Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Detectify security updates for 02 May

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

A Quick Guide to Preventing, Detecting & Responding to Insider Threats

One day, a contractor working for an internet service provider decided to sabotage the company by disabling internet connectivity for all customers. Unfortunately, the employee's attack was successful, and the disruption lasted three weeks. This attack cost the company tens of thousands in remediation costs and left many customers struggling to navigate a world without the internet.

Who's phishing in your cloud? And, some suggestions for detecting it

A comprehensive, six-month study released by Proofpoint, in March reports that (oh, to our surprise), attackers are “leveraging legacy protocols and credential dumps to increase the speed and effectiveness of brute force account compromises at scale.” Yikes!! At SCALE! Threat actors design threats aiming at platforms or services which will provide the greatest ROI for them.

Inside the Government Cybersecurity Landscape: Federal vs. State Level Challenges

Few would dispute the idea that an effective cybersecurity profile requires candid assessments of potential vulnerabilities. Here’s a closer look at the challenges facing the federal cybersecurity mission and the efforts of state-level agencies.

Mitigating Risks in Cloud Migration

Companies are moving to incorporate the cloud into their computing infrastructure at a phenomenal rate. This is, without question, a very positive move. It permits companies to scale processing resources up and down in response to changing demands, giving companies the operational equivalent of unlimited resources while paying only for the resources that are actually used.

How to Use Data to Identify Trends, Attack Profiles, And Possible Threats?

Data is a raw material, which is often unstructured, extracted in massive quantity, and requires processing before calling it an information and actionable intelligence. A good example is the Indicators of Compromise (IoCs). A big list of domain names or IP addresses can be ingested into the SIEM system to identify whether this list contains any malicious IP or not.

How to create a security culture in your company in 2019

Cybersecurity isn’t just about the computer hardware, software, and networking technicalities that it pertains to. It is also about how human beings behave with computer technology–and what sort of cyber risks that behavior can create. Culture influences behavior, and the security culture of your company can have an immense effect on your cybersecurity. I’ll explain why.

Enterprise log management is here to stay: Part 1

Logs began with UNIX in the 1960s, partly to preserve the culture of close communication in programming. Luckily, that culture has held fast as programming and technology have taken many different shapes and evolutions over the years, and today, the idea behind logs is still to maintain data for correlation and analysis to meet enterprise security and compliance needs.