-
OAuth: Your Guide to Industry Authorization
Nearly a decade ago, the cyber industry was toiling over how to enable access for users between applications and grant access to specific information about the user for authentication and authorization purposes. Enter authorization-focused OAuth 2.0 and authentication-focused OpenID Connect (OIDC). In the last decade, organizations adopted OAuth and its companion OIDC to enable customers […]
-
How to Implement Zero Trust
Zero trust has gone from new idea to buzzword and industry paradigm in a decade. Much more than a one size fits all product or service, zero trust requires an organization to identify its most sensitive assets, monitor traffic flows, and enforce granular, application-level access policies–all of which are entirely dependent on your organization. As […]
-
How to Implement Microsegmentation
In an era where the network edge faces the highest traffic, organizations rush to add more robust security yet hesitate to take on the long-term endeavor known as microsegmentation. Microsegmentation is about identifying your organization’s most valuable network segments, establishing strict communication policies, and becoming the master of your network flows. Unlike traditional network segmentation, […]
-
SolarWinds Hack Defenses: Protecting Against ‘Solorigate’ TTPs
A March 2020 software update of the SolarWinds Orion management platform gave malicious actors unhindered access to key government and enterprise networks. Microsoft has dubbed the infamous supply chain compromise of SolarWinds as “Solorigate.” In December, eSecurity Planet detailed FireEye’s initial findings, implications for the industry, and how to mitigate similar attacks. Since then, much […]
-
The IoT Cybersecurity Act of 2020: Implications for Devices
A universe of devices and technology has fallen into our laps at a speed that organizations struggle to manage effectively. And that boom in devices shows no signs of stopping. In 2019, there were an estimated 9.9 billion Internet of Things (IoT) devices. By 2025, we expect 21.5 billion. As more information about IoT device […]
-
New TCP/IP Vulnerabilities Expose IoT, OT Systems
Forescout Research Labs last month released a 14-page white paper and a 47-page research report detailing 33 vulnerabilities affecting millions of Internet of Things (IoT), Operational Technology (OT), and IT devices. Dubbed AMNESIA:33, these newly identified vulnerabilities include four broadly used TCP/IP stacks and have left more than 150 vendors potentially compromised. Forescout’s findings are […]
-
Cloud-based security: SECaaS
Irrespective of your organization’s size or complexity, a robust cybersecurity infrastructure is the key to protecting your network and data. But common problems prevail for IT staff monitoring or managing potential threats: a constant triage of alerts, dispersed information challenging to gather, and lack of time, tools, or resources to effectively protect your organization. To […]
-
Cloud Bucket Vulnerability Management
The movement to the cloud means access to data anywhere, enhanced data recovery, flexibility for collaboration, and less of a burden on IT staff. But, while cloud providers boast that their storage services — or “buckets” — offer added application security, they have also consistently proven vulnerable. A bucket is a virtual storage unit provided […]
-
FireEye, SolarWinds Breaches: Implications and Protections
Five days after FireEye detailed the theft of about 300 of its proprietary cybersecurity tools, SolarWinds announced that its Orion IT monitoring platform had also been compromised by hackers believed to be sponsored by the Russian government. Together, the attack that originated with a SolarWinds vulnerability turned over critical cybersecurity infrastructure to the malicious actors, […]
