Evolution of the SOC – From the Dark Ages to Enlightenment, shifting to an agile threat informed cyber defense program How important is the Security Operations Center (SOC) to a business and a security leader's overall success? The answer is a bit cloudier than one would believe, given the length of time the SOC has been part of our security program lexicon.

When it comes to security in AWS, there is the shared responsibility model for AWS services, which is divided into AWS responsibility ‘security of the cloud’ and customer responsibility ‘security in the cloud’. For more detail on this please check the shared-responsibility-model. Figure 1: AWS Shared Responsibility Model Source: shared-responsibility-model.

The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) is one of several “gold level” standards used by public and private organizations as the basis for their cybersecurity protocols. It is also the benchmark utilized by Trustwave to protect our clients. NIST rolled out the CSF in 2014 as a set of guidelines for mitigating organizational cybersecurity risks.

The World Economic Forum (WEF) Centre for Cybersecurity will host its annual meeting focusing on cybersecurity from November 15-16 in Geneva, Switzerland. Among the primary themes for the 2022 event is cyber resilience, with a focus on organizations developing the proper leadership and cooperation to deal with the growing threat landscape.

Russia’s military incursion against Ukraine began on February 24, 2022, with a massive ground attack supported by several cyber incidents. This activity set the stage for what would become an active hybrid war fought in two domains: cyber and ground warfare.

U.S. Sen. Mark Warner (D-Va.) issued the 35-page report Cybersecurity on Patient Safety on November 3, which called the ongoing transition to better cybersecurity for the healthcare sector as being painfully slow and inadequate. This is despite the fact the healthcare sector is uniquely vulnerable to cyberattacks.

On November 1 the OpenSSL Project released patches addressing the previously rated "Critical" vulnerability that was pre-announced last week. The "Critical" rating has been downgraded to "High.".

There are many arguments on either side of remote work, including whether it impacts an organization’s cybersecurity posture. While most people perceive risks to be higher while people are working from home, this is generally driven by a fear of the unknown. In reality, while some risk factors have changed in some cases, risk is often reduced in a remote working scenario.

Perhaps it’s fitting that 2022 Cybersecurity Awareness Month ended on Halloween as there are a few similarities that can be drawn between these two events. Cyberattacks are scary. Ransomware is kind of like to older kids threatening to egg your house unless you give them all your candy. And is there really a difference between a child dressed up as Buzz Lightyear or Captain Marvel and a well-crafted socially engineered phishing email? After all, neither are as they appear…..

Trustwave has enhanced its pen testing offering to now include a high-quality, cost-effective offering to larger organizations. This new Enterprise Pen Testing (EPT) offering is designed to meet the complex testing needs of these organizations with an extensive breadth and depth of vulnerability identification, ability to deliver scaled programs of work, at an extremely competitive price point.