Buffalo, NY, USA
Dec 6, 2022   |  By Courtney Bell
The Gramm-Leach-Bliley Act (GLBA) applies to many types of financial institutions, like banks, savings and loans, credit unions, insurance companies and securities firms. It requires those organizations to explain their information-sharing practices to their customers and to protect sensitive data. On November 15, 2022, The FTC announced a six-month extension for companies to comply with data security provisions in the GLBA. The new deadline is June 9, 2023.
Dec 5, 2022   |  By Courtney Bell
Phishing prevention can be difficult since it is constantly morphing and so common. A multi-pronged approach usually works best for addressing this threat.
Sep 27, 2022   |  By Darrick K.
The list and research identify and honor the top MSSPs (managed security service providers) worldwide. The rankings are based on MSSP Alert’s 2022 readership survey combined with the site’s editorial coverage of MSSP, MDR and MSP security providers. The sixth-annual list and research track the MSSP market’s ongoing growth and evolution.
Apr 12, 2022   |  By Julian Anjorin
Has your business experienced one of the Top 5 Security Breaches of 2021? Sadly, many have. As businesses become more reliant on technology, the risk of becoming a victim of a data breach only increases. Unfortunately, the United States exceeded the previous record of cyber attacks in a single year. In 2017, we saw a whopping 1,529 data breaches – compared to the 1,862 data breaches we saw last year.
Feb 18, 2022   |  By Julian Anjorin
The Federal Trade Commission (FTC) put significant updates into effect on January 10th, 2022, to strengthen the Standards for Safeguarding Customer Information (Safeguards Rule) under the Gramm-Leach-Bliley Act (GLBA) to protect consumer data collected by financial institutions. The amendment applies to nonbank financial institutions and requires them to develop, implement, and maintain a comprehensive cybersecurity program in order to protect their customers’ information.
Dec 22, 2021   |  By Julian Anjorin
Security Information and Event Management (SIEM) is the combination of Security Information Management (SIM) and Security Event Management (SEM) systems. SEM systems store and interpret logs for real-time security event analysis which enables quick defensive action. SIM systems collect data for trend analysis and provide automated reporting. By combining these two technologies together, a SIEM provides rapid identification, analysis, and recovery from security events.
Nov 9, 2021   |  By Julian Anjorin
ProxyShell is a massive new exploit campaign that is targeting vulnerable Microsoft Exchange servers. The servers are publicly available and the campaign is directly responsible for a number of breaches and subsequent ransomware attacks. There have been thousands of compromised Exchange servers to date. Ransomware is simply the byproduct of unauthorized access and privilege escalation and typically has to start with something like ProxyShell providing an attacker remote access.
Nov 9, 2021   |  By Julian Anjorin
Often, penetration testing (or pen testing) and vulnerability scanning are used interchangeably. In doing so, the importance of each method of testing gets lost in the confusion. Both of these are significant in protecting your data and infrastructure for different reasons. In the age of digitally storing information and companies having an online network presence, it’s easy for hackers to find their way in. This is why both pen testing and vulnerability scanning are important.
Sep 17, 2021   |  By Darrick K.
Apple has issued an emergency software update after a cyber-surveillance company created invasive spyware that could infect any iPhone, iPad, Apple Watch, or Mac Computer. Toronto-based internet watchdog security group Citizen Lab said that NSO, the surveillance company which is an Israeli spyware company, developed the tool with a technique that could easily exploit Apple software.
Aug 6, 2021   |  By Darrick K.
Ransomeware can be a company’s worst nightmare. It’s not simply “getting a virus” or “clicking on a malicious email.” It is a systematic plan created by hackers to take your private information. Once they have a foothold in your private data, they use their position to blackmail you into submitting a payment. Technology to prevent ransomware has gotten better but attackers have gotten smarter and more methodical.
Jan 16, 2023   |  By Sedara
This video goes over the steps to continuously improve your cybersecurity.
Jan 6, 2023   |  By Sedara
Security training can be an effective protection and detection measure, or just another training module for an employee to ignore and click through. Even if an organization is using pre-packaged security awareness training products, they can make the training more effective by customizing it to the organization. Here are some components you may consider when customizing your security program.
Dec 15, 2022   |  By Sedara
Why is security awareness important when we have all of these appliances and software and hardware to protect us? Well, ultimately, attacks come down to a set of human eyes and a keyboard, and a mouse. And if a user is well educated and if they're trained well and they're astute, they can help prevent a security incident from ever happening or detect it.
Nov 22, 2022   |  By Sedara
Response and recovery plans are crucial to reduce the severity and time of security incidents. But many organizations aren’t sure where to start in building their plans. Here are three tips for building a better recovery plan. Subscribe to our channel to get more useful content to help you protect your organization.
Nov 11, 2022   |  By Sedara
It’s critical to have recovery plans like business continuity, disaster recovery, and incident response plans. However, where many organizations fall short is in keeping these plans evergreen. An incident can blindside an organization when they discover its response plan no longer reflects the environment they need to protect. So how can your organization keep its recovery plans accurate and up to date?
Nov 9, 2022   |  By Sedara
Incident response is a structured process organizations use to identify and deal with cybersecurity incidents. Response includes several stages, including preparation for incidents, detection and analysis of a security incident, containment, eradication, and full recovery, and post-incident analysis and learning. What are some tips for making effective plans? Watch this episode of Sedara's Whiteboard Series to find out.
Nov 7, 2022   |  By Sedara
In this episode of the Sedara Cybersecurity Whiteboard Series, our Lead Pentester Nick Aures talks about what to look for in a quality pentest. Nick breaks the talk down into 4 key takeaways: Take a look, and we hope it’s helpful. What Should I Look for in a Quality Penetration Test? Penetration testing is a fundamental part of validating the security measures you’ve taken and showing they are effective.
Nov 2, 2022   |  By Sedara
What are some of the methods phishers use to compromise organizations? In this video, Nick goes over the common methods phishers use to gain information: Phishing is most insidious when it uses a combination of techniques. It can even overcome sophisticated security measures like Multifactor Authentication (MFA) – for example, if an attacker manages to steal a password through email, then calls the user pretending to be a technician asking them to approve an authenticator popup on their phone.
Oct 26, 2022   |  By Sedara
Social engineering, including phishing, is one of the best opportunities for an attacker to enter a well-secured network. Knowing what data is at risk is an important part of any security strategy. What data or systems of value does your organization have access to? That’s what an attacker will try to hijack. Sedara can help protect your organization against social engineering attacks and more. Subscribe to our YouTube Channel to learn more about protecting your organization.
Jan 20, 2023   |  By Sedara
There is no one-size-fits-all XDR blueprint. A powerful XDR solution must include detection and response capabilities at multiple attack vectors specifically identified for the organization. On top of having the appropriate ensemble of technology, XDR needs to be managed properly to deliver the best results. Download our Free Whitepaper to learn how Sedara can protect your organization.
Jan 20, 2023   |  By Sedara
The New York State Department of Financial Services (DFS) has been growing more concerned with cybersecurity as the rate of malicious attacks increased. The financial services industry is one of the biggest targets of these attacks and is the main driver for this new regulation. New York is the first state to mandate minimum cyber security standards. Ensure you are ready to interpret, implement, and plan for the new cyber security standards.
Jan 20, 2023   |  By Sedara
You know you want to protect your business, but short of hiring a full time security analyst, not sure what you can do? Consider starting with a managed security provider. They can provide a considerable amount of guidance and keep an eye on things for you.

Whether you’re a CEO looking for a cybersecurity program, or a CTO looking for help, you need a partner in cybersecurity threat intelligence. Our experienced team will enable you to take your cybersecurity and compliance to the next level with 24/7/365 monitoring, detection, and response.

Sedara was founded in 2013 to streamline practical and effective cybersecurity for organizations of all sizes. We are headquartered in Buffalo, NY and live and breathe cybersecurity. Our communities are adopting technology faster than they can keep everything secure and this fundamental problem currently does not have an easy solution. This uphill battle drives us to bring honed cybersecurity expertise, strategies, and manpower to as many organizations as possible.

How we do it:

  • Prepare: Sedara uses years of experience combined with millions of events logged and analyzed to prepare your organization for when (not if) a threat occurs.
  • Detect: Sedara utilizes behavioral analytics and machine learning to detect critical threats as well as suspicious activity on your network.
  • Eliminate: When a threat has been detected, Sedara will deploy our expert SOC analyst to neutralize and eliminate the attack.
  • Enhance: Once a threat has been eliminated, Sedara will then utilize the data and behavior of that attack to ensure your network is immune to similar threats.

Sedara is Your Cybersecurity Sidekick.