Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2021

11 Steps to Secure SQL in 2022

Whether you’re running Microsoft’s SQL Server (soon to run on Linux) or the open source MySQL, you need to lockdown your databases to keep your data private and secure. These 11 steps will guide you through some of the basic principles of database security and how to implement them. Combined with a hardened web server configuration, a secure database server will keep an application from becoming an entry point into your network and keep your data from ending up dumped on the internet.

What is ITAR Compliance?

Most organizations, especially those in the defense trade, are finding themselves on the spot when their prime contractors ask them whether they are ITAR Certified and ITAR Compliant. Some contractors even want to know the steps you're taking to meet this regulation. As a chief information security officer, you've probably heard of CPA and GDPR compliance and their role in consumer data. But, how well are you versed with International Traffic in Arms Regulations (ITAR)?

What are Indicators of Attack (IOAs)? How they Differ from IOCs

Indicators of Attack (IOAs) demonstrate the intentions behind a cyberattack and the techniques used by the threat actor to accomplish their objectives. The specific cyber threats arming the attack, like malware, ransomware, or advanced threats, are of little concern when analyzing IOAs. Instead, only the sequence of events leading to the deployment of a cyber threat are considered in this cybersecurity strategy.

What is LDAP? How it Works, Uses and Security Risks in 2022

The Lightweight Directory Access Protocol (LDAP) is an open-source application protocol that allows applications to access and authenticate specific user information across directory services. LDAP is a lightweight version of Directory Access Protocol (DAP) LDAP works on both public networks and private intranets and across multiple directory services, making it the most convenient language for accessing, modifying, and authenticating information in any directory.

How to Respond: The Apache Log4j Vulnerability Clearly Explained

The Apache Log4j vulnerability has been assigned the most critical cyber threat rating of CVSS 10. For a concise overview of the zero-day, and to learn how to secure your systems against its exploitation, all of the popular FAQs concerning this vulnerability have been conveniently compiled in this post.

What is an Advanced Persistent Threat (APT)?

An Advanced Persistent Threat (APT) is a cyberattack campaign where a threat actor establishes a long-term presence inside a breached network to continuously steal sensitive data. In order to evade detection throughout the entire APT attack life cycle (which could last for many years), these cyber threats must always exceed the evolving sophistication of common security controls. The advanced attack methods of APT groups makes this cyber threat significantly more difficult to intercept.

What is Metasploit?

The Metasploit Framework is a Ruby-based, open-source framework that is used by information security professionals and cybercriminals to find, exploit, and validate system vulnerabilities. The framework consists of various exploitation tools and penetration testing tools. Information security teams most commonly use Metasploit for penetration testing (or “ethical hacking”) to identify and remediate any existing vulnerabilities across an organization’s networks.

10 Ways to Reduce Cybersecurity Risk for Your Organization

‍Cybersecurity breaches have been on the rise, and it's expected that by 2023, they'll have grown to 15.4 million. While technological advancements have made it easy for organizations to upgrade their security measures, malicious hackers are now using sophisticated tools. This means that in addition to implementing strict cybersecurity policies, you also have to take proactive measures to reduce your cybersecurity risks.

Compliance Reporting Product Demo // UpGuard Summit December 2021

Learn how to use UpGuard’s exciting new Compliance Reporting feature with Senior Product Manager, Chris Schubert UpGuard is a complete third-party risk and attack surface management platform, managing cyber risk across attack surfaces and third-party vendors by proactively identifying security exposures.

Cybersecurity Risk Management // Live Panel with Built Technologies // UpGuard Summit December 2021

Join cybersecurity leaders from Built Technologies as they discuss the best practices in cybersecurity risk management. On the panel: CHAPTERS: UpGuard is a complete third-party risk and attack surface management platform, managing cyber risk across attack surfaces and third-party vendors by proactively identifying security exposures.

Product Spotlight // UpGuard Summit December 2021

Hear from Chief Product Officer, Dan Bradbury, about UpGuard's latest features from this quarter, as we bring 2021 to a close. Dan also showcases all the exciting releases coming soon. UpGuard is a complete third-party risk and attack surface management platform, managing cyber risk across attack surfaces and third-party vendors by proactively identifying security exposures.

Vendor Comparison Product Demo // UpGuard Summit December 2021

Learn how to use UpGuard’s exciting new Questionnaire Builder with Senior Product Manager, Chris Schubert UpGuard is a complete third-party risk and attack surface management platform, managing cyber risk across attack surfaces and third-party vendors by proactively identifying security exposures.

Vendor Tiering Product Demo // UpGuard Summit December 2021

Learn how to use UpGuard’s exciting new Vendor Tiering product with Product Marketing Manager, Harsh Budholiya UpGuard is a complete third-party risk and attack surface management platform, managing cyber risk across attack surfaces and third-party vendors by proactively identifying security exposures.

How to To Harden MS SQL Server 2008: 11 Ways

As Redmond's flagship RDBMS solution, SQL Server provides the underlying data platform for a broad range of Microsoft enterprise solutions— from Sharepoint to BizTalk Server. This, of course, makes bolstering SQL Server security a critical necessity for protecting MS-centric infrastructures against attackers. To this end, the following are 11 ways to harden MS SQL Server 2008 security.