Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Whether you’re a large or small business, the cybersecurity framework by the National Institute of Standards and Technology (a federal agency of the U.S. Department of Commerce) offers an efficient roadmap to an improved cybersecurity posture. Compared to other popular cyber frameworks, like ISO 27001, NIST CSF is more effective at mitigating data breaches, especially during the initial stages of implementing a cyber risk management program.

At the heart of nearly every digital transformation strategy is a core focus on flexibility, scalability, and, most importantly, security. Amazon Web Services (AWS), a leader in the cloud services sector, empowers organizations to execute complex business processes while ensuring priority is given to robust AWS security practices. When you choose to move your data and applications to the cloud, security certainly takes a front-and-center role.

Digital transactions and personal data sharing have become the norm, and protecting sensitive financial information is now more important than ever before. This is where a PCI-Qualified Security Assessor (QSA) comes in.

Account password. Secret Key. These two pieces of information have been the backbone of 1Password’s security model for years. The Secret Key in particular is what makes 1Password fundamentally different to other password managers, and why you can be confident that your data is always safe, even if someone breached our servers.

Many organizations find it challenging to locate and fix the vulnerabilities in their containers. But the team at Okta knew that securing the containers that support Auth0 (their identity and access (management platform), was imperative. The team also knew these security processes had to be developer-friendly: making finding and fixing container vulnerabilities as simple as possible.

A top challenge faced by security practitioners is double-edged: you’re trying to keep up with new and increasing cyberattacks — all while investigating and remediating existing threats. As we know all too well, time is of the essence when you’re investigating threats and determining the scope and root-cause of a potential breach. On top of that pressure, you’re likely short on resources and experienced personnel, limiting your ability to conduct thorough investigations.

When most people think of threat hunting, they think of uncovering unknown threats. Would you believe me if I told you that is only ONE of many (better) reasons to show value with threat hunting? The PEAK Threat Hunting Framework incorporates three distinct hunt types: hypothesis-driven, baseline and model-assisted threat hunts. Each hunt type follows a three-stage process: Prepare, Execute, and Act.

Anyone who has played a Tower Defense-style game, (Plants Vs. Zombies being a favourite) knows the only way to hold off the hoard of brain-eating zombies is to know your weaknesses before the next wave attacks and to plan accordingly. Oddly, preparing a cybersecurity defense is somewhat similar: the player/organization knows attacks are coming, they have an idea from where and how they will be conducted, and they need to place the proper pieces on the board at the right place to stay safe.

Callback phishing isn't your typical email scam. Instead of the usual suspects with bad grammar and obvious malicious links, these attacks play mind games. They set up a multi-layered trap using some smooth-talking tactics to get you to dial a fake number and spill your sensitive info.

The Keeper team had an amazing time at the 2023 Black Hat security conference in Las Vegas. We met with partners, prospects, friends, vendors, and of course, our incredible customers. Over the span of two days we talked to thousands of people and collected valuable data on a number of critical topics. In fact, we generated a mountain of data about what cybersecurity professionals want from password and privileged access management solutions.