Request a Demo
Welcome to the Cygilant Blog

AWS Security and Monitoring: What You Need to Know

Posted by Trevan Marden on Jul 27, 2018

Yesterday’s reports showed that Amazon AWS continues to grow rapidly--up almost 50% for the last quarter over the quarter the year before. This reflects the steady move by companies adopting cloud infrastructure to realize cost savings, and particularly companies choosing AWS to deliver these services.

The Move Towards “Zero Trust” and the Need for Security Monitoring

Posted by Trevan Marden on Jun 13, 2018

In a recent article for Forbes, Dave Lewis recalls an experience earlier in his career in which the physical access controls to production servers were completely undermined by lack of proper network segmentation. In the article, he notes that traditional network segmentation is now being replaced with movement towards “zero trust.” The concepts of “inside the network” versus “outside the network” are melting away as organizations steadily move towards cloud-based and hybrid infrastructures.

Top 3 Benefits of a 24/7 SOC Service

Posted by Trevan Marden on May 4, 2018

A few months back, I shared how to get a 24x7 SOC without hiring. Today, let’s talk more about why you can’t afford to wait to get a 24x7 SOC up and running.  Every company, no matter what industry or size, is now the target of cyberattacks. There is no organization immune from the threat posed by internal and external threats.  Smaller companies may be even more susceptible to the risks of security breaches, ransomware, and intellectual property theft, simply because they often lack the resources needed to properly monitor, identify incidents, and respond in a timely fashion.

5 Things an IDS/IPS Can’t Do

Posted by Lydia Dwyer on Mar 22, 2018

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) have been touted as the cure-all to security and compliance woes. The most common type of system sits on the network and inspects all inbound packets. An IDS/IPS is designed to inspect incoming packets to see if they are part of a malicious attack and drop or alert on the packets which are. But like most technologies, IDS/IPS has numerous limitations and pitfalls that vendors of these systems don’t want you to know. When considering how best to protect your organization’s network and an IDS/IPS is in the running, you should consider the following five key limitations.

3 Major Benefits of Log Management

Posted by Security Steve on Nov 8, 2016


Log management tools companies better track and understand their data.

Each day IT equipment, servers, firewalls, and other hardware and software systems collect and store information in the form of logs. These logs are vast, and always contain a wealth of data that companies can use to analyze everything from how efficiently they are running their businesses to the state of their IT security.

 

While this information is critical, there's only one problem: It's often hard to decipher because, quite simply, there's just too darn much of it.

That's where log management tools come into play. Here are three major benefits of these tools:

Best Practices: Security Monitoring for Credit Unions

Posted by Kevin Landt on Sep 22, 2016


Credit unions must always be on the lookout for potential breaches.

The threat from cybercriminals is real, and credit unions must be on the constant lookout for potential breaches. These institutions are very vulnerable to cyber attacks because of their smaller size, and don't always have the IT infrastructure and resources to thwart cyber attacks like their larger counterparts, according to a new 2016 Beazley Breach Response Insights report.

 

"You're being tested every day, whether you realize it or not," said David Luchtel, Vice President of IT Infrastructure and Operations at WSECU, according to Credit Union Times.

EiQ Leverages the Latest Cloud Technology to Lower TCO and Drive Faster Time to Value

Posted by Security Steve on Sep 21, 2016

 

We’ve written recently about the importance of moving your IT security to the cloud and the business benefits of doing so, as well as burst some myths that surround cloud-based security. The fact of the matter is that vendors such as Amazon Web Services provide “a data center and network architecture built to meet the requirements of the most security-sensitive organizations. An advantage of the AWS cloud is that it allows customers to scale and innovate, while maintaining a secure environment. Customers pay only for the services they use, meaning that you can have the security you need, but without the upfront expenses, and at a lower cost than in an on-premises environment,” according to the company’s website.

The High Cost of Not Doing Enough for IT Security

Posted by Security Steve on Sep 7, 2016

 

When it comes to cybersecurity, companies today typically have three options:

  • Do nothing or the bare minimum, and hope that cyber attackers don’t find you.
  • Keep your current cybersecurity posture as is, without consistent updating or monitoring (and hope cyber attackers don’t find you!).
  • Consider EiQ’s hybrid security as a service to identify threats and vulnerabilities, mitigate risk, and achieve compliance. 

Let’s look at each of these options.

Is Changing Your Password Actually Making You Less Secure?

Posted by Trevan Marden on Aug 9, 2016

We’ve recently written a number of posts about the role that passwords and strong authentication methods play in security. Locking down logins and implementing access controls has long been a cornerstone of information security. Most information security professional understand the factors that make passwords strong. For a quick refresher, check out our recent post on the subject. In short, a strong password is typically very long; includes numbers, mixed case, and special characters; includes no words or discernible patterns and is definitely not your pet’s name. You should also never reuse the password or use the same password across multiple systems.

SMS Not Recommended for Two-Factor Authentication Says NIST

Posted by Trevan Marden on Jul 29, 2016

In recent years, two-factor authentication has rapidly become a standard best practice for securing accounts. One of the most common ways to implement this is through SMS messages sent to a cell phone. For example, if you enable two-factor authentication for a Google account, when you try to log in with your password from a new computer or other device, Google will send a text to your cell phone with a code you’ll need to enter on the login screen to verify that along with having the correct password, you also have physical access to the associated cell phone for the account.  That sounds good. But, recently, flaws in the SMS system have been uncovered that render this method of two-factor authentication inadvisable. In fact, the National Institute of Standards and Technology (NIST) will recommend against its use as a two-factor method.

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Popular Posts

Posts by Topic

See All