Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Compliance is a fundamental baseline for many organizations but doesn’t guarantee security. While there is some overlap, today’s security leaders must recognize the need to go beyond what compliance frameworks call for to achieve an extra layer of protection and peace of mind against potentially devastating breaches. Compliance may set the foundation, but it should never be viewed as providing total protection or proof of a robust security posture.

Resilient cybersecurity posture can only be achieved with a full understanding of your internal and external attack surface. CrowdStrike Falcon® Surface builds on our award-winning adversary intelligence with cutting-edge external attack surface management (EASM) capabilities for a complete picture of known and unknown externally exposed assets, all delivered via the unified CrowdStrike Falcon® platform.

On Tuesday, December 13, a joint announcement from the United States NSA and Citrix announced a zero-day vulnerability in Citrix ADC. The vulnerability (CVE-2022-27518) is a critical unauthenticated Remote Code Execution (RCE) issue currently rated as CVSS 9.8. Patches are already available from Citrix. The NSA attributes the zero-day to APT5, a Chinese hacking collective. There is currently no guidance for how widespread the campaign has been or how long it's been ongoing.

Meta has two of the largest social media platforms today, Facebook and Instagram. These platforms became the modern gateway for people not just to socialize and eavesdrop on the lives of famous personalities, but more importantly, to stay connected with their friends and loved ones. The sites also became effective channels for organizations to advertise and disseminate information.

In a key bulletin published in August 2022, Tony Chaudhry, the Underwriting Director of Lloyds, addressed the risk posed by cyber security threats to the insurance industry, stating that “losses have the potential to greatly exceed what the insurance market is able to absorb”.

In order to enable and sustain an effective and secure hybrid work environment, enterprises need security that can deliver protection anywhere, stop modern threats, ensure compliance, and maintain consistent policies across both on-premise and remote locations.

Organizations need real-world protection from malware, but how do you know what you’ll get for security coverage in advance of purchasing a product? AV-Comparatives offers a comparison as an independent organization performing systematic testing that checks whether security software lives up to its promises. They create a real-world environment for accurate testing.