The best approach to security is a proactive one, but nobody is perfect. What happens when a determined attacker finds their way into your network? How do you know where they have been, what they have seen, when they got in, and how they gained access? How do you prioritize remediation and confirm that the bad guys are out of your network? Incident responders, like ProCircular's Aaron Heikkila, are at the ready to swoop down and stop the attackers in their tracks!
Topics: Cybersecurity, Information Security, Data Security, Incident Response, security incident handling, security incident response
Security Information & Event Management, or SIEM (pronounced "sim," with a silent "e"), is gaining a reputation outside of the cybersecurity community. Advertisements on YouTube and Hulu tout the product’s incomparable security and real-time effectiveness, but they struggle to convey what a SIEM really does. Technical security lingo tends to make non-technical people tune out, and trying to simplify the concept diminishes its value.
Topics: Cybersecurity, Information Security, Data Security, SIEM
Risk Rolling: Don’t Let Your Business Roll the Dice with Risk
New to the world of cybersecurity and wondering where to even begin? Ever wonder what it takes to become a professional hacker? Varying levels of IT knowledge and understanding? Everybody must start somewhere, and here is your chance! Reimagine your career as an Information Security Specialist and stop wasting your time with "what ifs." Allow yourself to grow and shine in a field that you are passionate about. Outreach your potential with this fantastic new course!
Topics: Cybersecurity, Information Security, risk
No, Your IT Team Shouldn’t Manage Your Cybersecurity
If you were going to test the fault-points of a building, you wouldn’t hire the architect, you’d hire a demolitions expert. Similarly, you don’t want the designer of your network testing its security. If the team that configures your network does so incorrectly, they are most likely unaware. The creator of the environment has an inherent bias based on the angle from which they view it. They are blind to vulnerabilities, not necessarily because they are under-qualified, but because they are too close to the project. A security team has a “black box perspective”, which means they have the same outside view of the system that an attacker would. This outsider point of view is just one of the advantages a security expert has over an internal IT team. They also have the training, experience, time, and resources that would be impossible to lump in with a standard IT program.
Topics: Cybersecurity, Network Security, Information Security, Data Security, Data Ownership, Incident Response, cybersecurity plan
Here’s a quick one for all of the administrators and security practitioners. There’s no shortage of third-party programs designed to do remote desktop management and support. And while sure, many of them are secure, the ones we find in use most often are not. The reason being, they tend to be low or no cost solutions. Now, I’m not one to say that security should always be spendy, but let’s be honest, a lot of the time tools are an investment that management is not always willing to invest in. More often then not when we hit a business that is using VNC as their de facto remote management and support tool, the reason behind it is; “Well, it’s free, and we can shadow and control other machines with it for support calls.”
Topics: Cybersecurity, Network Security, Information Security