SOCVue ROI Calculator
Welcome to the Cygilant Blog

7 Signs You Should Invest In Security As A Service

Posted by Miguel De Los Santos on Mar 20, 2018

As a Solutions engineer, we have the privilege of listening to mid-sized and large organizations that are struggling to keep up with the ever-changing cyber security landscape. This blog post will provide insight and hopefully educate those with one or more of the following signs that a Security as a Service was needed yesterday.

Let’s pause though. What is Security as a Service? This is a software-as-a-service security program that comprehensively identifies threats, helps mitigate risk and meet compliance. Generally, this is comprised of a balance between People, Process, and Technology.


SEC Recommendations on Cybersecurity

Posted by Michael Napolitano on Mar 8, 2018

In 2011, the SEC published a set of recommendations relating to the disclosure of an organization’s cybersecurity risks and cyber incidents. In this document the SEC stated, “registrants should review, on an ongoing basis, the adequacy of their disclosure relating to cybersecurity risks and cyber incidents” and went on to describe existing disclosure obligations such as risk factors, description of business, and financial statement disclosures where cyber risks and incidents would often need to be discussed.

It’s Time to Audit Your Cybersecurity Program!

Posted by Neil Weitzel on Dec 6, 2017

Seemingly, every week there are new security breaches reported; recently Uber and PayPal both announced that customer data may have been stolen by attackers.  In the case of Uber, 57 million passengers’ data may have been leaked.  Further, Uber also paid $100,000 dollars to the attackers and requested they sign non-disclosure agreements.  This indicates that Uber may have intended to illegally withhold the breach from its customers.  PayPal, on the other hand, identified a possible vulnerability in TIO Networks and reported that 1.6 million customer records may have been exposed.  TIO Networks is a subsidiary of PayPal acquired in July that mainly processes utility bill payments at kiosk locations like Rite Aid.  While the complete details of these breaches have not been disclosed these events continue to articulate the need for companies to evaluate their cybersecurity programs.

You Know You Need a Dedicated Cybersecurity Team, Now What?

Posted by Kevin Landt on Nov 29, 2017

Are you looking to take your cybersecurity program to the next level? One of the most important steps in maturing your security program is moving to a dedicated team responsible for managing cyber risk.

Many organizations try to get by with someone on the IT team wearing the security hat. However, most recognize that this is only a temporary stage that will need to be addressed for several reasons:

Is U2F the Answer to MFA?

Posted by Trevan Marden on Nov 8, 2017

It’s 2017 and while traditional password-based authentication is still widely used, security experts have long realized that traditional passwords are not enough to keep malicious intruders out. Even with requirements for password length, sophisticated complexity, and frequent changes, even the best password is still only one piece of information that’s required to gain access. 

Introducing Cygilant

Posted by Vijay Basani on Sep 19, 2017

I would like to thank you for your continued support, trust, and partnership on our journey to a world where every organization, regardless of size, has the enterprise class security and compliance posture they deserve. With your valuable feedback, our dedicated team of engineers continues to enhance industry best Security Operations and Analytics Platform, SOCVue. Our Global SOC security engineers leverage SOCVue 24x7 for incident detection and analysis, incident response and remediation guidance to mitigate risk.

Misconfigured AWS S3 Buckets Continue to Expose Sensitive Data

Posted by Trevan Marden on Sep 8, 2017 reported earlier this week that information on 4 million Time Warner Cable customers had been exposed in an apparent misconfiguration of an Amazon S3 bucket. You may recall in July it was widely reported that 14 million Verizon customers and 3 million WWE fans had been similarly exposed by a misconfigured S3 instances. Forbes also reported that month that Dow Jones has suffered a similar misconfiguration issue, exposing data on 2 million customers.  In each of these cases, the data leak could easily have been prevented through proper configuration of the S3 buckets. In these cases, simple human error created the security gaps that allowed the leak of sensitive data. In each case the error was found by a third party who observed the issue and reported it to the company.

Five Critical Requirements for Securing for the Internet of Things

Posted by John Linkous on Aug 14, 2017

As regular readers of the EiQ blog know, we’re suspicious of the Internet of Things (IoT), the massive collection of Internet-connected devices that don’t fall into the traditional “computer” category.  From “smart” energy meters, to in-car technology, to Internet-connected home appliances, the IoT is an incredibly broad spectrum of technologies that can gain value – in some cases, significant value, in other cases, more dubious – by connecting to other devices and networks.

Notes from the Field: Black Hat 2017

Posted by John Linkous on Jul 28, 2017

This week marked the annual descent of thousands of security professionals, hackers, security product vendors and journalists into 100-degree-plus weather in Las Vegas for the venerable Black Hat conference.  This week in Vegas always includes three significant security events: the community-minded B-Sides security conference early in the week, the deeply technical DefCon conference later in the week, and the most mainstream event – Black Hat – wedged in the middle.  All three events provide a forum for those involved in the security industry to get together and share exotic vulnerabilities and attack vectors, talk about the politics related to security (such as privacy and government monitoring), and in the case of Black Hat, see what tools and technologies vendors are coming up with to improve the security posture of organizations.

MDR vs. MSSP vs. Security as a Service

Posted by Kevin Landt on Jul 17, 2017

Managed Detection & Response, or MDR, has been generating some buzz in the security industry. Last year, Gartner created a separate category for MDR and started selling research papers. Vendors took notice and started marketing their services as MDR offerings. What does all of this mean to you?

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Evaluate Cygilant Services at no cost during the trial period.

SOCVue Free Trial

Most Popular Posts

Posts by Topic

See All