Cygilant Blog

Vulnerability and Patch Management Remains a Key Step in Cyber Defense

Posted by Trevan Marden on Feb 23, 2018

With the Center for Internet Security (CIS) set to launch version 7 of the CIS Controls (formerly the SANS Critical Security Controls) this March 19th, it’s a great time to review your cybersecurity posture and make sure you’re keeping pace.  The latest update is expected to make minor changes that reflect the changing security landscape. While prioritization of the controls may change, it’s unlikely that many of the core controls will change substantively.

How Are You Implementing SANS/CIS Controls to Mitigate Risk of Data Breach?

Posted by Security Steve on Mar 2, 2016


Many regulations state that companies must take reasonable measures to protect sensitive data, for example, personal information such as Social Security numbers, medical information, and payment card data. But even with that mandate, information is still being stolen through data breaches. Last year in the state of California, 178 reported breaches put over 24 million records at risk, affecting nearly 60% of Californians.


How to Prevent Internal Security Hacks With Simple Internal Cybersecurity Controls

Posted by Shawn O'Brien on Jan 29, 2016


Led by the Center for Internet Security (CIS), an international community of experts regularly publishes a list of recommended security controls (CIS Critical Security Controls) that outline specific actions organizations can take to improve their cyber defenses. Implementing the controls protects organizations from internal and external cyber threats.


According to a 2013 Clearswift survey, 58% of all security incidents can be attributed to insiders. Below is a look at how two of the controls guard effectively against the paradigmatic internal threat: the insider who has turned against his or her own organization.

Are You Prepared for the FFIEC Examinations?

Posted by Trevan Marden on Oct 5, 2015

We’ve been having a lot of conversations recently with banks and financial organizations about not only meeting GLBA and PCI-DSS requirements, but also making sure they are prepared for the FFIEC examinations. On the heels of the release of the FFIEC Cybersecurity Assessment Tool this summer, financial organizations are recognizing shortcomings and gaps with their current security processes and systems and looking for ways to correct the issues within constraints of limited budgets, time, and other resources.

The Link Between Security Controls and Compliance

Posted by Kevin Landt on Jun 30, 2015

Compliance management has historically focused on reactive security monitoring (SIEM and Log Management) to meet regulatory mandates. SIEM and Log Management do not proactively identify weaknesses in your network defenses; they only notify you after an event has occurred. As a result, companies continue to experience an increasing number of breaches even though they are in compliance with regulations at the time of a breach.


2 Simple Ways IT Asset Management Can Boost Security

Posted by Security Steve on Jun 9, 2015

Implementing IT Asset Management can help your organization reduce its exposure to cyber risk. Hackers are always looking for the easiest way to infiltrate your network and IT Asset Management can help close the holes that let hackers in. While every network faces unknown risks, IT Asset Management can help you mitigate known risks.

IT Asset Management can provide detailed information on the lifecycle of your devices, including what devices are known and authorized on your network and what software those devices are running.

Here are two ways IT asset tracking can help you improve your security:

4 Proactive Security Steps Anyone Can Take to Secure Their Network

Posted by Security Steve on Jun 2, 2015

Most security monitoring practices focus primarily on reactive security, alerting security teams when a possible attack has been detecting on their network so that they can react to it and try to stop the intruders before any damage is done. The problem with this method is that the longer it takes to detect an attack, the more it will cost to fix it. The longer the attacker is inside your network, the more of a chance it has to find sensitive information.

JP Morgan Breach Discovered Thanks to Log Data

Posted by Vijay Basani on Nov 19, 2014

JP Morgan Chase, a major American financial institution, disclosed a cyber breach back in September. The breach affected 76 million households and 7 million small businesses. The hackers used some of the same offshore servers to hack both the bank and the website of the JP Morgan Corporate Challenge. The IT team at JP Morgan was able to uncover the hack by chance, after studying the Corporate Challenge website breach.

Cybersecurity Breaches for Financial Institutions – the Pain Continues….

Posted by Security Steve on Nov 3, 2014

“Theft of information assets, disruption of services and wrongful disclosure are believed to be the most serious cyber security threats to an organization’s information assets. The most serious consequences from a cyber attack or intrusion are the loss of intellectual property, productivity decline and lost revenue." - Ponemon Institute, 2013(1)

Strategies for DDoS Attack Prevention and Mitigation

Posted by Trevan Marden on Aug 4, 2014


With attacks reported against many banks and major corporations, DDoS (Distributed Denial-of Service) attacks seem to be a hot topic these days.  This begs the question of what can be done to protect organizations from the damaging impacts caused by sustained service outages on critical resources -- and, increasingly, to protect the organization from the data theft and other secondary motives of DDoS attacks used as smokescreens to draw critical security resources away from true targets. 

Most Recent Posts

Subscribe to Email Updates