Guest Post, Author at Cyber Secure Forum | Forum Events Ltd - Page 6 of 14
Posts By :

Guest Post

The Synack platform expands to confront the cyber skills gap

 960 640 Guest Post
By:
0
0

By Peter Blanks Chief Product Officer, Synack

At Synack, we’re committed to making the world a safer place. We’re doing that by helping organizations defend themselves against an onslaught of cyberattacks. We’re doing it by harnessing the tremendous power of the Synack Red Team, our community of the most skilled and trusted ethical hackers in the world, and through the most-advanced security tools available today.

Now, the Synack Platform is expanding to help organizations globally overcome the worldwide cybersecurity talent gap. I am excited to announce the launch of Synack Campaigns to provide on-demand access to the SRT, who will be available 24/7 to execute specific and unique cybersecurity tasks whenever you need them — and deliver results within hours. This new approach to executing targeted security operations tasks will fundamentally change organizations’ approach to cybersecurity by providing on-demand access to this highly skilled community of security researchers.

During my time at Synack, I’ve seen firsthand how the Synack Operations and Customer Success teams creatively engage with the SRT to address a growing range of clients’ security operations tasks, in addition to our traditional vulnerability discovery and penetration testing services.

Now, we are making these targeted security activities directly available to every organization in the form of Synack Campaigns, available through the new Synack Catalog, also launching today on the Synack Client Platform.

The new Synack Catalog, where customers can discover, configure, purchase and launch Synack Campaigns is available now on the Synack Client Portal. Please speak with your CSM to have this feature enabled for your organization.

I know from speaking to our clients across multiple industries that security teams are struggling to keep pace with the speed of product development. At the same time, they are trying to scale defenses to meet the complexity and magnitude of today’s threats. Our customers ascribe challenges with their growing backlog of security tasks such as CVE checks and cloud configuration reviews. On top of all of that, there’s the need to implement industry best-practice frameworks such as OWASP & Mitre Att&ck. Essentially, customer security teams are struggling with demanding workloads and have asked us for assistance in a number of areas:

  • On-demand access to talented Synack Red Team members who are available 24/7 and capable of completing diverse security operations activities across a growing range of assets.
  • A flexible security solution that can be configured to meet their specific needs in one centralized platform with their existing pentesting insights.
  • A security solution that delivers results quickly (hours and days, not weeks or months) and is aligned with their agile development processes.

Synack Campaigns expands the core capabilities of the Synack Platform, including our trusted community of researchers, an extensive set of workflows, payment services, secure access controls and intelligent skills-based task-routing to provide customers with the ability to execute a growing catalog of cybersecurity operations.

With Synack Campaigns our researchers can augment internal security teams by performing targeted security checks such as:

  • CVE and OWASP Top 10 vulnerability checks
  • Cloud Configuration Checks
  • Compliance Testing (NIST, PCI, GDPR, etc.)
  • ASVS Checks

Synack Campaigns are built to complement our vulnerability management and pentesting services, and help customers achieve long-term security objectives, such as Application SecurityM&A Due Diligence, and Vulnerability Management.

Responding to the rising ransomware threat

 960 640 Guest Post
By:
0
0

By Redscan, a Kroll Business

In October 2021, Sir Jeremy Fleming, the head of GCHQ, disclosed that the number of ransomware attacks in the UK has doubled in just one year. Recently described as “the most immediate danger to UK businesses,” by Lindy Cameron, the CEO of the UK’s National Cyber Security Centre, ransomware continues be a dominant factor in the threat landscape.

It has grown increasingly sophisticated, as have the cybercrime gangs behind it. Over the past two years, they have even evolved ransomware-as-a-service as a new business model to enable lower-skilled threat actors to disrupt businesses.

With many people continuing to work from home, attackers are actively taking advantage of known software vulnerabilities in technologies relating to remote working, including exploiting Remote Desktop Protocol (RDP) or Virtual Private Network (VPN) vulnerabilities.

Cybercriminals also continue to use phishing as a reliable method of initial access, alongside evolving their techniques to launch more sophisticated infections.

With more and more organisations falling victim to ransomware, it is imperative that companies are aware of the techniques used by attackers, as well as the opportunities for detecting it. While much of the advice around ransomware focuses on backing up files and systems, it’s important to remember that precursors to ransomware can be identified and attacks disrupted. Having the appropriate controls in place to detect and respond to attacks is essential.

The most vital step for security teams is to ensure that they have visibility of all their environments – not always easy to achieve in the era of remote working, multiple devices and cloud computing. They should also explore technologies, like SIEM and EDR solutions, that are needed to monitor for ransomware precursors and enable them to disrupt attacks.

As key vulnerable points of entry to networks, endpoints represent a significant security risk for organisations. Redscan’s Managed Endpoint Detection and Response (EDR) service significantly enhances visibility of attacks targeting endpoint devices, supplying an experienced team of threat hunters, the latest EDR technology and up-to-the-minute threat intelligence to identify threats that other controls can miss.

https://www.redscan.com/services/managed-edr/

How to simplify access reviews

 960 640 Guest Post
By:
0
0

By Tenfold Security

More and more cybersecurity regulations require businesses to restrict access to data on a need-to-know basis. This best practice is also known as the principle of least privilege. Put simply, it means that members of your organization should only have access to files and resources they absolutely need in order to do their job.

But how do you make sure that’s the case? How can you be certain that not a single employee at your business has more permissions than they actually need? The answer is: You have to check. Every permission in your organization must be checked through a process known as a user access review (which are also increasingly mandated by laws and security standards)

If that sounds like a logistical nightmare, that’s because it is!

Once your company reaches a certain size, it becomes virtually impossible to conduct access reviews by hand. Tracking hundreds or thousands of permissions across various systems would take so much effort that by the time you finish, you’d already be late for your next access review.

If you’re faced with having to audit every permission at your company, you need help. Especially if you’ve never gone through your access rights before.

tenfold’s identity and access management solution will actually help you in two ways: First, by automating user management, tenfold helps you eliminate unnecessary permissions, which drastically reduces the scope of your access review, as well as boosting your IT security. By defining a default set of permissions for different roles and departments (tenfold will support you in finding the optimal configuration), our IAM platform can automatically adjust permissions as needed when users switch roles, go on family leave or depart your organization.

Second, tenfold actually allows you to automate the access review process. Instead of having to manually track permissions, tenfold provides automatic notifications and a concise report, allowing you to renew or remove permissions with a single click. All settings, from the review interval to the stakeholders involved in the review, can be adjusted to your needs.

Learn more about the advantages of tenfold IAM!

VIRTUAL EVENT: Step into the Future of Cybersecurity at Tessian’s Human Layer Security Summit

 960 640 Guest Post
By:
0
0

The threats of the future are here, AI is now being used to construct more convincing phishing attacks than ever before. Singapore GovTech will explain exactly what this means for the future of phishing in one of Tessian’s game changing sessions at the action packed Human Layer Security Summit.

Join other security leaders as Tessian’s expertly curated panel discusses the challenges our threat landscape faces both now and in the near future and how to counter them.

Some other sessions already on Tessian’s exhilarating agenda are:

  • Fighting Phishing: Everything We Learned From Analyzing 2 Million Malicious Emails
  • DLP Has Failed The Enterprise. What Now?
  • How to Build A High-Impact Security Culture For ‘Oh Sh*t’ Moments

Save your spot today if you’re worried about surging spear phishing attacks, out-dated DLP solutions or archaic security defences.

Cutting through the noise

 960 640 Guest Post
By:
0
0

By Rapid7

Imagine this, your connected devices at home and office go rogue. The car drives you somewhere else instead of home, the office devices leak intellectual property and employee data, the home appliances reveal information about those at home. The thought of this happening would probably send shivers down your spine. Though it’s only an imaginary scenario, the probability of it happening is not impossible as threat actors become increasingly sophisticated.

In other words, with digital transformation, the attack surface has increased exponentially. Take the past year for instance. According to a report by Check Point Research, cyberattacks on the education sector have increased by more than 30% globally, with Australia being one of the top five countries to face the attacks. What led to this spike? Remote learning and virtual classes.

With today’s threat landscape, it’s imperative for security teams to have early, contextualised threat detection across their internal and external environment. Contextualised threat is the investigation and analysis of security alerts as they are generated.

Collecting vast amounts of remote data and making sense of it to identify true threats to your businesses is complex and time-consuming. You need more context about threats—across your internal or external attack surface—and the ability to drive proactive and automated threat mitigation.

Our IntSights solution combines external threat intelligence with community-infused threat intelligence to improve the signal-to-noise ratio and free up time to focus for security teams already stretched too thinly. With more intelligence on the internal and external threat landscape, we can offer more context and treat more threats with Emergent Threat Response. We can add and enhance capabilities across your portfolio to help you solve the security concerns challenging your organisation, as well as take a proactive approach to defend against the security concerns of tomorrow.

Find out more about how our Rapid7 Insight Platform can bring the internal and external threat landscape under your control.

WEBINAR: Top 5 reasons why you need an access management solution

 960 640 Guest Post
By:
0
0

By Tenfold Security

Do you know WHO in your organization has access to WHAT systems and data? If you don’t know the answer, chances are you haven’t yet employed an IAM solution. And that means your company is at high risk for data theft.

You might be struggling to invest the administrative efforts required to manage access rights, both in terms of time and resources. And perhaps you’re finding it difficult to adhere to compliance regulations.

What you need in order to solve these problems is an “Identity & Access Management Solution”. IAM software enables you to manage IT users and access rights for different systems from within one central platform.

In this webinar, we will cover the Top 5 Reasons why you should get an IAM solution. We will outline how IAM can protect your business against data abuse and theft and how it can help you stay on top of compliance provisions.

Click Here To Register

The future of cybersecurity is autonomous

 960 640 Guest Post
By:
0
0

Censornet’s Autonomous Integrated Cloud Security gives mid-market organisations the confidence and control of Enterprise-Grade cyber protection. Our platform integrates attack intelligence across email, web, and cloud to ensure our clients’ cyber defences react at lightning speed, day and night.

The Censornet platform is simple and effective, not costly and complex. For our millions of users globally, it’s smarter, faster, and safer than is humanly possible.  All our services are supported by an award-winning team of customer support specialists. We continuously verify and assess the risk of every person and every device. No exceptions.

Censornet was among the first British companies to offer email security, web security, cloud application security and multi-factor authentication solutions in one integrated cloud-based service. Individually, they are all best-in-class. Integrated into one platform, they act immediately to best protect your organisation from cyber-attacks.

The Censornet autonomous, integrated security platform represents a transformational advance in cyber protection. It provides 24/7 cyber security, with individual engines that automatically react and interact at machine speed to stop attacks before they enter the kill chain.

Censornet’s platform was born in the cloud. It’s built to tackle the threats of today and tomorrow, assessing the risk of every person and device continuously. Just set your rules (or plug and play) and Censornet will do the rest, automatically responding to spam, phishing, malware and ransomware attacks.

Our cloud security platform works around the clock, 365 days a year, offering businesses they confidence and control they need to thrive in a forbidding threat landscape. More than 1,500 organisations and millions of users trust our cloud security platform to automatically protect them from cyber-attack.

Censornet won Cloud Security Product of the Year (SME) at the Computing Cloud Excellence Awards 2021. We were also finalist in the ‘Best SME Security Solution’ category at the 2021 SC Awards Europe.

Visit the Censornet website to find out more about our game-changing Autonomous Integrated Cloud Security platform.

How to mitigate non-malicious insider risk (and why employee awareness is key)

 960 640 Guest Post
By:
0
0

‘Your people are your most important asset’ is a well-worn phrase. However, in the wrong environment, employees can also present a substantial cyber-threat to organizations, and evidence suggests this problem keeps on growing: there’s been a 47% rise in the frequency of incidents involving insider threats between 2018 and 2020, with over half (62%) of these incidents being non-malicious.

In this articleInfosecurity Magazine looks at what organizations can do to mitigate the rise of insider threat incidents, and the central role employee security awareness campaigns plays in guarding against this issue.

Read More…

Cloud Access Security Broker (CASB) was once thought of as a ‘nice to have’. Today, it is essential

 960 640 Guest Post
By:
0
0

A CASB is a Cloud Application Security solution which protects a modern mobile workforce by analysing, managing and protecting user interactions with cloud apps. It offers organisations the ability to control how their data is shared to the cloud and prevent the use of unauthorised or potentially dangerous applications.

Censornet Cloud Application Security (or CASB) is part of our autonomous integrated security platform which sits in the cloud and also includes Email and Web security as well as adaptive Multi-Factor Authentication (MFA).

Cloud Application Security offers visibility of all sanctioned and unsanctioned cloud app use across a business. It enables IT teams to go beyond an “allow” or “block” position with cloud services. The solution also ensures compliance by providing a comprehensive audit trail of user activity for internal and external auditors.

The Censornet Platform

The Censornet Cloud Application Security solution lets you set rules which will protect the entire organisation around the clock. It allows visibility of the applications that are being used, blocking access to actions or features within these apps.

Businesses that use Cloud Application Security on our platform, gain the ability to discover, analyse, secure and manage cloud activity across multiple networks and devices, whether users are on the corporate network or working remotely.

Censornet Cloud Application Security offers flexible deployment via agents, gateways, or both, with centralised policy management to protect office and mobile users. It benefits from access to automated updates which draw on a catalogue of hundreds of business applications and thousands of actions. And if you’ve already got Web Security, CASB can be enabled with one click.

Explore Censornet’s Autonomous Integrated Cloud Security Platform.

UK CISOs driving blindfolded | 75% say they’re at greater risk of cybersecurity attacks | 77% admit they’ve experienced an incident in the last 12 months

 960 640 Guest Post
By:
0
0

BlueFort Security’s independent research of 600 CISOs & 2k office workers will be discussed at a FREE event for UK Cybersecurity Experts

Join us at BlueFort.Live – an event for and about UK CISOs

3:30pm BST | 15th October 2021

Book Your Place

The research will be discussed in our hybrid event – a 1-hour Fireside Chat for and about UK CISOs.

Watch Dean Armstrong, QC, a leading authority on cybercrime, address the attack on data, strategies to fight ransomware and a guide to win the respect of the board.

Come join us at our FREE online event, hosted by award-winning security expert, Graham Cluley, to hear a select panel of CISOs sharing their experiences in the cybersecurity trenches.

Hard-hitting topics will be debated, based on the independent research, including:

  • Cybersecurity is the frontline defence in the world war attack on data
  • Don’t be the scapegoat – a guide for CISO / CIO / I&Os to win the respect of The Board
  • Ransomware will be a $20bn ‘industry’ by the end of 2021 – strategies to fight back and keep winning

Book your free place today and be part of the conversation.

https://www.bluefort.live/