Statistics routinely collected and assessed as part of network and endpoint monitoring include events per second, alerts and false positives, with success often benchmarked by the time to detect, respond and recover. Incorporating scenario-based testing into the threat detection process allows organisations to obtain additional insight into the true effectiveness of detection and response controls and procedures by benchmarking performance against the attributes of specific types of attacks.

In this article, we outline how conducting regular GDPR pen tests can help to mitigate the risks of data breaches. Since it came into effect in 2018, the GDPR has helped to improve the way that organisations operating across the EU and UK collect, handle, process and store personal data. The GDPR covers all aspects of data protection, including the requirement for organisations that handle personal data to improve information security and governance.

ThreatDetect™, our Managed Detection and Response (MDR) service, was voted SME Security Solution of the Year – an accolade we also received in 2019. In a virtual ceremony on 10th December, we were also runners up in the Pen Testing Solution of the Year and Remote Monitoring Solution of the Year categories.

With a CVSS score of 10, Zerologon is a privilege escalation vulnerability that can be used to spoof domain controller accounts and hijack domains.

In the final blog post of our three-part series on cloud security, we outline the key controls organisations should take to minimise cloud security risks.