Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Nowadays, building a zero-trust network has become a standard protocol in the era of evolving business models, multiple workforce platforms, cloud adoption, and increased device connectivity. But, if a business continues to work with at-risk organizations, the zero-trust policy crumbles. Working with well-secured third parties that uphold a zero-trust strategy is crucial for optimal cybersecurity within any business.

This is the third post in the Threat-Based Methodology blog series. In the first post, we introduced Threat Based Methodology and the analysis conducted by the FedRAMP PMO and NIST. In that post, we ended by listing the top seven controls based on their Protection Value. The second post explored configuration settings in greater depth and explained how Devo supports the ability to meet the CM-6 control.

The digital world is a vulnerable space prone to attacks of various kinds. Denial of Service is one of the regular strategy attacks used to crash any server. A DoS attack attempts to make a computer or network resource unavailable to its intended users by generating enormous traffic and costing the legitimate users valuable time and money.

To remain competitive in today's market, businesses in all industries must maintain strict production regulations to decrease downtime and critical errors that could negatively impact their reputations. Organizations can't afford to wait until an event occurs to devise a problem-solving strategy. Your business provides critical products or services to its customers. Any interruption in that service could mean that your customers will seek ways to meet their needs elsewhere.

The news that hacking group Lapsus$ gained unauthorized access to Single Sign-On (SSO) provider Okta through a third-party support account sent chills through information security professionals everywhere. Organizations have adopted SSO identity providers to enable a modern workforce that is increasingly reliant on secure access to cloud-hosted applications to perform critical business functions.

Today we’re excited to announce our new podcast – 'The Future of Security Operations.' Our first episode is with MongoDB’s CISO Lena Smart, and every other week from now on, we’ll have a new episode with another expert. I wanted to take a few minutes to explain why we’re launching this podcast and what you can expect to gain from listening.

The latest Windows versions are compatible with NTLM and default NTLM implementation necessitates Active Directory. Microsoft has shared instructions on mitigating PetitPotam a type of NTLM relay attack that is used against Windows domain servers or controllers. Microsoft has referred to it as the ‘classic’ NTLM (ADV210003) relay attack allowing an attacker to take over domain controller or other Windows servers.

Many UK business and technology executives aren’t hopeful about their digital security going into 2022. In a survey of 3,600 business and technology executives, of which 257 were from the UK, PwC learned that a majority (61%) of respondents expected to see an increase in reportable ransomware attacks next year.

Cloud computing has emerged as the go-to organizational workload choice because of its innate scalability and flexibility. However, cloud computing still comes with some security risks. Examining cloud security is an important part of adopting this new technology. Presently, cloud-native security is experiencing changes and innovations that help address security threat vectors.

The DoD or Department of Defense of the United States of America implements the CMMC or Cybersecurity Maturity Model Certification to standardize or normalize the overall preparedness for cybersecurity across the DIB (Defense Industrial Base) of the federal government against evolving threats.