Request a Demo
Welcome to the Cygilant Blog

SOCVue Patch Management for Windows Patch Management

Posted by Miguel De Los Santos on May 21, 2018

Software patches provide a critical role beyond providing reminders to end users. Their purpose is to fix bugs and vulnerabilities that are present and to create a safer, more secure computing environment. Applying these patches is critical for organizations to reduce the risk of data breaches or compromise; however, due to the sheer number of patches or vulnerabilities that are found, it is often difficult for organizations with even moderately complex environments to perform this function.

3 Ways Integrating Vulnerability and Patch Management Helps Protect Data

Posted by Trevan Marden on May 11, 2018

So often the cause of the major breaches we see in the news is failure by the organization to patch a software vulnerability for which a patch has long been available. Hackers know organizations often lag months or longer on installing available patches and they take advantage of these gaps in your security to gain access and cause harm. Oftentimes this lag is because the organizations do not have the time, resources, or technology needed to effectively identify vulnerabilities and implement the necessary remediation.

What Are The Vulnerability Scan Requirements for PCI?

Posted by Miguel De Los Santos on Apr 16, 2018

In this blog post, we will cover the vulnerability scan requirements for Payment Card Industry Data Security Standard (PCI DSS). The adoption of these requirements helps ensure that your environment is not only compliant with PCI regulations, but also meets best security practices. This vulnerability data can also help provide a deeper understanding of your environment and where time and attention needs to be spent.

You Have a Vulnerability Scanner. Now What?

Posted by Trevan Marden on Mar 30, 2018

One of the best ways to reduce risk quickly is to identify and remediate vulnerabilities across your network devices. And a vulnerability scanner can be a terrific way to seek out vulnerabilities lurking in your infrastructure. But how do you create a plan to scan your network devices regularly as new vulnerabilities continue to emerge, and what do you do with the scan results? A vulnerability scanner can be a great tool when you take the time to use it to its fullest. But all too often this type of software goes unused or underused because time isn’t easy to come by in most security organizations. 

Your Servers Have Been Memcached

Posted by Michael Napolitano and Jacob Cardinal on Mar 19, 2018

If you’ve been paying attention to cybersecurity, it’s very likely you’ve seen news regarding Github’s survival of the largest DDOS attack recorded in history. Clocking in at 1.3 TBPS (terabytes per second) it’s impressive that their network didn’t tank. This is in part due to the services of Akamai who was able to successfully proxy and scrub the network traffic.

Vulnerability and Patch Management Remains a Key Step in Cyber Defense

Posted by Trevan Marden on Feb 23, 2018

With the Center for Internet Security (CIS) set to launch version 7 of the CIS Controls (formerly the SANS Critical Security Controls) this March 19th, it’s a great time to review your cybersecurity posture and make sure you’re keeping pace.  The latest update is expected to make minor changes that reflect the changing security landscape. While prioritization of the controls may change, it’s unlikely that many of the core controls will change substantively.

New Vulnerability Announced. Now What?

Posted by Miguel De Los Santos on Feb 14, 2018

Imagine this scenario: It's Monday morning. As far as Mondays go, this looks to be a relatively light day. No changes were made over the weekend, so you do not anticipate any fires to put out. All you have to focus on are a couple meetings later this morning. Before those meetings begin, you check your favorite tech outlet (we recommend Cygilant Daily Security Briefing),  and realize that a major vendor has announced a critical vulnerability. This vulnerability could potentially be on every node across your network. One executive finds out about this issue shortly after. He or she now needs to know where the company stands.

Poor Security POSture

Posted by John Linkous on Feb 13, 2017

It’s been a busy week for information security in the retail and hospitality sector.  Earlier last week, InterContinental Hotels Group (IHG) acknowledged a credit card data breach that impacted more than a dozen properties across their hotel brands spanning the United States and the Caribbean.  Similarly, fast food chain Arby’s disclosed on Friday that it had recently remediated a breach of data on up to 1,000 of their corporate-owned locations.

What are the Most Common IT Security Vulnerabilities?

Posted by Vijay Basani on Nov 3, 2016


Companies must be prepared for even the most common IT security breaches.

Businesses must take IT security seriously because their financial future depends on it. IT security is a broad topic that covers a range of different fields.

Here we'll discuss common vulnerabilities and why companies must ensure their operational systems are well-protected from cybercriminals.

 

"Interjection vulnerabilities are one of the most common and oldest web application vulnerabilities."

1. Injection vulnerabilities

Interjection vulnerabilities, such as cross-site scripting and CRLF injection, are one of the most common and oldest web application vulnerabilities because it's easy for cybercriminals to access and affect (or infect) them.

NASA Struggles Highlight Importance of Identifying and Remediating Vulnerabilities

Posted by Trevan Marden on Sep 6, 2016

Last week, it was reported by SiliconBeat that NASA’s CIO, Renee Wynn, had allowed an Authority to Operate (ATO) for a key network to expire because the network in question had over 15,000 critical vulnerabilities that had not been properly patched. The move was apparently intended to hold the contractor in charge of maintenance of the devices accountable for their contractual obligations by bringing visibility to the situation.

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Popular Posts

Posts by Topic

See All