Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Antivirus Evasion for Penetration Testing Engagements

During a penetration testing engagement, it’s quite common to have antivirus software applications installed in a client’s computer. This makes it quite challenging for the penetration tester to run common tools while giving the clients a perception that their systems are safe, but that’s not always the case. Antivirus software applications do help in protecting systems but there are still cases where these defenses can be bypassed.

Appointing a DPO

A Data Protection Officer (DPO) is a lot like a little angel on your shoulders, except instead of a little harp, they have a complete understanding of GDPR and other data protection laws. Their job is to make sure you don’t listen to the devil on your other shoulder encouraging you to do all sorts of non-compliant things, like process data unlawfully or without permission.

Weekly Cyber Security News 17/08/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Been a strange week, always is, but this time some really dumb self inflicted breaches and own goals that defy belief. What I will focus on this week is the future, the dark looming cloud that is brewing from badly thought-out out approaches to dealing with an age old problem.

ITIL, Problem Management and Tripwire Enterprise

I’ve written about ITIL and Tripwire Enterprise, offering a secure approach to managing your Change Management processes, but ITIL’s guidelines offer more than just recommendations around ensuring changes happen as expected. Problem management is another key area where Tripwire Enterprise can help you on your ITIL journey. ITIL sensibly focuses on root-cause analysis for problem management.

How Employee Monitoring Keeps Clinical Trial Data Secure

Clinical trials are a crucial step in developing new life sciences products such as drugs and medical devices. All tests – whether with large or small groups of people – require medical and personal information from patients upfront, and then proceed to collect data throughout the process. Ultimately, research companies are responsible for large sets of sensitive data and securing that information should be a top priority.

Improving Threat Detection through Managed Security Service Providers (MSSPs)

Cybersecurity is a growing concern as breaches continue to increase in frequency and make headline news. Unfortunately, due to time and other constraints, many smaller businesses postpone the complicated task of risk management, only to eventually succumb to the devastating ramifications of a cyberattack. While the security solutions themselves appear complicated, the ability to mitigate risk is within reach of all.

Alert Fatigue Is a Big Cybersecurity Problem

Alarms and alerts surround us every day. From the moment our clocks wake us up in the morning, we rely on alarms for many things. But what happens when those alarms and alerts malfunction? What does it do to us and how does that affect our day to day life? Recall the Dallas Emergency Alert Malfunction. As it turns out, getting tired of these alarms can prove dangerous to cybersecurity.

Multi-Cloud Security Best Practices Guide

A multi-cloud network is a cloud network that consists of more than one cloud services provider. A straightforward type of multi-cloud network involves multiple infrastructure as a service (IaaS) vendors. For example, you could have some of your cloud network’s servers and physical network provided by Amazon Web Services (AWS), but you’ve integrated that with your servers and physical networking that’s provided by Microsoft Azure.

HTTPS and Chrome's Security Push

Last month, Google Chrome started marking all non-HTTPS sites as not secure. The main reason for this is because all non-HTTPS sites are insecure, so there is some logic to it. It was part of a plan announced way back in 2016 that sought to improve security across the Net. The first stage of this was to mark all HTTP sites that collect passwords or credit card details (and the like) as being insecure.