.

A simple DLL file was the catalyst to the most devastating cyberattack against the United States by nation-state hackers. This cinematic breach demonstrates the formidable potency of DLL hijacking and its ability to dismantle entire organizations with a single infected file. DLL hijacking is a method of injecting malicious code into an application by exploiting the way some Windows applications search and load Dynamic Link Libraries (DLL).

In December 2020, the U.S government announced that it fell victim to what is believed to be the largest security breach in the nation's history. The breach occurred through an innocuous IT update from the Government's network monitoring vendor, SolarWinds. This monumental breach exposes a novel and powerful method of clandestinely penetrating even the most sophisticated security defenses through third-party vendors - supply chain attacks.

The BlueKeep RDP vulnerability (CVE-2019-0708) is a remote code execution flaw that affects approximately one million systems (as at 29 May 2019) running older versions of Microsoft operating systems. Attention shifted to BlueKeep about two weeks ago, during Microsoft's May 2019 Patch Tuesday. Microsoft released patches but their warning that the vulnerability is wormable drew the attention of security researchers who have uncovered more concerning findings about this emerging threat.

Effective cybersecurity is no longer relegated to deep-pocketed enterprises—a myriad of open source solutions can offer adequate protection to the most cash-strapped of organizations. That said, there are some capabilities free just won't get you, but how critical are they in the grand scheme of cyber resilience and are they worth the price tag? Tripwire and OSSEC are two popular solutions on opposite sides of this spectrum; let's see how they stack up.

To survive in today's cyber threat landscape, enterprises increasingly rely on layered defenses to smooth out attack surfaces. A variety of tools are available to cover all parts of the security continuum: security information and event management (SIEM), security configuration management (SCM), vulnerability detection, and more. Tripwire and RedSeal are two platforms that cover different, but equally important, aspects of enterprise security—let's see how they stack up in this comparison.

It's not uncommon for organizations to encounter hundreds of security incidents on a daily basis—from the trivial poking and prodding of script kiddies to nefarious activities that constitute the inner workings of advanced persistent threats (APTs). Transforming this volume of data into actionable information is impossible without the assistance of security intelligence, specifically, the analytic capabilities of security information and event management (SIEM) tools.

For today’s busy sysadmin, systems health and performance monitoring tools like Microsoft’s SCOM (Systems Center Operations Manager) and the open-source Nagios are invaluable. They enable at-a-glance monitoring of large numbers of servers throughout a network, which is doubly critical in case of a widely geographically dispersed network setup such as in a WAN or MAN. Though they broadly achieve the same goals, SCOM and Nagios come at it from quite different directions.

Fee versus free, how do the two compare when it comes to intrusion detection? Specifically, how does the open source Advanced Intrusion Detection Environment (AIDE)—commonly referred to as the free Tripwire replacement—stack up against Tripwire Enterprise, the longstanding leader in this category?

When we set out to create a cloud-based tool for configuration monitoring, we used the tools we knew and wrote UpGuard using JRuby. For our application, JRuby had many good qualities: getting started only required a one line install, the agent only needed to talk out on port 443, and it was platform agnostic. Using JRuby we demonstrated the value of system visibility, attracted our first cohort of customers, and raised the funds to expand UpGuard.