The threat actor then gained a back door into the company’s Orion network management platform – used by over 300,000 organisations worldwide. Given the seriousness of the attack, its potential to affect customers across the SolarWinds supply chain and reports of espionage by nation state attackers, this is a story that is likely to have ongoing repercussions for organisations in 2021.

Statistics routinely collected and assessed as part of network and endpoint monitoring include events per second, alerts and false positives, with success often benchmarked by the time to detect, respond and recover. Incorporating scenario-based testing into the threat detection process allows organisations to obtain additional insight into the true effectiveness of detection and response controls and procedures by benchmarking performance against the attributes of specific types of attacks.

In this article, we outline how conducting regular GDPR pen tests can help to mitigate the risks of data breaches. Since it came into effect in 2018, the GDPR has helped to improve the way that organisations operating across the EU and UK collect, handle, process and store personal data. The GDPR covers all aspects of data protection, including the requirement for organisations that handle personal data to improve information security and governance.

ThreatDetect™, our Managed Detection and Response (MDR) service, was voted SME Security Solution of the Year – an accolade we also received in 2019. In a virtual ceremony on 10th December, we were also runners up in the Pen Testing Solution of the Year and Remote Monitoring Solution of the Year categories.

With a CVSS score of 10, Zerologon is a privilege escalation vulnerability that can be used to spoof domain controller accounts and hijack domains.

In the final blog post of our three-part series on cloud security, we outline the key controls organisations should take to minimise cloud security risks.

Effective cyber security management requires a careful combination of technology, intelligence and expertise. A Security Operations Centre (SOC) is an effective way to strike this balance, providing the full capabilities needed to detect and respond to threats, 24/7/365.

We asked our Head of Pen Testing, Jed Kafetz, to outline some of the key benefits of and trends in pen testing and share some tips on how to get into it as a career.

The PCI DSS is a minimum set of requirements designed to help organisations protect customer cardholder data, minimise fraud, plus prevent, detect and respond to cyber-attacks. All organisations that accept and/or process credit card payments are required to undertake an annual PCI DSS audit of security controls and processes, covering areas of data security such as retention, encryption, physical security, authentication and access management. Version 3.2 of the PCI DSS was introduced in 2016.

In the second of our three-part series, we highlight the most common cloud security challenges. When migrating infrastructure and services to the cloud it is vital to establish a clear strategy to avoid new security risks. As moving to the cloud can vastly widen the attack surface, it’s important to check whether current security controls will still be effective when migration is complete.