Cygilant Blog

What Happens if I Fail to Meet FFIEC Guidelines?

Posted by Andrew Igel on Dec 4, 2018

Financial institutions face approximately 85 serious cyber attacks each year. Of these attacks, one-third succeed. While this may not seem like a large number, consider that these threats put people's money at risk each time.

Threats led to the introduction of the Federal Financial Institutions Examination Council (FFIEC). The FFIEC has created security guidelines since 1979. Security risks have changed and increased since the establishment of the guidelines.

That's why the FFIEC examination handbook gets updated regularly. These updates keep up with new risks and changing technology.

3 Ways SIEM Tools Can Let You Down

Posted by Trevan Marden on Jun 1, 2018

SIEM is a valuable tool in your organization’s security program. These tools can collect and correlate data from a wide range of disparate devices to intelligently identify suspicious activity. However, without proper planning and preparation, these enterprise software purchases can quickly become shelfware. Here are a few ways traditional SIEMs can let you down:

Top 5 Things to Look For In Your Next SIEM Solution

Posted by Lydia Dwyer on Apr 25, 2018

Whether you already have a SIEM in place that’s not providing value or you’re looking for your first SIEM solution, we’ve put together a list of five things you should be sure to look for in your next SIEM solution. All too often, organizations purchase expensive SIEM technology without considering all the aspects necessary to make the SIEM deployment successful. The technology alone will end up as shelfware if you don’t have the trained staff to deploy and manage the solution, and a 24x7 SOC team to monitor and respond to potential incidents. It’s also important to integrate the SIEM into your overall security program and have a thorough plan for how you will respond to incidents. The combination of people, process, and technology are the key to a successful SIEM implementation that will help your organization reduce risk, prevent data breaches, and be compliant. Here are five things to look for in your next SIEM solution:

Making Sense of Information Security Technologies: IDS/IPS, UTM, and SIEM

Posted by Trevan Marden on Mar 25, 2018

 

If you’ve been looking into ways to improve your organization’s information security posture, you may be left wondering what is the difference between technologies such as IDS/IPS, UTM, and SIEM. Let’s look at some of the basic differences in approaches between the technologies.

Why are Cybersecurity Programs Thankful for SIEM and Patch Management?

Posted by Security Steve on Nov 27, 2017

As you are coming back from the Thanksgiving weekend and looking forward to the holiday season with friends and family we wanted to take a moment to explain what we are thankful for at Cygilant. 

As many know, security information and event management (SIEM); the part of a cybersecurity program that analyzes real-time events and alerts triggered by software or devices has been around quite some time.  At Cygilant we have spent over a decade building a platform for analyzing SIEM data.  It was not an easy task. As many in the security industry know, working with SIEM data is no small undertaking. So, to say we are very thankful for vendors and technologists that continue to develop and support SIEM is an understatement.

Hidden Costs to Building a Security and Compliance Practice

Posted by Robert Porzio on Aug 25, 2016

Today’s already vast cyber threat landscape is growing rapidly. Developments in the state of business, commerce, and big data have caused security and compliance challenges—historically concerns for large enterprises—to apply to the small and mid-market. What’s more, data breaches have a growing business impact, as 60 percent of SMBs fail within 6 months of a data breach. This is causing security spending, fueled by the SMB market, to rise to a projected $81 billion just this year.

Stop Procrastinating: Why Executives Need to Prioritize Cybersecurity

Posted by Shawn O'Brien on Mar 10, 2016

 

In spite of the headline-making hacks of Sony, Anthem, and many other organizations, many business executives still haven’t prioritized cybersecurity as a top concern. A 2015 NTT Com Security survey showed that half of its participants were not prepared for a cyber attack. Yet hacks are becoming more frequent, and hackers are taking more creative approaches and finding more opportunities to strike. Executives that neglect cybersecurity place their companies at greater risk of a data breach.

How to Bolster Your IT Security Program

Posted by Security Steve on Feb 23, 2016

With today’s elevated security threat level and related economic impact, it makes sense to do everything you can to secure your organization’s servers, desktops, and devices. How do you keep the bad guys out while securing and enabling day-to-day business? Many companies use SIEM tools for threat detection, compliance, and asset protection. I’d like to suggest a couple of additional layers of security.

 

An effective security program is a balance of people, process, and technology. When evaluating an IT security monitoring solution, it is important to consider each of these areas in the decision-making process. Your organization also needs to determine which areas should be handled internally and which should be co-managed with a trusted partner. Let’s take a look at each:

 

You Don’t Have to Go it Alone

Posted by Security Steve on Feb 3, 2016

There are a lot of things in life we do alone, but if you are like most people, chances are you prefer the company of others, particularly when it comes to doing something that is difficult. It’s often through others that we get the help and guidance we need. For example, we look to Accountants this time of year to help us with the preparation of our taxes. So who is helping you with all of your IT security needs? When you think about everything you need to do, it’s clear that you really need to rely on other people. Let’s consider your to-do list for a minute:

The Most Alarming Assumptions About Network Security

Posted by Shawn O'Brien on Jan 15, 2016

 

Many small- to medium-sized enterprises haven’t given enough attention to network security monitoring of their cyber defenses. But not properly surveying an organization's network for threats can lead to dangerous results. Here are three of the biggest misunderstandings about network security monitoring.

Assumption #1: Endpoint Security Is Enough

It’s a common assumption that if the network entry points made by individual devices—employee laptops, warehouse processing terminals—are secure, then nothing else needs to be done. Familiarity with common endpoint security such as anti-virus scanners and anti-spyware programs breeds a false sense of security. Simply because individual devices are secure does not mean the overall network is safe from cyber threats.

 

Most Recent Posts

Subscribe to Email Updates