We’ve seen all too often that the cause of the major breaches we see in the news is failure by the organization to patch a software vulnerability for which a patch has long been available. As a result, more and more organizations are looking for solutions that help make the process of identifying and deploying patches easier and more automated. If you’re looking for a solution for patch management, here are four things to consider:
The quick answer is probably yes, wherever you can.
Google recently announced that since deploying physical security fobs to all of its employees, none had been successfully phished on work-related accounts. Google also announced plans to introduce its own hardware fobs – the Titan Security Key, although they look suspiciously identical to those currently offered by Feitian. This may be the endorsement needed to force greater support for the U2F standard which employs a physical fob to generate authentication tokens as a second factor.
Yesterday’s reports showed that Amazon AWS continues to grow rapidly--up almost 50% for the last quarter over the quarter the year before. This reflects the steady move by companies adopting cloud infrastructure to realize cost savings, and particularly companies choosing AWS to deliver these services.
Managed detection and response helps solve the needs of organizations who lack resources and enables organizations to better detect and respond to threats. MDR services complement an organization’s own IT or security team to help provide the extra eyes for 24x7 coverage along with security expertise and guidance for remediating potential security incidents that are detected. However, not all services provide the same features. So, it’s important to ask these four questions when looking at managed detection and response solutions.
With Black Hat USA 2018 coming up in a few short weeks, it seems like a good time to unpack the results of their 2018 USA Attendance Survey. The survey was distributed to anyone who either attended the 2017 conference or expressed interest in visiting the 2018 session. The report covers topics from updated office policies on Facebook use to approval of President Trump, and these are what we at Cygilant thought were the most important. We are most interested to know how information security professionals are spending their time and what they’re not looking forward to combating in the next year.
A report from Gartner announced this week on DarkReading found that nearly one out of three companies don’t have on-staff cybersecurity expertise. Gartner research director Rob McMillan and principal research analyst Sam Olyaei compiled the 2018 CIO Agenda Survey from over 3,000 respondents the article said. And while more organizations have cybersecurity staff than previous years, one third are still lacking a dedicated resource.
With so many data breaches in the news, organization everywhere are reviewing their cybersecurity programs to ensure they stay out of the headlines. Since many high-profile data breaches have been caused by unaddressed vulnerabilities for which patches were available, organizations are increasingly looking to deploy solutions to help close these gaps.
How does vulnerability management help prevent hacks?
This week, an article on Healthcare Info Security pointed me to the Department of Health and Human Services' Office for Civil Rights' latest monthly newsletter which reminded HIPAA-covered healthcare organizations that software patching was a critical step in securing their networks and offered some advice about the tools and processes to implement. As the article points out, the advice applies to nearly all organizations, not just those in the healthcare sector, but it can be difficult for organizations to put into practice.