Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Shadow IT shaken with a mobile twist

If you bring up the topic of “shadow IT” to your head of IT, you will likely get a lecture about how employees need to follow protocol when using cloud cloud services so they don’t put the organization at risk. They’re not wrong. Without proper protection, unsanctioned tools can have significant consequences and unintentionally introduce security gaps.

Measuring Performance in Node.js with Performance Hooks

Measuring performance in Node.js applications can sometimes be a challenge. Do to the nature of the event loop and asynchronous code, determining the actual time a piece of code takes to execute requires tools built into the platform. First added in Node.js v8.5, as stableas of v12, the Performance Measurement APIs are stable and allow much more accurate monitoring than earlier implementations.

Best Practices for Delivering a Business-Driven Security Posture

The main focus for cybersecurity teams — moving beyond compliance — is to deliver the level of security required to manage the likelihood of a breach and the potential impact to the business. This is more effective than simply focusing on the cost of delivering security services.

Stories from the SOC - Cloud and On-site Protection

One of the benefits of having your managed detection and response (MDR) service managed by AT&T Cybersecurity is the visibility into threats from a large number of customers of all sizes and across different industries. This allows the team to take what they learn from one customer and apply it to another. Our security operation center (SOC) analysts were able to use an OTX alarm and an AWS correlation rule to discover open ports on public facing servers for two different customers in 24 hours.

Preventing Shadow IT from Blindsiding your Zero Trust Plan

I’ve spoken before about Zero Trust approaches to security, but for many of those starting on their journey, there isn’t an obvious place to start with the model. With this post, I wanted to share an example approach I’ve seen working that many organisations already have in place and can be easily rolled into a larger program of Zero Trust hardening: understanding your Shadow IT.

Law Firm Data Security Compliance: Protecting the Confidentiality Of Personal Data

Lawyers constantly handle sensitive data that attracts hackers and malicious insiders. Every security breach leads to reputational losses, remediation costs, and penalties. That’s why cybersecurity at law firms is regulated by strict IT laws and requirements. Complying with all necessary requirements and implementing protection measures that fit your organization is challenging.

How to Use SIEM Effectively?

In the last article, we talked about the top 5 SIEM reports and how you can generate them on the Logsign SIEM platform. We covered reports related to user accounts, file access, user/group changes, threats, and attacks. This article will show how you can effectively use the Logsign SIEM platform along the lines of the most popular use cases. A use case is defined as a series of actions or events between a system and a user that achieve a particular goal.

Understanding Cybersecurity Supply Chain Risk Management (C-SCRM)

Cybersecurity Supply Chain Risk Management (C-SCRM) deals with more than protecting an organization from cyber-attacks on third parties. It also addresses third parties to those third parties (known as “fourth parties”). Further still, a vendor to your vendor’s vendor is a fifth party, then a sixth party, etc. Your SCRM should involve knowledge of how far, complex and even convoluted your supply chain is. Then measure this complexity with your risk appetite.

Leveraging logs to better secure cloud-native applications

With the growing popularity of cloud computing, security incidents related to it have been on the rise. Logs are indispensable resources for countering these threats, and they can be utilized for alerting, taking remedial action, and even preventing future attacks. In this post, we will examine ways to better secure cloud-native applications using logs.