Cybersecurity compliance isn’t something you can accomplish easily. There are an overwhelming number of acronyms, controls, and laws that leave many scratching their head. Compliance requirements vary and can be imposed by law, non-government regulatory bodies, and even private industry groups. Cybersecurity Compliance involves meeting various “conditionals” or controls to protect the confidentiality, integrity, and access of data. Compliance requirements vary by business type, sector, or industry. They typically involve using an array of specific...

Abstract – This article discusses the importance of understanding and level of effort required for mitigating risks that third-party cloud services (software-as-a-service, infrastructure-as-a-service, and platform-as-a-service) represent to an organization. Depending on the service, it may not be possible to conduct a thorough, direct assessment of the services, which is necessary to ensure securing the organization’s data. To overcome this lack of ability, organizations can default to developing a technology survey that asks questions that are...

An incident response plan is a“set of instructions to help IT staff detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work.” Generally, an Incident Response plan is created before any incidents occur. Although, most companies have taken a reactionary approach to Incident Response, looking into making one only after a breach has occurred. Knowing what to do, how...

According to Gartner, Software Defined – Wide Area Network (SD-WAN) does the following:  “SD-WAN solutions provide a replacement for traditional WAN routers and are agnostic to WAN transport technologies. SD-WAN provides dynamic, policy-based, application path selection across multiple WAN connections and supports service chaining for additional services such as WAN optimization and firewalls.” Software Defined – Wide Area Netowork addresses the challenging task of ensuring appropriate, quick access to company networks across increasingly diverse technology environments...

According to Gartner, Identity and Access Management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM addresses the challenging task of ensuring appropriate access to resources across increasingly diverse technology environments as well as keep up with the necessary regulatory compliance standards. Organizations typically used on-premises IAM solutions to manage identity and access policies. Nowadays as companies add more cloud...

You have an endpoint protection solution, email security gateway, antimalware, and a plethora of other security tools at your fingertips. How do you make sense of it all, to see the whole picture? The simple answer is a SIEM or Security Information and Event Management. A SIEM solution takes all the data generated by your various security tools and correlates it. It processes the events and allows you to take reign over protections and focus...

What is an “Email Security Gateway”? An Email Security Gateway is one of the first lines of defense we deploy against certain cyberthreats to our organizations. Spam, phishing attacks, and email compromise are just a few of these threats that email security gateways block. Most email solutions like G-suite and Office365 offer some baseline gateway but enhancing them with an ESG improves your cyber posture. Advanced SPAM filtering, smart detection, and other security features highlight...

Data breaches are events where certain confidential information is accessed without proper authorization. this goes further by having copies of that data distributed. The average data breach in 2020 caused roughly 3.92 million (USD) in damages. The core concept of a data breach is the fact that data confidentiality has been compromised. Data breaches can happen for a myriad of reasons. First off, breaches occur due to malicious actors that target vulnerabilities present in our...

Security Posture A lot of the time we like to think that adding a new tool or creating a new policy will start to cover our bases and make us less vulnerable. While that can be true in a lot of cases, we often tend to overlook system interaction changes and a plethora of other holistic variables. A key thing to keep in mind is our security posture. Security posture is the way we structure...

We covered “Email Phishing” last week, and a threat that is commonly found in conjuncture with Email phishing is “Ransomware”. Ransomware is a type of malware that is designed to encrypt data on an infected machine and deny access to it. Most of the time it has a “ransom” to be paid to decrypt it, hence the name. A lot of the protections from being infected fall long the lines of not falling for email...