Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Simplifying Secure Server Access with Teleport's Approval Workflow

Back in the early 2010s, a Forrester researcher, John Kindervag, noticed that corporations had a binary view of trust and privilege. Once new employees have completed training, they are given full access to all the tools and VPNs needed to get their job done. Once they are logged on, they are trusted completely. Kindervag noticed that “trust” is a vulnerability that can be exploited. Since then, awareness of Zero Trust implementations has grown, in particular Google’s BeyondCorp.

Why is Vendor Risk Management Important?

Engaging third-party vendors for the provision of goods and services is not a new concept, so why has vendor risk management become so important? Vendor risk management is important because managing vendor risk is foundational to cybersecurity, ensuring business continuity and maintaining regulatory compliance. A robust vendor risk management (VRM) program can help organizations under their vendor risk profile and mitigate third-party and fourth-party risk rather than relying on incident response.

On Authorization and Implementation of Access Control Models

There are dozens of implementations of authorization mechanisms. When there are complex requirements dictated by business processes, authorization mechanisms may often be implemented incorrectly or, at least, not optimally. The reason for that, in my opinion, is the low attention of both the customer and developers to this aspect in the initial stages of the project and, at the same time, insufficient assessment of the impact of necessary requirements.

The Vulnerability Management Maturity Model and Its Stages

The need for a mature cybersecurity process in today’s corporate environment is becoming ever more critical. As hackers are becoming more and more sophisticated, so our management and defense systems should also be strengthened accordingly. While there are many components that make up a solid security program within an organization, today, we will shed a light on one essential of these components, which is a vulnerability management maturity model.

Do you need certifications to get an InfoSec job?

I’ve seen Tweets and heard many discussions about certifications, like CISSP, CEH, OSCP and so on, in InfoSec. No doubt certifications have value – in many situations hiring managers are quickly going through resumes and certifications are symbolic of at least book-learning, and some degree of dedication to InfoSec. Certifications can be expensive and time consuming so having them clears the bar of at least slightly dedicated.

Unpatched zero-day vulnerability in Internet Explorer exploited in the wild

Barely a week after Patch Tuesday, internet security company Qihoo 360 has discovered yet another vulnerability in Internet Explorer (IE), this time due to a remote code execution vulnerability in the jscript.dll scripting engine. The vulnerability, identified as CVE-2020-0674, is considered Critical for IE 11, and Moderate for IE 9 and IE 10.

File Based License Restriction Pitfalls

The ionCube Encoder provides two ways to add licensing restrictions to encoded files. The method we encourage most is via license files as this provides the more efficient solution because you only need to encode your files once and then can generate a separate license file for each customer. The license file can then be updated without needing to re-encode each time.

What is NIST SP 800-171? Tips for NIST SP 800-171 Compliance

NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST SP 800-171 or NIST 800-171), provides federal agencies with a set of guidelines designed to ensure that Controlled Unclassified Information (CUI) remains confidential and unchanged in nonfederal systems and organizations.

5 Ways Your Organization Can Ensure Improved Data Security

Each year on January 28, the United States, Canada, Israel and 47 European countries observe Data Privacy Day. The purpose of Data Privacy Day is to inspire dialogue on the importance of online privacy. These discussions also seek to inspire individuals and businesses to take action in an effort to respect privacy, safeguard data and enable trust. In observance of Data Privacy Day this year, here are five recommendations through which organizations can bolster their data security efforts.

It's Data Privacy Day Today...and Every Day

Today is Data Privacy Day, an event sponsored by the National Cyber Security Alliance. The intent is to promote awareness and best practices for how citizens should think about security and how it relates to their data, their organizations, and ultimately, our nation. At a time when we transact with all manner of data in so many form factors, we are inclined to overlook the importance of measures that keep our data and content safe.