Blog

By Nancy Rand, Posted in Security

When preparing to securely work from anywhere, it is tantamount that a zero trust policy be adopted. Locations and assets are not to be inherently trusted. A system of policies and software are needed to protect from malicious intent.  In August 2020, NIST published SP 800-207, the final version of their Zero Trust Architecture. It is available for download from: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf The tenets of zero trust are presented in section 2.1. They are... read more.

• October 05, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 9/28 Getting the employee experience right (Citrix) While some companies were immediately successful with remote work, many felt their systems were stressed as they tried to deliver remotely what employees were used to in the office. https://bit.ly/2ScrqnH Special Delivery: Don’t Fall for the USPS SMiShing Scam (McAfee) Hackers are all too familiar with our reliance on our smartphones – and are eager to exploit them with stealthy tricks as a result. https://bit.ly/34ldYUz Tuesday 9... read more.

• October 02, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 9/21 Combatting BEC and EAC: Authenticating Email with DMARC (Proofpoint) Because this protection takes place at the domain level, messages will be blocked regardless of their payload, whether it’s a message containing a malicious time-delayed URL, an attachment, or a BEC attack that has no malicious content at all. https://bit.ly/3mySY4K Pure Storage to Acquire Portworx, Creating the Industry's Most Complete Kubernetes Data Services Platform for Cloud Native Applications By combining Port... read more.

• September 25, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 9/14 Apps in the Firing Line: The Enduring Power of DDoS Attacks (F5) DDoS attacks have continued to evolve, grow teeth, and wreak havoc. This is particularly true in the wake of COVID-19, with a number of industry reports from the past two quarters highlighting significant spikes across the world. https://bit.ly/3ixLw7M When is the right time to upgrade your SQL Server? (Pure Storage) The best way to go about your SQL Server upgrade is to coordinate the timing of it to include the full stack, f... read more.

• September 18, 2020

By Eric Corcoran, Posted in Technology Week in Review

Tuesday 9/8 Proofpoint and CyberArk Extend Partnership to Further Safeguard High-Risk Users with People-Centric Protection The Proofpoint and CyberArk partnership features a combination of layered defenses designed to stop threats before they reach users and apply policies and controls that ensure privilege accuracy. https://bit.ly/3bKwuJe Attackers Steal Outlook Credentials Via Overlay Screens on Legitimate Sites The emails imitated the technical-support team of the employee’s company (with &ldq... read more.

• September 11, 2020

By Nancy Rand, Posted in Security

NIST and the PCI DSS Council have both published software development frameworks. PCI DSS published a blog today highlighting an interview between Kevin Stine, Chief of the Applied Cybersecurity Division at NIST and Troy Leach, SVP, Engagement Officer at PCI SSC.  This blog discusses the importance of secure software development and contains links to additional information. https://blog.pcisecuritystandards.org/nist-and-pci-ssc-find-common-ground-in-development-of-software-frameworks Additionally, Th... read more.

• September 11, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 8/31 Policy Evasion: Evasive Techniques You Need to Understand to Prevent Breaches and Attacks (FireEye) In today’s world, security must be top of mind for everyone within an organization, and that means setting and adhering to cyber security policies are essential to preventing breaches and attacks. https://bit.ly/32Vhfcv What’s the problem with a VPN and a regular browser for remote access? (Citrix) Organizations can provide access to internal web apps and resources with a VPN and... read more.

• September 04, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 8/17 Online and offsite: the future of training and consultancy? (F5) As offices gradually re-open across the world, the question arises of how many of our old working habits we will return to. http://f5so.co/70FD4B Forescout Sets a New Standard for Securing the Enterprise of Things The new integrations allow organizations to reduce attack surface, maintain compliance and minimize breach impact across IT, IoT, healthcare and operational technology (OT) environments. Continuous monitoring of segm... read more.

• August 21, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 8/10 Cisco Completes Acquisition Of ThousandEyes Cisco's strength in network and application performance, combined with visibility into the internet enabled by ThousandEyes, now allows customers to have an end-to-end view into the digital delivery of applications and services over the internet. https://prn.to/3kxZ9VC An Exploration of Files and Objects for Data Storage (Pure Storage) Since files and objects are both important, widely used forms of data representation, supporting both in one syst... read more.

• August 14, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 8/3 Citrix Commits To $1B Cloud Spend With Unnamed Provider Under the new multi-year agreement, Microsoft Azure – Microsoft’s cloud platform – will “a preferred cloud platform” for Citrix. Citrix will move its existing on-premises customers to Microsoft Azure to help enable their employees to work anywhere across devices, and the two companies will provide joint tools to facilitate the transition. https://bit.ly/3i3sJjM The Log Data Conundrum: How to Get it Right at... read more.

• August 07, 2020