Read on for insights on emerging industry trends, the latest cybersecurity intelligence, and how to drive down total risk.
Preventing cyber attacks is impossible. Until it’s not.
Risk hunting goes beyond traditional cybersecurity defenses and threat hunting to proactively evaluate business and technical risk across business systems, prioritize protective actions, and close attack paths before they are exploited.
Learn how this dynamic, real-time component of a continuous exposure management approach addresses critical risk for companies of all sizes – in our Risk Hunting white paper.
Cybersecurity is overflowing with acronyms, jargon, and buzzwords. It is not surprising – an industry as new, diverse, and fast-moving as cybersecurity fuels an evolving lexicon.
But in the process, terminology can become confusing or unclear. Managed Detection and Response (MDR) and Extended Detection and Response (XDR) are good examples of terms that, though similar, are not interchangeable and vary in definition and outcome. If we don’t understand and use terms the same way, how can we ever coordinate effective protection?
Cybersecurity has long been on the menu of managed service providers (MSPs). But as protecting IT assets grew into one of the most complicated and consequential risks facing modern businesses, what MSPs could offer wasn’t enough in many cases. Managed service providers focused specifically on cybersecurity (MSSPs) emerged as a result, promising to make their client’s digital defenses both manageable and formidable.
Beneficial as outsourcing security responsibilities to MSSPs may be, the depth, breadth, and quality of service offerings vary considerably, from providers that “bolt on” a service or two all the way up to completely outsourced security.
Last week, OpenSSL.org announced a November 1, 2022 release of OpenSSL version 3.0.7. At the time of initial announcement, the only information provided was that it was a security-fix release that would address an undisclosed “critical” security vulnerability that affects OpenSSL versions 3.0.x. The message, while brief, was clear – this was an urgent fix. OpenSSL is one of the most prominent open-source cryptographic libraries in the world. It is used in applications, operating systems, and websites for secure communications, so this vulnerability has the potential to affect nearly every organization. As an aside, this is the second “critical” security issue that OpenSSL has announced (the previous one was in 2016) since the company began publicly reporting. While little could be gleaned from the company’s original sparse announcement, with the official release now out, we can dive a bit further.
The situation in the average security team looks something like this: multiple different systems are sending off endless alarms, often to the point of overload. Each one has to be validated. And provided it’s not yet another false positive, the team must leap into action…because they’re already behind. First, they have to scramble to locate and understand the incoming threat. Then, they have to predict its path and decide how to defend against it. Only then can the real remediation effort begin – and it’s often too late to matter. No wonder so many teams get burned out, so many attacks succeed, and so much about cybersecurity feels like it’s getting worse.
The nature of cyber risk is changing. No longer synonymous with IT issues or minor disruptions, cyber attacks are a massive business risk capable of wiping millions off the balance sheet overnight. But while cyber risk is becoming more consequential, it’s becoming less manageable. Consider what happened recently at two real companies:
The first is a major automotive manufacturer. They depend on a massive, global, just-in-time supply chain. It’s a well-organized, carefully managed operation, so when everything from the Covid-19 pandemic to the war in Ukraine made supplies harder to get, they knew how to respond.
Transformation was the RSAC theme for 2022. That makes perfect sense for a cybersecurity industry reaching a massive pivot point between past and future. What makes less sense, however, is how the conversations happening at this year’s conference related to the overall theme. The desire to transform from the audience standpoint is clear, question is, can the vendors deliver?
In so many ways, the speakers and vendors pitched ideas that sound new and novel until you take a closer look – a cutting edge that proves dull upon inspection. Behind these innovative products are a lot of familiar, well-worn concepts put in a different package and billed as transformative when in fact they do little to nothing that hasn’t been done before.
Get the help you need. Contact Us for a consultation.