SOCVue ROI Calculator
Welcome to the Cygilant Blog

5 Great Open Source Tools to Automate and Secure Your Infrastructure

Posted by Lydia Dwyer on Dec 4, 2017

With 2018 approaching fast, you will be thinking about your IT and security projects for the next year. Many amazing open source tools have been developed and matured over the past couple of years that will help you both be more secure and make your job easier. We have picked five top open source tools that can automate and help secure your IT infrastructure, preparing your organization for future success and compliance.

Five Steps for an Effective Incident Response Plan

Posted by Trevan Marden on Dec 1, 2017

In today’s world of massive data breaches and constant cyberattacks, it’s important to stay vigilant and have a solid Incident Response Plan in place to identify and mitigate potential security incidents. Here are five important steps to have covered in your plan.

You Know You Need a Dedicated Cybersecurity Team, Now What?

Posted by Kevin Landt on Nov 29, 2017

Are you looking to take your cybersecurity program to the next level? One of the most important steps in maturing your security program is moving to a dedicated team responsible for managing cyber risk.

Many organizations try to get by with someone on the IT team wearing the security hat. However, most recognize that this is only a temporary stage that will need to be addressed for several reasons:

Why are Cybersecurity Programs Thankful for SIEM and Patch Management?

Posted by Neil Weitzel on Nov 27, 2017

As you are coming back from the Thanksgiving weekend and looking forward to the holiday season with friends and family we wanted to take a moment to explain what we are thankful for at Cygilant. 

As many know, security information and event management (SIEM); the part of a cybersecurity program that analyzes real-time events and alerts triggered by software or devices has been around quite some time.  At Cygilant we have spent over a decade building a platform for analyzing SIEM data.  It was not an easy task. As many in the security industry know, working with SIEM data is no small undertaking. So, to say we are very thankful for vendors and technologists that continue to develop and support SIEM is an understatement.

You're protected against ransomware, right?

Posted by Neil Weitzel on Oct 28, 2017

The first and most important action is to educate users of the systems.  Most ransomware and cyber-attacks, in general, rely on a user taking an unintended action; commonly a user executes a seemingly normal but nefarious file.  Because of this attack vector users should be wary of unsolicited emails, especially ones with attachments and links.  To take this one step further users should know what types of files and operations commonly make changes to their systems. This will help them understand when changes are normal or something out of the ordinary is attempting to make changes. To name a few, for example, users of windows machines might want to investigate exe, msi, bat, or ps1 file types prior to executing them.

What is DMARC and Why Should You Use It?

Posted by Trevan Marden on Oct 26, 2017

If you follow cybersecurity news, you’ve been seeing DMARC come up a lot recently, with reports that DHS will be looking at federal agency use of DMARC, vendors lagging on implementing DMARC, and calls for organizations to finally stamp out fake emails. But what is DMARC, and how does it differ from SPF and DKIM? What protection does DMARC offer?

What You Should Know About the WPA2 Flaw

Posted by Neil Weitzel on Oct 16, 2017

Chances are the content of this article traversed some wireless network prior to being displayed on the device you are using (or prior to being printed out for you hard copy purists).  However, today we learned the WPA2 (WiFi Protected Access II), is vulnerable to key reinstallation attacks.  For the past 14 years, WPA2 has been considered the industry standard for maintaining a secure wireless network for personal and enterprise connectivity. What makes this newly released vulnerability different than the recent security headlines is this attack is not leveraging unpatched software or a company’s implementation of technology.  This attack actually exposes flaws in the protocol specification (standard) itself; meaning all implementations of the standard are (likely) also vulnerable.

Three Things You Must Do Now to Prevent Identity Theft from the Equifax Breach

Posted by John Linkous on Sep 14, 2017

Late last week, Equifax – one of the four largest credit reporting bureaus in the United States – disclosed that in July, they experienced a massive data breach that cloud very well represent the largest compromise of significant personally-identifiable information (PII) ever.  As reported by the company, data on over 143 million people was compromised, and the scope of that data included some of the most sensitive data that exists regarding individuals: names, addresses, birth dates, and Social Security numbers were captured, along with credit card numbers and other PII for a subset of those persons whose data was breached.  Equifax disclosed that the compromised data included residents not only of the United States, but also Canada and the UK.

Misconfigured AWS S3 Buckets Continue to Expose Sensitive Data

Posted by Trevan Marden on Sep 8, 2017

DarkNet.org.uk reported earlier this week that information on 4 million Time Warner Cable customers had been exposed in an apparent misconfiguration of an Amazon S3 bucket. You may recall in July it was widely reported that 14 million Verizon customers and 3 million WWE fans had been similarly exposed by a misconfigured S3 instances. Forbes also reported that month that Dow Jones has suffered a similar misconfiguration issue, exposing data on 2 million customers.  In each of these cases, the data leak could easily have been prevented through proper configuration of the S3 buckets. In these cases, simple human error created the security gaps that allowed the leak of sensitive data. In each case the error was found by a third party who observed the issue and reported it to the company.

Multi-factor Authentication: Shifting the Point of Failure?

Posted by Trevan Marden on Aug 25, 2017

Multi-factor authentication is often pointed to as a great step in increasing security for account access. In addition to your password, “something you know,” you’ll also need access to your cell phone, “something you have.” For example, if you enable two-factor authentication for a Google account, when you try to log in with your password from a new computer or other device, Google will send a text to your cell phone with a code you’ll need to enter on the login screen to verify that along with having the correct password, you also have physical access to the associated cell phone for the account. However, problems arise if your access to your cell phone is compromised.

Subscribe to Email Updates

How Much Could You Save?

Find out now with our
60-second ROI calculator!

Calculate!

Most Popular Posts

Posts by Topic

See All