Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2020

Why Should I Be Worried About BlueKeep (CVE-2019-0708)

The BlueKeep RDP vulnerability (CVE-2019-0708) is a remote code execution flaw that affects approximately one million systems (as at 29 May 2019) running older versions of Microsoft operating systems. Attention shifted to BlueKeep about two weeks ago, during Microsoft's May 2019 Patch Tuesday. Microsoft released patches but their warning that the vulnerability is wormable drew the attention of security researchers who have uncovered more concerning findings about this emerging threat.

Tripwire vs OSSEC

Effective cybersecurity is no longer relegated to deep-pocketed enterprises—a myriad of open source solutions can offer adequate protection to the most cash-strapped of organizations. That said, there are some capabilities free just won't get you, but how critical are they in the grand scheme of cyber resilience and are they worth the price tag? Tripwire and OSSEC are two popular solutions on opposite sides of this spectrum; let's see how they stack up.

Tripwire vs RedSeal

To survive in today's cyber threat landscape, enterprises increasingly rely on layered defenses to smooth out attack surfaces. A variety of tools are available to cover all parts of the security continuum: security information and event management (SIEM), security configuration management (SCM), vulnerability detection, and more. Tripwire and RedSeal are two platforms that cover different, but equally important, aspects of enterprise security—let's see how they stack up in this comparison.

AlienVault vs QRadar

It's not uncommon for organizations to encounter hundreds of security incidents on a daily basis—from the trivial poking and prodding of script kiddies to nefarious activities that constitute the inner workings of advanced persistent threats (APTs). Transforming this volume of data into actionable information is impossible without the assistance of security intelligence, specifically, the analytic capabilities of security information and event management (SIEM) tools.

System Center Operations Manager (SCOM) vs Nagios

For today’s busy sysadmin, systems health and performance monitoring tools like Microsoft’s SCOM (Systems Center Operations Manager) and the open-source Nagios are invaluable. They enable at-a-glance monitoring of large numbers of servers throughout a network, which is doubly critical in case of a widely geographically dispersed network setup such as in a WAN or MAN. Though they broadly achieve the same goals, SCOM and Nagios come at it from quite different directions.

Agent vs Agentless Monitoring: Why We Chose Agentless

When we set out to create a cloud-based tool for configuration monitoring, we used the tools we knew and wrote UpGuard using JRuby. For our application, JRuby had many good qualities: getting started only required a one line install, the agent only needed to talk out on port 443, and it was platform agnostic. Using JRuby we demonstrated the value of system visibility, attracted our first cohort of customers, and raised the funds to expand UpGuard.

Vendor due diligence: Protect yourself from third-party breaches

The most dependable cybersecurity strategies involve assiduously monitoring for external attack vectors. But if this is the only dimension you are monitoring, your internal networks could be compromised while your back is turned. The threat of a cyberattack is not only on the external front, many data breaches occur through compromised vendors, even highly reputable ones. To prevent cyber criminals from accessing your sensitive data through breached vendors, read on.

What is SOX compliance? 2020 requirements, controls and more

The Sarbanes-Oxley Act of 2002 (SOX) was passed by the United States Congress to protect the public from fraudulent or erroneous practices by corporations or other business entities. The legislation set new and expanded requirements for all U.S. public company boards, management, and public accounting firms with the goal to increase transparency in financial reporting and to require formalized systems for internal controls. In addition, penalties for fraudulent activity are much more severe.

How to Select a Third-Party Risk Management Framework

For many businesses, global third-party vendors have become an important source of strategic advantage and business value. Yet outsourcing is not without its risks. As reliance on third-parties continues to grow, so does the number of headline stories of regulatory action and reputational damage that arise from third-party breaches or failure. Those driving organizations need to reconsider how they approach, identify and manage third-party risk.

How to Secure Apache Tomcat 8 in 15 Steps

Apache Tomcat is the leading Java application server by market share and the world's most widely used web application server overall. Currently at version 8, the popular web server has not been without its security flaws, perhaps most famously publicized in this incident of aircraft hacking by security researcher Chris Roberts earlier this year. However, hardening Tomcat's default configuration is just plain good security sense—even if you don't plan on using it on your plane's network.

What is Access Control?

Access control is a security technique that regulates who or what can view, use or access a place or other resources. It is a fundamental concept in physical security and information security designed to minimize risk. At a high level, access control is about restricting access to a resource. Any access control system, whether physical or logical, has five main components: Access control can be split into two groups designed to improve physical security or cybersecurity:

How to Perform an IT Cyber Security Risk Assessment: Step-by-Step Guide

A cyber security risk assessment is about understanding, managing, controlling and mitigating cyber risk across your organization. It is a crucial part of any organization's risk management strategy and data protection efforts. Risk assessments are nothing new and whether you like it or not, if you work in information security, you are in the risk management business.