October’s a fun month in the cybersecurity field, and not just because of the costumes and candy. Since it was designated as the National Cybersecurity Awareness Month in 2004, October’s always packed with great events, such as the Rochester Security Summit (RSS). RSS has been a leading regional cybersecurity conference in Upstate New York since 2006, where hundreds of attendees gather to share about the latest advancements in the field.

Staying ahead of potential threats and breaches is a constant battle. One innovative solution is the use of “canaries” to detect attempted intrusions. Canary assets are one clever way to detect intruders in your network.

Zero Trust is a cybersecurity philosophy that rejects the idea of offering implicit trust to traffic based on network location. In other words, Zero Trust views all traffic as potentially malicious, regardless of whether it originates from a traditionally trusted network source, and therefore requires all traffic to be scrutinized to determine whether access should be granted to a specific resource.

In August, NIST released the final draft of the highly anticipated update to its Cybersecurity Framework (CSF). The final draft is likely very close to what the final version will be when NIST releases it in early 2024. Therefore, it’s worth becoming familiar with the draft and beginning to plan how to use the NIST CSF 2.0 as a tool to strengthen your own cybersecurity posture.

The Top 250 MSSPs honorees were announced in a live webcast on September 14. Key findings include: Sedara was ranked among among the Top 250 MSSPs for 2023.

Vulnerability management (VM) is the process of detecting, prioritizing, remediating, and auditing security vulnerabilities in systems and software. This critical process minimizes the organization’s “attack surface” by installing the most current software updates and properly hardening computer configuration.

NDR provides another layer of visibility into what has or is currently happening on the network. Through this lens, you can detect threats that may be missed with perimeter and host-based tools such as firewalls, logs, and endpoint detection. You can also monitor devices that cannot be monitored through logs or have agents deployed on them, such as many IoT devices. NDR enables threat hunting through packet data, providing an authoritative source for validation.

New York State’s Department of Financial Services (DFS) recently published a proposed amendment to its cybersecurity regulation affecting New York financial institutions. Part 500 of Title 23 of the New York Codes, Rules and Regulations (23 NYCRR 500) governs cybersecurity requirements for financial services companies. When first adopted in 2017, it was the first comprehensive cybersecurity regulation from a state government to govern the financial services sector.