SOCVue ROI Calculator
Welcome to the Cygilant Blog

It’s Time to Audit Your Cybersecurity Program!

Posted by Neil Weitzel on Dec 6, 2017

Seemingly, every week there are new security breaches reported; recently Uber and PayPal both announced that customer data may have been stolen by attackers.  In the case of Uber, 57 million passengers’ data may have been leaked.  Further, Uber also paid $100,000 dollars to the attackers and requested they sign non-disclosure agreements.  This indicates that Uber may have intended to illegally withhold the breach from its customers.  PayPal, on the other hand, identified a possible vulnerability in TIO Networks and reported that 1.6 million customer records may have been exposed.  TIO Networks is a subsidiary of PayPal acquired in July that mainly processes utility bill payments at kiosk locations like Rite Aid.  While the complete details of these breaches have not been disclosed these events continue to articulate the need for companies to evaluate their cybersecurity programs.

You Know You Need a Dedicated Cybersecurity Team, Now What?

Posted by Kevin Landt on Nov 29, 2017

Are you looking to take your cybersecurity program to the next level? One of the most important steps in maturing your security program is moving to a dedicated team responsible for managing cyber risk.

Many organizations try to get by with someone on the IT team wearing the security hat. However, most recognize that this is only a temporary stage that will need to be addressed for several reasons:

Is U2F the Answer to MFA?

Posted by Trevan Marden on Nov 8, 2017

It’s 2017 and while traditional password-based authentication is still widely used, security experts have long realized that traditional passwords are not enough to keep malicious intruders out. Even with requirements for password length, sophisticated complexity, and frequent changes, even the best password is still only one piece of information that’s required to gain access. 

Introducing Cygilant

Posted by Vijay Basani on Sep 19, 2017

I would like to thank you for your continued support, trust, and partnership on our journey to a world where every organization, regardless of size, has the enterprise class security and compliance posture they deserve. With your valuable feedback, our dedicated team of engineers continues to enhance industry best Security Operations and Analytics Platform, SOCVue. Our Global SOC security engineers leverage SOCVue 24x7 for incident detection and analysis, incident response and remediation guidance to mitigate risk.

Misconfigured AWS S3 Buckets Continue to Expose Sensitive Data

Posted by Trevan Marden on Sep 8, 2017

DarkNet.org.uk reported earlier this week that information on 4 million Time Warner Cable customers had been exposed in an apparent misconfiguration of an Amazon S3 bucket. You may recall in July it was widely reported that 14 million Verizon customers and 3 million WWE fans had been similarly exposed by a misconfigured S3 instances. Forbes also reported that month that Dow Jones has suffered a similar misconfiguration issue, exposing data on 2 million customers.  In each of these cases, the data leak could easily have been prevented through proper configuration of the S3 buckets. In these cases, simple human error created the security gaps that allowed the leak of sensitive data. In each case the error was found by a third party who observed the issue and reported it to the company.

Five Critical Requirements for Securing for the Internet of Things

Posted by John Linkous on Aug 14, 2017

As regular readers of the EiQ blog know, we’re suspicious of the Internet of Things (IoT), the massive collection of Internet-connected devices that don’t fall into the traditional “computer” category.  From “smart” energy meters, to in-car technology, to Internet-connected home appliances, the IoT is an incredibly broad spectrum of technologies that can gain value – in some cases, significant value, in other cases, more dubious – by connecting to other devices and networks.

Notes from the Field: Black Hat 2017

Posted by John Linkous on Jul 28, 2017

This week marked the annual descent of thousands of security professionals, hackers, security product vendors and journalists into 100-degree-plus weather in Las Vegas for the venerable Black Hat conference.  This week in Vegas always includes three significant security events: the community-minded B-Sides security conference early in the week, the deeply technical DefCon conference later in the week, and the most mainstream event – Black Hat – wedged in the middle.  All three events provide a forum for those involved in the security industry to get together and share exotic vulnerabilities and attack vectors, talk about the politics related to security (such as privacy and government monitoring), and in the case of Black Hat, see what tools and technologies vendors are coming up with to improve the security posture of organizations.

MDR vs. MSSP vs. Security as a Service

Posted by Kevin Landt on Jul 17, 2017

Managed Detection & Response, or MDR, has been generating some buzz in the security industry. Last year, Gartner created a separate category for MDR and started selling research papers. Vendors took notice and started marketing their services as MDR offerings. What does all of this mean to you?

Don’t Get Skimmed (or Scammed!): Three Steps to Protecting Your Credit and Debit Cards

Posted by John Linkous on Jul 10, 2017

Picture this: you walk up to an ATM that’s the same brand as your bank.  The ATM itself is in a well-lit area, there are lots of families walking around, and there’s even a police officer right on the corner.  Everything seems safe, right?  You slide your card into the ATM, conduct your transaction, and conclude your business as normal.

Five Steps to Compliance with New York’s New Financial Services Cybersecurity Rules

Posted by John Linkous on Jun 7, 2017

In early March, the State of New York’s Department of Financial Services (DFS) adopted a new set of rules in support of the state’s Financial Services Law.  Normally, this is not something that would be particularly news-worthy, as the DFS is chartered to implement rules of governance and management for financial services companies all the time; over the past few years, the DFS has issues rules regarding financial dispute resolution, debt collection, and even the use of Bitcoin and other virtual currencies.  What makes the March resolution – titled “23 NYCRR 500” – so interesting is that, for the first time, it defines specific cybersecurity governance requirements for all financial services companies operating in the state.  As you might expect, as New York City is one of the top three financial centers of the world, this ruling has a substantial impact.

Subscribe to Email Updates

How Much Could You Save?

Find out now with our
60-second ROI calculator!

Calculate!

Most Popular Posts

Posts by Topic

See All