Sep 18, 2023
|
By Jason Taylor
In August, NIST released the final draft of the highly anticipated update to its Cybersecurity Framework (CSF). The final draft is likely very close to what the final version will be when NIST releases it in early 2024. Therefore, it’s worth becoming familiar with the draft and beginning to plan how to use the NIST CSF 2.0 as a tool to strengthen your own cybersecurity posture.
Sep 15, 2023
|
By Liz Sujka
The Top 250 MSSPs honorees were announced in a live webcast on September 14. Key findings include: Sedara was ranked among among the Top 250 MSSPs for 2023.
Aug 17, 2023
|
By Frank D'Arrigo
Vulnerability management (VM) is the process of detecting, prioritizing, remediating, and auditing security vulnerabilities in systems and software. This critical process minimizes the organization’s “attack surface” by installing the most current software updates and properly hardening computer configuration.
Aug 3, 2023
|
By Julian Anjorin
NDR provides another layer of visibility into what has or is currently happening on the network. Through this lens, you can detect threats that may be missed with perimeter and host-based tools such as firewalls, logs, and endpoint detection. You can also monitor devices that cannot be monitored through logs or have agents deployed on them, such as many IoT devices. NDR enables threat hunting through packet data, providing an authoritative source for validation.
Jul 17, 2023
|
By Jason Taylor
New York State’s Department of Financial Services (DFS) recently published a proposed amendment to its cybersecurity regulation affecting New York financial institutions. Part 500 of Title 23 of the New York Codes, Rules and Regulations (23 NYCRR 500) governs cybersecurity requirements for financial services companies. When first adopted in 2017, it was the first comprehensive cybersecurity regulation from a state government to govern the financial services sector.
Jun 28, 2023
|
By Courtney Bell
Penetration testing is a crucial part of a comprehensive cybersecurity plan. By simulating a real-world attack, a penetration test can help identify vulnerabilities and weaknesses across systems, networks, and applications before a malicious actor can exploit them. To get off on the right foot with a penetration test and get an accurate timeline and budget for the test, it’s important to have a proper scope. Learn how to scope a penetration test from the perspective of the Sedara Red Team.
Jun 15, 2023
|
By Robin H.
In an ever-evolving threat landscape, safeguarding the integrity of applications is a real concern. The consequences of a single security breach can be devastating, leading to data links, financial losses, and irreparable damage to a company’s reputation. Organizations across industries must equip themselves with reasonable defense mechanisms to fortify their applications against malicious actors.
Jun 9, 2023
|
By Jason Taylor
The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) is undergoing a major update. The NIST CSF is one of the most widely used frameworks to help organizations understand and manage their cybersecurity risks. The NIST CSF was released as version 1.0 in 2014, updated to version 1.1 in 2018, and will be updated to version 2.0 early next year. NIST recently released a draft of CSF version 2.0.
May 22, 2023
|
By Don Redman
Removable media devices—also known as removable storage devices–present a very high risk to sensitive data stored, processed, or transmitted by information systems in your organization. Sedara recommends implementing strict measures to safeguard sensitive information and prevent its accidental or intentional loss, misuse, or disclosure.
May 12, 2023
|
By Don Redman
The National Institute of Standards and Technology recommends using longer passphrases instead of passwords for authentication purposes. Passphrases improve an organization’s security posture and reduce the risk of data breaches: they are more complex, easier to remember, and more resistant to cyber-attacks.
Apr 7, 2023
|
By Sedara
Defense-in-depth is the best strategy for reducing cybersecurity risk. Just like how a medieval castle uses layered defenses for its physical security, modern organizations implement layered security controls to protect the confidentiality, integrity, and availability of their information. The specific security controls implemented by an organization should be informed by its own risk appetite, regulatory requirements, and operational capabilities. This article covers different kinds of security controls organizations should consider adopting to protect their information assets.
Jan 6, 2023
|
By Sedara
Security training can be an effective protection and detection measure, or just another training module for an employee to ignore and click through. Even if an organization is using pre-packaged security awareness training products, they can make the training more effective by customizing it to the organization. Here are some components you may consider when customizing your security program.
Dec 15, 2022
|
By Sedara
Why is security awareness important when we have all of these appliances and software and hardware to protect us? Well, ultimately, attacks come down to a set of human eyes and a keyboard, and a mouse. And if a user is well educated and if they're trained well and they're astute, they can help prevent a security incident from ever happening or detect it.
Nov 22, 2022
|
By Sedara
Response and recovery plans are crucial to reduce the severity and time of security incidents. But many organizations aren’t sure where to start in building their plans. Here are three tips for building a better recovery plan. Subscribe to our channel to get more useful content to help you protect your organization.
Nov 11, 2022
|
By Sedara
It’s critical to have recovery plans like business continuity, disaster recovery, and incident response plans. However, where many organizations fall short is in keeping these plans evergreen. An incident can blindside an organization when they discover its response plan no longer reflects the environment they need to protect. So how can your organization keep its recovery plans accurate and up to date?
Nov 9, 2022
|
By Sedara
Incident response is a structured process organizations use to identify and deal with cybersecurity incidents. Response includes several stages, including preparation for incidents, detection and analysis of a security incident, containment, eradication, and full recovery, and post-incident analysis and learning. What are some tips for making effective plans? Watch this episode of Sedara's Whiteboard Series to find out.
Nov 7, 2022
|
By Sedara
In this episode of the Sedara Cybersecurity Whiteboard Series, our Lead Pentester Nick Aures talks about what to look for in a quality pentest. Nick breaks the talk down into 4 key takeaways: Take a look, and we hope it’s helpful. What Should I Look for in a Quality Penetration Test? Penetration testing is a fundamental part of validating the security measures you’ve taken and showing they are effective.
Jan 20, 2023
|
By Sedara
There is no one-size-fits-all XDR blueprint. A powerful XDR solution must include detection and response capabilities at multiple attack vectors specifically identified for the organization. On top of having the appropriate ensemble of technology, XDR needs to be managed properly to deliver the best results. Download our Free Whitepaper to learn how Sedara can protect your organization.
Jan 20, 2023
|
By Sedara
The New York State Department of Financial Services (DFS) has been growing more concerned with cybersecurity as the rate of malicious attacks increased. The financial services industry is one of the biggest targets of these attacks and is the main driver for this new regulation. New York is the first state to mandate minimum cyber security standards. Ensure you are ready to interpret, implement, and plan for the new cyber security standards.
Jan 20, 2023
|
By Sedara
You know you want to protect your business, but short of hiring a full time security analyst, not sure what you can do? Consider starting with a managed security provider. They can provide a considerable amount of guidance and keep an eye on things for you.
- September 2023 (2)
- August 2023 (2)
- July 2023 (1)
- June 2023 (4)
- May 2023 (2)
- April 2023 (2)
- March 2023 (1)
- February 2023 (2)
- January 2023 (6)
- December 2022 (3)
- November 2022 (5)
- October 2022 (3)
- September 2022 (3)
- June 2022 (4)
- April 2022 (4)
- February 2022 (1)
- December 2021 (1)
- November 2021 (2)
- September 2021 (1)
- August 2021 (1)
- July 2021 (1)
Whether you’re a CEO looking for a cybersecurity program, or a CTO looking for help, you need a partner in cybersecurity threat intelligence. Our experienced team will enable you to take your cybersecurity and compliance to the next level with 24/7/365 monitoring, detection, and response.
Sedara was founded in 2013 to streamline practical and effective cybersecurity for organizations of all sizes. We are headquartered in Buffalo, NY and live and breathe cybersecurity. Our communities are adopting technology faster than they can keep everything secure and this fundamental problem currently does not have an easy solution. This uphill battle drives us to bring honed cybersecurity expertise, strategies, and manpower to as many organizations as possible.
How we do it:
- Prepare: Sedara uses years of experience combined with millions of events logged and analyzed to prepare your organization for when (not if) a threat occurs.
- Detect: Sedara utilizes behavioral analytics and machine learning to detect critical threats as well as suspicious activity on your network.
- Eliminate: When a threat has been detected, Sedara will deploy our expert SOC analyst to neutralize and eliminate the attack.
- Enhance: Once a threat has been eliminated, Sedara will then utilize the data and behavior of that attack to ensure your network is immune to similar threats.
Sedara is Your Cybersecurity Sidekick.