Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2019

Trends in Industrial Control Systems Cybersecurity

With connectivity to the outside world growing, cyber attacks on industrial computers constitute an extremely dangerous threat, as these types of incidents can cause material losses and production downtime for a whole system. Moreover, industrial enterprises knocked out of service can seriously undermine a region’s social welfare, ecology and macroeconomics. Not surprisingly, cybersecurity is therefore becoming more and more important across the board.

Vulnerability Management and Patch Management Are Not the Same

Vulnerability management and patch management are not products. They are processes, and the products are tools used to enable the process. You cannot buy a hammer, nails and wood and expect them to just become a house, but you can go through the process of building the house or hire someone to do it for you as a service.

Do Security Cameras Undermine your Authentication?

For various reasons, many executives and senior team members with privileged status on the network and/or access to financial assets oftentimes need to access corporate IT systems from a public place outside the office. What is very common in these types of places is that they’re covered with security cameras.

AWS System Manager And The Dangers of Default Permissions

In September of 2018, Amazon Web Services (AWS) announced the addition of the Session Manager to the AWS Systems Manager. The session manager enables shell or remote desktop level access to your AWS EC2 Windows and Linux instances, along with other benefits. This is a great new feature, but care should be taken when enabling this capability.

Tribbles, Supply Chains and Industrial Cyber Security

In the original Star Trek episode “The Trouble with Tribbles,” an unscrupulous merchant, Cyrano Jones, gives a small furry animal called a Tribble to communications officer Uhura. Uhura takes the Tribble aboard the Starship Enterprise where the animal begins to quickly reproduce, thereby threatening to overrun the ship and cause significant damage.

Adventures of Cyber Security Monitoring During 2018 U.S. Midterm Elections

With all the Russian election hacking scandals in the news during and after the 2016 Presidential election, curiosity consumed me to architect and run an experiment to see if I could monitor changes in the threat landscape in either Moscow, Russia or Washington D.C. during the 2018 U.S. midterm elections.

To Agent or Not to Agent: That Is the Vulnerability Management Question

With the evolution of technology comes new approaches to solving problems. Sometimes a new approach fixes the problem; sometimes it creates new ones. The good thing is as folks who work in fast-paced, high-tech environment, we information security professionals are great at quickly analyzing the new technologies and applying them to our daily lives. …Or so we thought!

Supply Chain Security - Sex Appeal, Pain Avoidance and Allies

So how do you marshal the resources that you need to implement effective supply chain security? Borrowing from the same motivation techniques that we use to keep ourselves going to the gym, I recommend a combination of sex appeal (highlighting attractive benefits), pain avoidance (highlighting the painful risks) and recruiting allies (finding support within and outside of your organization).

Google Chrome extension warns if your password has been leaked

Anyone who has a presence on the internet is likely to be suffering from breach fatigue. Data leaks are reported in the headlines on a daily basis, and users can feel so overwhelmed by the sheer number of breaches that they feel there’s little they can do to keep ahead of hackers.

Why Security Is Needed to Keep the CI/CD Pipeline Flowing Smoothly

Technology has advanced to a state where clients now expect a constant stream of updates for their software and applications. To fulfill this demand, developers commonly turn to what’s known as a CI/CD pipeline. As noted by Synopsys, this practice embraces two important software development concepts of today’s streamlined world.

Cybersecurity Documentation: The Best Defense Is a Good Offense

Most people do not regard their cybersecurity and privacy documentation as a proactive security measure. On the contrary, many oftentimes view documentation as a passive effort that offers little protection to a company, generally an afterthought that must be addressed to appease compliance efforts.