Forward Networks
See full network topology including device state and configuration, verify compliance, and prevent config drift with Forward Enterprise's network security verification.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Missing Critical Vulnerabilities Through Narrow Scoping
The typical process when scoping a penetration test is to get a list of targets from the client, which are typically a list of IP addresses and/or hostnames. But where does this information come from, and how accurate is it? Chances are the client has documentation that lists the devices they think they have, and what addresses or names they have been assigned. This documentation will form the basis of the scope when conducting testing or scanning against a target environment.
5 Stats On The Costs Of Data Loss EVERY Business Owner Needs To Know
A major data loss event is one of the most detrimental things that can happen to a business. They’re not only costly, the side effects of such an incident are felt long after the loss occurs. Some businesses never recover and ones that do are left dealing with the consequences for years.
Securing Critical Infrastructure
We’ve all heard about cyberattacks on corporations, but when those attacks go after critical infrastructure, such as the energy grid, it can affect every person in the country.
Demo - Remote Browser Isolation
Safely isolate risky and uncategorized websites. Remote browser isolation (RBI) uses pixel rendering to deliver seamless and safe viewing of risky websites and ensures no website code executes on end-user devices. RBI isolates uncategorized and risky websites as an option for Netskope secure web gateway (SWG) solutions. Known safe sites are allowed, known bad sites are blocked, and risky websites are isolated for safe viewing all within one cloud platform, one console, and one policy engine.
Beyond the Binary: A Third Contender in the Full Tunnel vs. Split Tunnel VPN Debate
Co-authored by James Robinson and Jeff Kessler As rapidly as wide-area networking (WAN) and remote access strategies with associated technologies are changing, we’re always surprised by the amount of time some security professionals and auditors dedicate to the either/or debate between split tunnel and full tunnel connectivity.
Anatomy of a Cloud Infrastructure Attack via a Pull Request
In April 2021, I discovered an attack vector that could allow a malicious Pull Request to a Github repository to gain access to our production environment. Open source companies like us, or anyone else who accepts external contributions, are especially vulnerable to this. For the eager, the attack works by pivoting from a Kubernetes worker pod to the node itself, and from there exfiltrating credentials from the CI/CD system.
Data Security Summit 2021 Recap
Is your data safe from ransomware attacks? Hear from security leaders from both the private and public sectors to learn why network, perimeter, and application security isn’t enough. Learn about new cyber/ransomware threats, how ransomware impacts every layer of your organization from board decisions to shareholder value, and how you can survive an attack without paying the ransom.
Partnerships - The Key to Navigating the Industrial Security Landscape
The events of 2020 helped to accelerate the convergence between information technology (IT) and operational technology (OT) for many organizations. As reported by Help Net Security, for instance, two-thirds of IT and OT security professionals said in a 2020 survey that their IT and OT networks had become more interconnected in the wake of the pandemic.
To Detect or Not to Detect, Is that the Question?
Tripwire Enterprise (TE) is at its heart a baselining engine. It’s been built to take information, create a baseline of it, and show when that baseline has changed. (It’s called a “version” in TE terms.) TE starts with a baseline version designated by an organization’s security teams. At some point, a change version with new information (file, registry entry, RSoP, command output, or data captured in some other way) emerges.