Request a Demo
Welcome to the Cygilant Blog

Proper Segregation of a Network

Posted by James Cote on Apr 5, 2018

Proper segregation of a network is one simple line of defense against malicious threats that is very effective. Even the latest security systems won’t always protect your network if it’s not properly set up and segregated into different role based sections. These different sections or VLANS are what help keep your network safe. When carved-out properly an attacker will have to traverse several roadblocks along the way.  The key to a properly segregated network is multiple areas with different permissions and roles for each area.  This will prevent an attacker who infiltrates the network in one area from obtaining information from another area.

The Disconnect Between CIO, IT Manager, and Security Engineer

Posted by Chris Durocher on Apr 2, 2018

I’ve spent the past few years calling into CIOs, IT Managers, or Security Engineers discussing where their security program is today and what they would like it transformed too. Even though you probably dread the sight of an unknown number, my favorite part of my position is being a facilitator of conversation as well as understanding the focus of all parties involved. What I’ve come to realize is the disconnect that often exists within the security team and the individual goals differ position to position.

7 Signs You Should Invest In Security As A Service

Posted by Miguel De Los Santos on Mar 20, 2018

As a Solutions engineer, we have the privilege of listening to mid-sized and large organizations that are struggling to keep up with the ever-changing cyber security landscape. This blog post will provide insight and hopefully educate those with one or more of the following signs that a Security as a Service was needed yesterday.

Let’s pause though. What is Security as a Service? This is a software-as-a-service security program that comprehensively identifies threats, helps mitigate risk and meet compliance. Generally, this is comprised of a balance between People, Process, and Technology.

 

SEC Recommendations on Cybersecurity

Posted by Michael Napolitano on Mar 8, 2018

In 2011, the SEC published a set of recommendations relating to the disclosure of an organization’s cybersecurity risks and cyber incidents. In this document the SEC stated, “registrants should review, on an ongoing basis, the adequacy of their disclosure relating to cybersecurity risks and cyber incidents” and went on to describe existing disclosure obligations such as risk factors, description of business, and financial statement disclosures where cyber risks and incidents would often need to be discussed.

It’s Time to Audit Your Cybersecurity Program!

Posted by Neil Weitzel on Dec 6, 2017

Seemingly, every week there are new security breaches reported; recently Uber and PayPal both announced that customer data may have been stolen by attackers.  In the case of Uber, 57 million passengers’ data may have been leaked.  Further, Uber also paid $100,000 dollars to the attackers and requested they sign non-disclosure agreements.  This indicates that Uber may have intended to illegally withhold the breach from its customers.  PayPal, on the other hand, identified a possible vulnerability in TIO Networks and reported that 1.6 million customer records may have been exposed.  TIO Networks is a subsidiary of PayPal acquired in July that mainly processes utility bill payments at kiosk locations like Rite Aid.  While the complete details of these breaches have not been disclosed these events continue to articulate the need for companies to evaluate their cybersecurity programs.

You Know You Need a Dedicated Cybersecurity Team, Now What?

Posted by Kevin Landt on Nov 29, 2017

Are you looking to take your cybersecurity program to the next level? One of the most important steps in maturing your security program is moving to a dedicated team responsible for managing cyber risk.

Many organizations try to get by with someone on the IT team wearing the security hat. However, most recognize that this is only a temporary stage that will need to be addressed for several reasons:

Is U2F the Answer to MFA?

Posted by Trevan Marden on Nov 8, 2017

It’s 2017 and while traditional password-based authentication is still widely used, security experts have long realized that traditional passwords are not enough to keep malicious intruders out. Even with requirements for password length, sophisticated complexity, and frequent changes, even the best password is still only one piece of information that’s required to gain access. 

Introducing Cygilant

Posted by Vijay Basani on Sep 19, 2017

I would like to thank you for your continued support, trust, and partnership on our journey to a world where every organization, regardless of size, has the enterprise class security and compliance posture they deserve. With your valuable feedback, our dedicated team of engineers continues to enhance industry best Security Operations and Analytics Platform, SOCVue. Our Global SOC security engineers leverage SOCVue 24x7 for incident detection and analysis, incident response and remediation guidance to mitigate risk.

Misconfigured AWS S3 Buckets Continue to Expose Sensitive Data

Posted by Trevan Marden on Sep 8, 2017

DarkNet.org.uk reported earlier this week that information on 4 million Time Warner Cable customers had been exposed in an apparent misconfiguration of an Amazon S3 bucket. You may recall in July it was widely reported that 14 million Verizon customers and 3 million WWE fans had been similarly exposed by a misconfigured S3 instances. Forbes also reported that month that Dow Jones has suffered a similar misconfiguration issue, exposing data on 2 million customers.  In each of these cases, the data leak could easily have been prevented through proper configuration of the S3 buckets. In these cases, simple human error created the security gaps that allowed the leak of sensitive data. In each case the error was found by a third party who observed the issue and reported it to the company.

Five Critical Requirements for Securing for the Internet of Things

Posted by John Linkous on Aug 14, 2017

As regular readers of the EiQ blog know, we’re suspicious of the Internet of Things (IoT), the massive collection of Internet-connected devices that don’t fall into the traditional “computer” category.  From “smart” energy meters, to in-car technology, to Internet-connected home appliances, the IoT is an incredibly broad spectrum of technologies that can gain value – in some cases, significant value, in other cases, more dubious – by connecting to other devices and networks.

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Popular Posts

Posts by Topic

See All