There are a variety of ways to test the maturity of your security program, including a gap analysis and a penetration test. However, it can be overwhelming to hear about these different types of security assessments and try to make an informed decision about what is right for your organization and your budget. The different […]
We get a decent amount of questions regarding the right approach to both penetration testing in the cloud and vulnerability scanning cloud-hosted assets. While we’ve already written several posts on how to approach penetration testing for AWS, Azure, and other cloud providers, today we’ll take a step back and focus on AWS vulnerability scanning best […]
Risk assessments are a way of reviewing your assets, the threats to those assets, any vulnerabilities or conditions that leave them open to those threats, and what you are doing to mitigate the risk to those assets. What comes out of that analysis ultimately is an understanding of your residual risk, or how likely is […]
Vulnerability management programs and the vulnerability management tools that support these processes are becoming more and more important to organizations. As the cybersecurity threat landscape shifts more quickly than ever, organizations have to try to stay caught up with new vulnerabilities that could be affecting them to avoid being caught in waves of cyber attacks. […]
The Payment Card Industry (PCI) Security Standards Council (SSC) is an independent body created by Visa, MasterCard, Discover, American Express, and JCB formed in 2006 to develop and enforce standards to protect credit card information. Together, they created the PCI Data Security Standard (DSS), a baseline set of technical and operational requirements which applies to […]
Zoom has seen an incredible up-tick in their user base during the COVID-19 pandemic. Between schools, businesses, and individuals just trying to stay connected with family, Zoom has been one of the most popular video conferencing solutions to meet everyone’s newfound needs in this new remote and socially-distanced environment. With all of this increased attention […]
A common term used in many different industries is authentication. In information security specifically, authentication is the process of determining if a person is who they say they are. Usually, this process is completed prior to giving that person access to something, so you can envision authentication as a guarded gate before a person is […]
Recently, we were asked by a client what VAPT meant. VAPT is an acronym for Vulnerability Assessment and Penetration Testing. This is a broad term which can refer to many different types of security testing, so we’ll dig a bit deeper into different services that could be referred to as VAPT, with the goal of […]
In today’s blog, we will be discussing social engineering attacks in the age of COVID-19. Social Engineering is a popular vector for attackers and with the rise of remote work due to the pandemic, companies’ IT security departments need to be increasingly vigilant. As many of our readers are no doubt aware, social engineering attacks […]
So you just had a client tell you that you need to be PCI certified, what comes next? First, every situation is slightly different, so it’s always a good idea to jump on a quick call with someone who is familiar with PCI to discuss your options, what’s being required of you, and what the […]
