Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

ZTNA vs VPN - Whats the Best Security Solution?

Work from home (WFH) remains a common practice for many businesses worldwide. This working model has enabled companies to hire top talent across borders, boost revenue, and improve employees work-life balance. A new report by Tata Consultancy Services (TCS) claims that, by 2025, 40% of employees around the world will work from home. However, this growing trend also brings about a range of cybersecurity risks that could impact businesses significantly.

Assessing and Prioritizing Risk in Your Infrastructure

There are lots of hurdles to jump when trying to set up and maintain a SIEM. Preparing infrastructure and installing the software components, getting logs ingested into the system, parsing and normalizing those log messages properly, configuring alerts for detection, etc. These are all large tasks that require thoughtful planning and a lot of work to get right. But let’s say you’ve managed to clear all those hurdles…in that case, great job!!

How to get your Cyber Essentials certification: A process guide

Most organizations today are heavily reliant on technology, regardless of the product or service they provide. This expands their data exposure points and potential attack surface, which is why there is a significant need to monitor the risks and vulnerabilities in the cybersecurity landscape. ‍ Cyber Essentials certification is a comprehensive cybersecurity strategy involving vigilance over various scattered technologies, policies, and controls.

Cyber Essentials vs. Cyber Essentials Plus: Key differences

If you wish to fortify your organization’s cybersecurity posture, obtaining a Cyber Essentials certification is a good idea. It enables IT managers to be more aware of the cybersecurity risks in their environment and take actionable steps to mitigate them. Before you pursue it, though, you should decide between two certification levels: Cyber Essentials and Cyber Essentials Plus. ‍ While both are cybersecurity assurance schemes, Cyber Essentials Plus offers a greater level of assurance.

SOC 2 or ISO 27001 - Which One Do You Need?

In the wide world of information security, there are many different frameworks, standards, and systems in use to help assume a secure stance against threats. Two commonly seen frameworks are SOC 2 and ISO 27001. How do these two stand in comparison to each other, and which one do you need for your business? Let’s discuss.

Linux Kernel effected by CVE-2023-2163

CVE-2023-2163 is a critical vulnerability in the Linux Kernel, specifically affecting kernel versions 5.4 and above (excluding 6.3). This vulnerability arises from incorrect verifier pruning in the Berkeley Packet Filter (BPF), leading to unsafe code paths being incorrectly marked as safe. The vulnerability has a CVSS v3.1 Base Score of 8.8, indicating its high severity. The consequences are arbitrary read/write in kernel memory, lateral privilege escalation and container escape.

Financial Services Industry Experiences a Massive Increase in Brand Abuse

Industry analysis of the domains used behind phishing and brand impersonation attacks show financial institutions are being leveraged at an alarming rate. It’s one thing to see your industry at the top of some “state of” cybersecurity report, but it’s entirely different to learn that 68% of all phishing web pages identified in a single quarter are from your industry. That’s exactly what we find in Akamai’s latest analysis of websites across the Internet.

New Features in Teleport Policy provide more insight into infrastructure policy risks

As modern organizations grow in size and complexity, managing secure access to computing infrastructure becomes a top priority. Teleport has introduced new features in Teleport Policy 16 aimed at making this easier and more efficient. With these enhancements, organizations can take a more proactive approach to security, ensuring better oversight and reducing potential risks.

Safeguarding Sensitive Information in the Age of Generative AI

Since its debut in 2022, ChatGPT has radically reshaped the way we interact with technology. Generative AI (genAI) platforms like ChatGPT, Google Gemini, and Meta AI have rapidly gained in popularity, offering capabilities that range from rewriting text to generating creative content. While these tools have created new opportunities for enhanced productivity, they’ve also introduced new security risks — particularly when users unknowingly share sensitive information.