All Blog Posts (1,007)

Learn More About the Key Use Cases Of Network ATP Technology

Advanced Threat Protection (ATP) is used to protect against sophisticated, highly skilled, well funded and motivated threat actor . The solution uncovers advance threats across Endpoints, Network, Email and Cloud. These solutions are used to detect advanced persistent threats that existing controls are not able to detect or are simply not capable of doing it.

Advance threat protection is not about a single security solution, It is about a combination of security…

Continue

Added by CISO Platform on September 4, 2019 at 12:37pm — No Comments

Key Program Metrics of Endpoint Detection and Response (EDR)

An emerging technology, Endpoint Detection and Response (EDR) constitutes a set of tools and solutions that enterprises use to detect, investigate and mitigate suspicious activities on hosts and endpoints. The term was originally called as Endpoint Threat Detection and Response (ETDR) but it is more popular as EDR.

Key Program Metrics:

Level of…

Continue

Added by CISO Platform on September 4, 2019 at 11:28am — No Comments

Key Program Metrics for Threat Intelligence (TI)

Threat Intelligence Program is a set of people, process and technology which enables you to proactively Identify, collect, enrich and analyze threat information, strategic and tactical, so that your organization is ever ready to defend and respond to any kind of cyber attacks. Threat intelligence as applied in conventional security is  any information that helps you tune your security defenses, build an effective response program for any contingency and also if required take preemptive…

Continue

Added by CISO Platform on September 3, 2019 at 2:18pm — No Comments

How to choose your Security / Penetration Testing Vendor?

A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization. Another reason to hire a security testing company is that one may find it difficult to hire and retain Penetration Testers.…

Continue

Added by CISO Platform on September 3, 2019 at 9:30am — No Comments

How mature is your Application Security Program?

Business applications are vital for the successful functioning of any organization. Therefore, managing their information security risks are just as important as the business itself. If I ask about different measures you take to ensure security of your applications, you might reply with few initiatives such as periodic secure code reviews, external scans, vulnerability assessments & penetration testings and perhaps audits etc. But what If I asked how…

Continue

Added by Pushkal Mishra on August 30, 2019 at 7:00pm — No Comments

Top 10 SIEM Log Sources in Real Life?

[cross-post from Anton on Security blog]…

Continue

Added by Dr. Anton Chuvakin on August 27, 2019 at 4:00am — No Comments

[Security Operations Analysis] Chapter 2: Information Security Incident Response

Hi CISO This is the Chapter 2 Information Security Incident Response. It is a part of Security Operations Analysis - Crowdsourcing eBook on Peerlryst - Click Here

Abstract

Identifying and responding…

Continue

Added by Mohamed marrouchi on August 23, 2019 at 6:30pm — No Comments

Don’t boil the ocean. Start with that.

Don’t boil the ocean. Start with that.

Before I dipped my toes into security I did a stint as an application administrator. I was responsible for managing system and application monitoring. More performance and capacity monitoring than anything but there is a clear overlap in tools that capture logs and generate alerts based on thresholds, e.g. an IBM Tivoli monitoring, HP EMS, or Microsoft SCOM and a SIEM.

My employer had just one of those tools at the time I started…

Continue

Added by Drew Brown on August 22, 2019 at 7:30am — No Comments

Impact of business email compromises and risk mitigation plans

According to an alert published by FBI on January 2019, Business Email Compromise (BEC) and Email Account Compromise (EAC) have10 Billion losses since October 2013. Traditionally, social engineering and Phishing techniques have been the most common ways to gain access to business…

Continue

Added by vasanth Kumar on August 21, 2019 at 12:46pm — No Comments

How to Manage Security & Third Party/Open Source Code in the SDLC

Background:

It has been suggested that any new development will include less than 1% original code. If this isn’t presently true, it will likely be as time progresses.



With any security program, the goal is to identify the vulnerabilities, the related risks, mitigations or compensating controls that can be implemented. With the volume of development including libraries and binaries from third-party/open source repositories like: Git-Hub,…

Continue

Added by Drew Brown on August 15, 2019 at 7:30pm — No Comments

The Legal Case for Capital One AWS Security Breach + A Short Synopsys

Capital One data breach affected over 106 million people, 140,000 Social Security numbers, 80,000 bank account numbers,1,000,000 Social Insurance Numbers ... The breach had taken place about 4 months back however it took some time before the breach was realised, in-fact it took an external tip for Capital One to realise something had happened.

The legal case built was quite interesting. Before I share the legal case link heres a short summary just in-case you dont know…

Continue

Added by CISO Platform on August 6, 2019 at 12:30pm — No Comments

(Panel Discussion) Shadow IT: You Cannot Protect What You Can’t See

This is a summary of the panel discussion at Security Symposium & Cyber Sentinel Award by Infocon global. The panel discussion was moderated by Jitendra Chauhan (Head of Engineering at FireCompass) along with Balaram (CISO, Manthan), Ananth Kumar Ms (Head-IT Assurance & Security, Janalaxmi Financial Services), Sumanth Naropanth and Ramakrishna Roy.…

Continue

Added by CISO Platform on August 4, 2019 at 9:00am — No Comments

BEWARE OF CARDLESS ATM HACK

Phishing attack allows attackers to steal user’s credentials

By now I am sure we have all seen the commercials of people walking up to their ATMs and taking cash out without physically touching the ATM machine. It is a feature known as “Cardless ATM banking” and has been adopted and used by several banking and financial institutions who boast about the faster transaction times (about 15 seconds from start to finish). Cardless ATM allows banking…

Continue

Added by Davin A Jackson on August 2, 2019 at 7:30pm — No Comments

MDM Installation

Topic - MDM Installation for mobile phones in organization

  • User phone monitoring through MDM may have resistance. MAM can be better than MDM but getting Management support will be a big task
  • BYOD policy approval by management is critical for non-company provided phones to be covered under MDM. Policy should incorporate complete deletion of email data and access once the employee moves out of the organization or lost his phone.
  • MDM should be…
Continue

Added by Sridharan on August 1, 2019 at 10:19am — No Comments

Register for best of the world webinar on 'Artificial Intelligence In Security'

This talk will bring to us the current applications and future possible impacts of artificial intelligence in security. Sign up here



Key Points To Be Discussed…

Continue

Added by pritha on July 30, 2019 at 3:55pm — No Comments

Best Of The World Webinar : Dark Future Of Privacy By Menny Barzilay

How do tech companies manipulate the way people think? What would a top-secret Russian agency do to affect the outcome of the US presidential elections? Can systems today analyze people’s behavior to the point where they can predict every move they’ll make?

Watch Webinar : …

Continue

Added by pritha on July 25, 2019 at 1:00pm — No Comments

Database Security Framework & Best Practices

For database security following framework can be adapted by any organization to ensure database security system established within organization. This has been written by Prakash Sharma.

Database Security Framework…

Continue

Added by Priyanka Aash on July 13, 2019 at 5:00pm — No Comments

Millions Fined for British Airways And Marriott Data Breach

The Marriott fine of $ 124 Million comes right after a record fine of $230 million imposed by ICO on Monday following the British Airways Data Breach. The ICO's investigation found that the British Airways breach exposed personal data for 500,000 customers. It involved attackers installing malicious code on British Airways's site that rerouted customers to a phishing site that stole their personal details and payment card details.…

Continue

Added by CISO Platform on July 11, 2019 at 3:30pm — No Comments

(Breach) NASA Hacked : Why It Happened & What Can You Learn?

(NASA Hacked) On 21 June, 2019 major news channels disclosed a major hack on NASA. Hackers were able to gain unauthorized access using Raspberry Pi and stole ‘Mars Mission Data’ and breached ‘NASA’s satellite dish network’. This happened around April 2018 and went unnoticed for for almost a year. It is advisable to do an attack surface analysis for an organization to have a know-how of all the access and assets.…



Continue

Added by pritha on July 11, 2019 at 1:13pm — No Comments

(Breach) NASA Hacked : Why It Happened & What Can You Learn?

(NASA Hacked) On 21 June, 2019 major news channels disclosed a major hack on NASA. Hackers were able to gain unauthorized access using Raspberry Pi and stole ‘Mars Mission Data’ and breached ‘NASA’s satellite dish network’. This happened around April 2018 and went unnoticed for for almost a year. It is advisable to do an attack surface analysis for an organization to have a know-how of all the access and assets.…



Continue

Added by pritha on July 11, 2019 at 1:13pm — No Comments

Monthly Archives

2019

2018

2017

2016

2015

2014

2013

2012

1999

© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service