Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Read our guide to learn about the latest proposals and how they could affect your organisation. Enacted in 2016, the NIS Directive is the first EU-wide legislation on cyber security. It requires member states to ensure that providers of critical infrastructure and services have appropriate security measures in place to manage cyber risk and maintain resilience in the event of an incident. Its four top-level objectives are.

Here, security experts from across the Redscan team offer advice on how to improve cyber resilience during the year ahead.

The threat actor then gained a back door into the company’s Orion network management platform – used by over 300,000 organisations worldwide. Given the seriousness of the attack, its potential to affect customers across the SolarWinds supply chain and reports of espionage by nation state attackers, this is a story that is likely to have ongoing repercussions for organisations in 2021.

Statistics routinely collected and assessed as part of network and endpoint monitoring include events per second, alerts and false positives, with success often benchmarked by the time to detect, respond and recover. Incorporating scenario-based testing into the threat detection process allows organisations to obtain additional insight into the true effectiveness of detection and response controls and procedures by benchmarking performance against the attributes of specific types of attacks.

In this article, we outline how conducting regular GDPR pen tests can help to mitigate the risks of data breaches. Since it came into effect in 2018, the GDPR has helped to improve the way that organisations operating across the EU and UK collect, handle, process and store personal data. The GDPR covers all aspects of data protection, including the requirement for organisations that handle personal data to improve information security and governance.

ThreatDetect™, our Managed Detection and Response (MDR) service, was voted SME Security Solution of the Year – an accolade we also received in 2019. In a virtual ceremony on 10th December, we were also runners up in the Pen Testing Solution of the Year and Remote Monitoring Solution of the Year categories.

With a CVSS score of 10, Zerologon is a privilege escalation vulnerability that can be used to spoof domain controller accounts and hijack domains.

In the final blog post of our three-part series on cloud security, we outline the key controls organisations should take to minimise cloud security risks.

Effective cyber security management requires a careful combination of technology, intelligence and expertise. A Security Operations Centre (SOC) is an effective way to strike this balance, providing the full capabilities needed to detect and respond to threats, 24/7/365.

We asked our Head of Pen Testing, Jed Kafetz, to outline some of the key benefits of and trends in pen testing and share some tips on how to get into it as a career.