Taking Power Platform Security and Governance from 0 to 60: Part 2

In the first part of this blog series, we explored the foundational steps required to kickstart a robust security program for any organization’s low-code/no-code development environment within Microsoft Power Platform. We discussed the importance of differentiating between sensitive and non-sensitive data, identifying the makers and builders, and implementing the principle of least privilege access.

What is an Authenticated Security Scan, And Why Is It Important?

Many organizations today rely only on “unauthenticated” web application security scans, leaving their admin and user portals unchecked. While it is crucial to protect your system against external automated attacks, you shouldn’t ignore the possibility of a targeted attack from someone with valid logins. If your app lets anyone signup online, it could easily expose your business to attackers.

Advancing Web3 Starting with Custody: Insights and Resources

At the recent Permissionless II, Fireblocks CEO and Co-Founder, Michael Shaulov announced the launch of the non-custodial wallets-as-a-service (WaaS) in his keynote “From Hesitation to Innovation: How Brands Can Successfully Navigate the Web3 Maze” to a standing-room-only audience. This blog features resources to help guide you as you build in Web3, including the keynote at Permissionless, white papers, a new webinar, and technical documentation.

Multiple Command and Control (C2) Frameworks During Red Team Engagements

When conducting Red Team engagements, more than one Command and Control (C2) framework would typically be used as part of our delivery process and methodology. We would be unintentionally limiting our options if we only had one Command and Control framework to depend upon, which would be less realistic when comparing it to an attack from real threat actors who seem to have infinite time and resources available. The use of multiple Command and Control frameworks is essential.

When Solving the XDR Puzzle, Focus on the Problems You Must Fix

If you’re confused about cybersecurity tools and product categories, join the club. Security market confusion is a major side effect of years of increasingly sophisticated security threats and vendor innovation designed to prevent and respond to them. Add to that the growing use of AI and machine learning by both attackers and defenders and you have what can look like a vendor free-for-all.

How To Create A Strong Password

Weak passwords are an open invitation to cybercriminals that can lead to unauthorized access, identity theft and compromised accounts. By incorporating complexity, length and uniqueness into your passwords, you'll significantly enhance your online security. Learn more about creating strong passwords and protecting yourself on line with Keeper.

The Cato Journey - Bringing SASE Transformation to the Largest Enterprises

One of the observations I sometimes get from analysts, investors, and prospects is that Cato is a mid-market company. They imply that we are creating solutions that are simple and affordable, but don’t necessarily meet stringent requirements in scalability, availability, and functionality. Here is the bottom line: Cato is an enterprise software company.

Securing Workforce Access with Greater Visibility, Integration and Automation

Over six in 10 security decision-makers say their teams operate with limited visibility across their environments. Why? We could easily speculate that it comes down to the tools they do or don’t use. However, two-thirds of enterprises now have tools from up to 40 different security vendors in place, and they’re still struggling for insights into the constant cycle of identities seeking access. I believe there’s a bigger-picture challenge we need to – and can – solve for.

As MGM Struggles Amid Ransomware Fallout, Data Recovery Lessons Abound - Part 2

The latest MGM Resorts ransomware attack demonstrates why cyber insurance is critical as part of a multi-layered security strategy. In our last blog, we discussed the recent Las Vegas cyber incidents and how no organization is completely safe. The original cyber incident at MGM Resorts occurred on September 10, 2023 — nearly two weeks ago now – and the company and its valued customers are still feeling its effects.