October 1, 2018 | SC Media October 1, 2018

Print Issue: October 1, 2018

Exposed! Open and misconfigured servers in the cloud

Tesla had one. Robocent had one. Walmart had one. GoDaddy had one. Misconfigured servers and databases in the cloud – exposing with critical information – are trending on the internet. In fact, they’re all the rage. At first we “oooo” and “aaah” at the criticality of the information exposed and shudder at the potential consequences…

Halt, who goes there? Identity access management

In the heady days of the 1970s, no one passed through the doors of Studio 54 without famously being vetted by the trendy club’s bouncers – and with good reason. Not only did the disco want to attract only the hippest or most desirable of celebrities and glitterati, it also wanted to protect them, ensuring…

Lightly secured cloud, with a chance of IoT attacks

As clouds gather in the public and private sectors, the Internet of Things (IoT) – and all the devices it brings – has organized into a hurricane-sized force that challenges evolving security strategies. Earlier this year, researchers developed a Stuxnet-like malware proof-of-concept attack which they claimed could infiltrate critical infrastructure and potentially disrupt the power…

Do you know where your data is?

Protecting data on overseas cloud servers and navigating aggressive regulation promise to keep tech lawyers employed for years to come, if the EU’s quick succession of Privacy Shield, GDPR and the forthcoming ePrivacy Regulation provides any indication of what’s in store. Data guardians must be prepared to bring their technical A-game in regard to knowing…

Shifting the policy on cyberwar

We all have computers that can be weaponized, says Jim Reavis. Recently the Trump Administration reversed Presidential Policy Directive 20, which was Obama-era guidance governing how the United States can deploy cyber weapons as part of overall national security.  How this is being reported in the media is that the current administration is eliminating this…

IllenaArmstrong

Cybersecurity: It’s a budgetary priority, right?

Cybercrime is at an all-time high. However, it seems investment of money, time and people to establish and manage necessary cybersecurity planning, implementation of related processes and policies, and the adoption and oversight of needed security technologies services isn’t. Looking back, 2017 ended with over 5,000 breaches and more than 7.9 billion records exposed, says…

Securing the software-defined wide-area network – Six critical functions

As the network perimeter dissolves, implementing security controls is more complex, by Hatem Naguib. If you have a multisite organization spread throughout the country or across the globe, there’s a good chance that you’re connecting those locations together over MPLS. It’s likely been that way for years, perhaps even decades, but it’s an architecture that’s…

AttackIQ FireDrill

Reviewed by Matthew Hreben & Michael Diehl Vendor:  AttackIQ Product:  FireDrill Price:  Starting at $20,000. Contact:  attackiq.com What it does:  Simulation platform that provides highly customizable attack templates. What we liked:  Simple to use software. AttackIQ presents FireDrill, an attack simulation platform that provides multiple tools such as security controls validation, response and remediation exercises,…

SaaS application security architectures are broken

New compliance requirements and penalties drive the pain level higher, says Pravin Kothari Throughout 2017 and 2018 cyberattackers have attacked and successfully breached a wide variety of cloud infrastructure and software-as-a-service (SaaS) applications. These current events have shown us that most cyber defense advances to harden and improve the perimeters around our on-premise and cloud-based…

SafeBreach Breach & Attack Simulation Platform

Reviewed by Matthew Hreben & Michael Diehl Vendor:  SafeBreach Product:  Breach & Attack Simulation Platform Price:  Depending on the size of the deployment. Contact:  safebreach.com What it does:  Attack simulation platform that focuses on multiple attack vectors. What we liked:  Breach Explorer module inside the dashboard has a lot of power and could be used…

Next post in Reviews