Recently published blogs
On February 24, we sent out a security update on the cybersecurity implications of Russia’s invasion of Ukraine. In this new bulletin, we give you a status update on the most recent developments.
Biden’s Zero Trust advice, as well as the Dutch NCSC advice, has put Zero Trust on the map more than it has ever been before. But what exactly is Zero Trust? And how has it developed since John Kindervag popularized the term?
When your IT-department is confronted with a serious threat such as Log4j, you should be able to focus on problems that precede the question of whether you should and can patch or not.
On February 24, we sent out a security update on the cybersecurity implications of Russia’s invasion of Ukraine. In this new bulletin, we give you a status update on the most recent developments.
We continue our Log4j blog series with the second installment: a deep dive into the subject of vulnerability management. What does it involve? What tools to use? And how to operationalize it into a long-term strategic cybersecurity approach.
Although Log4j and follow-up attack vectors are still a real threat for many organizations, it’s certainly not too early to draw lessons learned from this episode. What made Log4j different from other ‘classic’ 2021 vulnerabilities such as Citrix, Kaseya, and Hafnium (Exchange) is the fact that it was much harder for organizations to pinpoint if they were vulnerable.
The Log4j vulnerability that was discovered on Thursday, December 9th, is still a pressing issue for many companies. Since its discovery, we’ve received many questions from customers, most of which we have gathered on this FAQ page. If you have any questions regarding the Log4j vulnerability, you can find the answer to many of them here.
As we start using more and more products (whether from a cloud supplier or using an on-prem solution) we also need to implement more security measures.
Every separate business product has its own security requirements and solutions and the task is upon the security department to make sure that everything is used in a safe and secure manner.
A one-off vulnerability assessment or automated penetration test may serve to raise awareness to gain focus. Still, it also bears a risk of fatigue in that it usually raises a seemingly insurmountably large heap of issues. If you’re seeking to take control of and improve an existing situation, don’t look once.
The DMZ model can be found in the physical world, with the DMZ between North and South Korea being the most well-known. The idea of this DMZ is that it is neutral territory. Whenever there needs to be some sort of discussion impacting both parties, they meet in the DMZ. When network operators first started implementing the DMZ model, the idea was same.
The terms network segmentation and Zero Trust are used more and more and have turned into real buzzwords. We are asked more and more often whether or not we can segment the network. What is actually being asked is, can we help set up a Zero Trust environment.
The increasing popularity of Zero Trust means that more and more is written about it. Unfortunately, the many online publications show that there are quite a few misgivings – and that not everyone understands what exactly is the purpose of Zero Trust.
Content vs Context Properly assessing this data isn’t a challenge that’s solved by throwing a set of general rules at it, which is what virtually all these products do. The complexity is in the relevance of the data in relation to your environment. It’s important to make the clear distinction … Read more
Can your department tell the CEO within 30 minutes after detection of a breach how it happened, which data was impacted, how it was stopped and if all forensic evidence is safeguarded?
By combining the Polar Flow data with social media profiles and other public information, Dutch journalists, together with the Bellingcat network for citizen journalism, were able to find names, addresses and photos of no less than 6460 individuals.
KEEP UP WITH
OUR LATEST RESEARCH
Want to stay in the loop on our latest cybersecurity research?
Sign up and get cybersecurity updates delivered straight to your inbox.
