Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

How to Automate Vendor Risk Management

Third-party vendors are an important source of strategic advantage, cost savings and expertise. Yet outsourcing is not without cybersecurity risk. As organizations' reliance on third-parties grow, so too does their exposure to third-party risk and fourth-party risk. In fact, a recent HSB survey found nearly half of data breaches in 2017 were caused by a third-party vendor or contractor.

What Is IP Attribution, and Why Is It Doomed?

Internet Protocol (IP) attribution is the attempt to identify a device ID or individual responsible for a cyber attack (e.g. ransomware or other types of malware) based on the origin of a network packet. An IP address is given to a system for a period of time that enables them to exchange data to and from other devices on networks.

What is Defense in Depth?

Defense in depth is a cyber security strategy that uses a series of layered, redundant defensive measures to protect sensitive data, personally identifiable information (PII) and information technology assets. If one security control fails, the next security layer thwarts the potential cyber attack. This multi-layered approach reduces the cyber threat of a particular vulnerability exploit being successful, improving the security of the system as a whole and greatly reducing cybersecurity risk.

What is CVE? Common Vulnerabilities and Exposures Explained

Common Vulnerabilities and Exposures (CVE) is a list of publicly disclosed information security vulnerabilities and exposures. CVE was launched in 1999 by the MITRE corporation to identify and categorize vulnerabilities in software and firmware. CVE provides a free dictionary for organizations to improve their cyber security. MITRE is a nonprofit that operates federally funded research and development centers in the United States.

What is Email Spoofing?

Email spoofing is the creation of emails with a forged sender address. Because core email protocols lack authentication, phishing attacks and spam emails can spoof the email header to mislead the recipient about the sender of the email. The goal of email spoofing is to get recipients to open, respond and engage with the email message. Email spoofing can greatly increase the effectiveness of phishing and other email-based cyber attacks by tricking the recipient into trusting the email and its sender.

22 Types of Malware and How to Recognize Them

Malware, or malicious software, is any program or file that harms a computer or its user. Common types of malware include computer viruses, ransomware, worms, trojan horses and spyware. These malicious programs can steal, encrypt or delete sensitive data, alter or hijack key computing functions and to monitor the victim's computer activity.

What is Digital Forensics?

Digital forensics or digital forensic science is a branch of forensic science focused on the recovery and investigation of material found in digital devices and cybercrimes. Digital forensics was originally used as a synonym for computer forensics but has expanded to cover the investigation of all devices that store digital data. As society increases reliance on computer systems and cloud computing, digital forensics becomes a crucial aspect of law enforcement agencies and businesses.