Software patches provide a critical role beyond providing reminders to end users. Their purpose is to fix bugs and vulnerabilities that are present and to create a safer, more secure computing environment. Applying these patches is critical for organizations to reduce the risk of data breaches or compromise; however, due to the sheer number of patches or vulnerabilities that are found, it is often difficult for organizations with even moderately complex environments to perform this function.
In this blog post, we will cover the vulnerability scan requirements for Payment Card Industry Data Security Standard (PCI DSS). The adoption of these requirements helps ensure that your environment is not only compliant with PCI regulations, but also meets best security practices. This vulnerability data can also help provide a deeper understanding of your environment and where time and attention needs to be spent.
At Cygilant, prospective customers are in constant research for what is a strong MDR, but there is little agreement in the industry for what makes a comprehensive MDR service. Before we go in-depth, do you remember this security acronym? If not, we have a handy refresher: What is Managed Detection and Response (MDR). In this blog post, we hope to advise you on the three most common components of any MDR. Feel free to include these components in your vendor matrices; the findings will surprise you.
As a Solutions engineer, we have the privilege of listening to mid-sized and large organizations that are struggling to keep up with the ever-changing cyber security landscape. This blog post will provide insight and hopefully educate those with one or more of the following signs that a Security as a Service was needed yesterday.
Let’s pause though. What is Security as a Service? This is a software-as-a-service security program that comprehensively identifies threats, helps mitigate risk and meet compliance. Generally, this is comprised of a balance between People, Process, and Technology.
Imagine this scenario: It's Monday morning. As far as Mondays go, this looks to be a relatively light day. No changes were made over the weekend, so you do not anticipate any fires to put out. All you have to focus on are a couple meetings later this morning. Before those meetings begin, you check your favorite tech outlet (we recommend Cygilant Daily Security Briefing), and realize that a major vendor has announced a critical vulnerability. This vulnerability could potentially be on every node across your network. One executive finds out about this issue shortly after. He or she now needs to know where the company stands.
Keeping the scale in your favor during an average production day always proves to be difficult. The list of vulnerabilities has grown unmanageable. In many cases, there are lengthy reports to review, spreadsheets to update, and worse, PDFs to comb through. Meanwhile, threat actors continue to develop zero-day vulnerabilities along with weaponizing known vulnerabilities; some of which go as far back as 2006.