Recently published blogs
Although Log4j and follow-up attack vectors are still a real threat for many organizations, it’s certainly not too early to draw lessons learned from this episode. What made Log4j different from other ‘classic’ 2021 vulnerabilities such as Citrix, Kaseya, and Hafnium (Exchange) is the fact that it was much harder for organizations to pinpoint if they were vulnerable.
The Log4j vulnerability that was discovered on Thursday, December 9th, is still a pressing issue for many companies. Since its discovery, we’ve received many questions from customers, most of which we have gathered on this FAQ page. If you have any questions regarding the Log4j vulnerability, you can find the answer to many of them here.
As we start using more and more products (whether from a cloud supplier or using an on-prem solution) we also need to implement more security measures.
Every separate business product has its own security requirements and solutions and the task is upon the security department to make sure that everything is used in a safe and secure manner.
A one-off vulnerability assessment or automated penetration test may serve to raise awareness to gain focus. Still, it also bears a risk of fatigue in that it usually raises a seemingly insurmountably large heap of issues. If you’re seeking to take control of and improve an existing situation, don’t look once.
The DMZ model can be found in the physical world, with the DMZ between North and South Korea being the most well-known. The idea of this DMZ is that it is neutral territory. Whenever there needs to be some sort of discussion impacting both parties, they meet in the DMZ. When network operators first started implementing the DMZ model, the idea was same.
The terms network segmentation and Zero Trust are used more and more and have turned into real buzzwords. We are asked more and more often whether or not we can segment the network. What is actually being asked is, can we help set up a Zero Trust environment.
The increasing popularity of Zero Trust means that more and more is written about it. Unfortunately, the many online publications show that there are quite a few misgivings – and that not everyone understands what exactly is the purpose of Zero Trust.
Content vs Context Properly assessing this data isn’t a challenge that’s solved by throwing a set of general rules at it, which is what virtually all these products do. The complexity is in the relevance of the data in relation to your environment. It’s important to make the clear distinction … Read more
Can your department tell the CEO within 30 minutes after detection of a breach how it happened, which data was impacted, how it was stopped and if all forensic evidence is safeguarded?
By combining the Polar Flow data with social media profiles and other public information, Dutch journalists, together with the Bellingcat network for citizen journalism, were able to find names, addresses and photos of no less than 6460 individuals.
KEEP UP WITH
OUR LATEST RESEARCH
Want to stay in the loop on our latest cybersecurity research?
Sign up and get cybersecurity updates delivered straight to your inbox.
