Seclore’s Post

It is incredible how technology is changing, and how configurations are becoming simpler by the day, or at least they seem to be.  With identity threats are about 80% of today’s attacks, we need to equip ourselves with the right technology. However, a technology-centric implementation can disrupt business operations significantly. It's essential to reflect on: - How do people within the organization interact with business processes? - How does technology enable these business processes? - What business risks does my organization face today? - How can I identify my security baseline? Answering these questions is crucial before enabling any security controls, as this can not only cause disturbances but also overwhelm the security and SOC teams with lots of false positives. Curious to know more? Download this whitepaper about ITDR(https://lnkd.in/eqHHUGXW), which covers some guidelines on implementing ITDR in your organization. Priya K. Milan Schwartz Dimitris Mandilaras (Dr) Rogério Rondini Ivo Van Bennekom Mark de Wit #microsoft #conditionalaccess #entraid #iam #itdr #zerotrust #identitysecurity #cyberdefense

Today, many organizations and businesses have the data breach rightfully as the top risk, after many years of investment worth millions of dollars. The CEOs should ask what return their investment has brought for them. Not much obviously, or the data breach wouldn’t still be on everyone’s mind when it comes to the risks running a business. They should have a candid conversation with their CISOs about not repeating doing the same thing and expecting a different outcome and starting looking for better alternatives. Who could have a better answer to the question of securing data than the NSA which has eyes and ears on every corner of the Internet? And NSA’s answer is a data-centric security solution that secures every data by itself, not depending on the security of the device that stores the data. Talk to us about UDS that was presented to the security experts in CISA, the only data-centric solution that can secure your data even when other measures have failed, which happens to many organizations as you read this post. https://lnkd.in/ghmFQ7xd

The global impact of the flubbed CrowdStrike update and ensuing Microsoft outage was a global wakeup call for European and U.S. cybersecurity leaders. The topic took center stage here at the Black Hat USA 2024 opening keynote. Open questions included: How could a single vendor trigger such massive global disruptions, what does this portend for vital systems of democracy such as elections and how can the cybersecurity community ensure it doesn’t happen again? “Sadly, it was an interesting lesson for the bad guys. [They learned] It was one mechanism that started the entire process,” said Hans de Vries, COO of the European Union Agency for Cybersecurity, commenting on the CrowdStrike bungled software update. “The impact was enormous. We have to be prepared for more of these types of cases. From a threat analyzing perspective, to supply chain attacks, and the multifaceted cooperation need to address these issues are really the biggest issues to address in the coming years,” he said. Joining de Vries on stage was Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency and Felicity Oswald OBE, CEO of U.K.’s National Cyber Security Centre. Easterly warned there has been a lot of “irresponsible noise on the CrowdStrike incident” however the gravity of the outage can’t be ignored. She outlined her three top takeaways from the CrowdStrike outage. “It just it just reinforced what [CISA] has been saying about the importance of technology vendors, developing, designing, testing and deploying software that is secure by design,” she said. https://lnkd.in/gNMZ9cag

Today, many organizations and businesses have the data breach rightfully as the top risk, after many years of investment worth millions of dollars. The CEOs should ask what return their investment has brought for them. Not much obviously, or the data breach wouldn’t still be on everyone’s mind when it comes to the risks running a business. They should have a candid conversation with their CISOs about not repeating doing the same thing and expecting a different outcome and starting looking for better alternatives. Who could have a better answer to the question of securing data than the NSA which has eyes and ears on every corner of the Internet? And NSA’s answer is a data-centric security solution that secures every data by itself, not depending on the security of the device that stores the data. Talk to us about UDS that was presented to the security experts in CISA, the only data-centric solution that can secure your data even when other measures have failed, which happens to many organizations as you read this post. https://lnkd.in/gFyWhcBa

Read Part 2 of Aileen Kara Hudspeth's three-part Symantec Enterprise Blogs/Product Insights series on ZTNA. In Part 2, Aileen sheds more context on ZTNA in the security space. Read here: https://lnkd.in/e7qw-hBh Want to learn more about how ZTNA can strengthen protection for your organization? Reach out! As always, Braxton-Grant Technologies, Inc. is here to assist! 📧: info@braxtongrant.com #BraxtonGrant #KnowAKnight #KnowSuccess #KnowTheWayShowTheWay #ZTNAIsNotAUnicorn #BreakingDownChallenges #MakingSecurePossible #ZTNASecureSuccess

𝑹𝒊𝒈𝒉𝒕 𝒐𝒖𝒕 𝒐𝒇 𝒕𝒉𝒆𝒊𝒓 𝒐𝒘𝒏 𝒅𝒐𝒄𝒖𝒎𝒆𝒏𝒕. "𝗭𝗲𝗿𝗼 𝗧𝗿𝘂𝘀𝘁 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗜𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁𝗮𝘁𝗶𝗼𝗻 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝘆" "Like the rest of the Federal government, the Department of Homeland Security (DHS) has been implementing zero trust mandates for years. DHS leadership established a Zero Trust Action Group, and later a Zero Trust Integrated Product Team, incorporating technical leadership from across the Department—and together, these teams have made impressive progress. Notable achievements in the first several years of DHS’ zero trust journey include establishing a cloud security gateway now used by most of the Department in lieu of virtual private networks, implementing multi-factor authentication and data encryption in-transit and at-rest across almost all DHS systems, and integrating identity and device management solutions that are essential for further zero trust implementation efforts." Steven Alexander observes: "𝗜𝗳 𝘁𝗵𝗶𝘀 𝘄𝗮𝘀 𝐞𝐧𝐭𝐢𝐫𝐞𝐥𝐲 𝘁𝗿𝘂𝗲, 𝘄𝗲 𝘄𝗼𝘂𝗹𝗱 𝗻𝗼𝘁 𝗵𝗮𝘃𝗲 𝗼𝗽𝗲𝗻 𝗯𝗼𝗿𝗱𝗲𝗿𝘀 𝗮𝗹𝗹𝗼𝘄𝗶𝗻𝗴 𝗹𝗶𝘁𝗲𝗿𝗮𝗹𝗹𝘆 𝗮𝗻𝘆𝗼𝗻𝗲 𝗶𝗻 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝘀𝗼𝗺𝗲 𝘁𝘆𝗽𝗲 𝗼𝗳 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘀𝗰𝗿𝗲𝗲𝗻𝗶𝗻𝗴. 𝗭𝗲𝗿𝗼 𝗧𝗿𝘂𝘀𝘁 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗶𝘀 𝗻𝗼𝘁 𝗮𝗻𝗱 𝘀𝗵𝗼𝘂𝗹𝗱 𝗻𝗼𝘁 𝗯𝗲 𝗹𝗶𝗺𝗶𝘁𝗲𝗱 𝘁𝗼 𝗱𝗼𝗰𝘂𝗺𝗲𝗻𝘁 𝗼𝗿 𝗶𝗻𝘁𝗲𝗿𝗻𝗲𝘁𝘄𝗼𝗿𝗸 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆. 𝗜𝘁'𝘀 𝗻𝗼𝘁 𝗮 𝗽𝗼𝗽𝘂𝗹𝗮𝗿 𝘃𝗶𝗲𝘄𝗽𝗼𝗶𝗻𝘁, 𝗜 𝗮𝗺 𝗰𝗲𝗿𝘁𝗮𝗶𝗻. 𝗧𝗵𝗲 '𝗭𝗲𝗿𝗼 𝗧𝗿𝘂𝘀𝘁' 𝗽𝗵𝗶𝗹𝗼𝘀𝗼𝗽𝗵𝘆 𝗴𝗮𝗶𝗻𝗲𝗱 𝘄𝗶𝗱𝗲𝘀𝗽𝗿𝗲𝗮𝗱 𝗺𝗼𝗺𝗲𝗻𝘁𝘂𝗺 𝗮𝗻𝗱 𝘄𝗮𝘀 𝗴𝗹𝗼𝗯𝗮𝗹𝗹𝘆 𝗶𝗻𝗶𝘁𝗶𝗮𝘁𝗲𝗱 𝘄𝗵𝗲𝗻 𝗶𝘁 𝗯𝗲𝗰𝗮𝗺𝗲 𝗼𝗯𝘃𝗶𝗼𝘂𝘀 𝘁𝗵𝗲 𝘁𝗵𝗿𝗲𝗮𝘁𝘀 𝘁𝗵𝗮𝘁 𝘄𝗶𝗹𝗹 𝗯𝗲 𝗮𝗻𝗱 𝗮𝗿𝗲 𝗽𝗼𝘀𝗲𝗱 𝗯𝘆 𝗔𝗿𝘁𝗶𝗳𝗶𝗰𝗶𝗮𝗹 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲."

Recent CrowdStrike Outage: A Wake-Up Call for Cybersecurity  Last Friday, a faulty software update from CrowdStrike caused a global outage affecting nearly 8.5 million Microsoft devices, disrupting businesses and services worldwide. While the incident only impacted less than 1% of all Microsoft-enabled systems, the aftermath has been significant, with widespread cancellations in air travel, disruptions to banking institutions, and critical impacts on essential emergency services like hospitals and 911 dispatch teams. The root cause of the issue was a defective content update for Windows hosts, which triggered an infinite boot cycle, leaving systems unable to boot correctly. Fortunately, CrowdStrike has identified and isolated the problem, and a fix has been deployed. However, the incident highlights our reliance on an interconnected ecosystem of technology and services. It's a reminder that even a small issue can have far-reaching consequences, and it's crucial for businesses to have robust incident response plans in place. If you're experiencing cybersecurity issues or an incident, don't hesitate to reach out to X-Force for help. Our team of experts is dedicated to providing incident response, threat intelligence, and offensive security services to help you navigate complex cybersecurity challenges. Let's use this incident as an opportunity to review our cybersecurity strategies and ensure we're prepared for the unexpected. Read the full article to learn more about the CrowdStrike outage and its aftermath. Learn more about this topic under the following Link: https://ibm.biz/BdKMT5 #Cybersecurity #AI #SecurityNewsletter IBM, @IBMSecurity Yaşar Yüzer Marc Albrecht Marcus Schmid Jake Paulson

Zero Trust Security may seem like a complex concept, but our guide breaks it down into easy-to-understand terms. Read it now and take the first step towards a more secure future.

🔒 Breaking IT News! 🛡️ 💸 Ever feel like you're guarding Fort Knox with a slingshot and a handful of pebbles? Well, welcome to the life of state CISOs in the U.S.! Facing the same old story - too much to do, too little to do it with. 💸 🌟 Prediction Time: In the ongoing battle between cyber warriors and digital thugs, who will prevail? My money's on... well, neither, with these budget constraints! 🤷♂️ 💼 Private sector, public sector - flip a coin, it's all the same struggle! But hey, who needs sleep when you've got firewalls to tend to, am I right? 😴 🛡️ So, what's the lesson here, tech aficionados? Cybersecurity isn't a sprint, it's a marathon with hurdles made of red tape and caution tape. Keep those security protocols tight, and never let your guard down! 💪 🧠 Let's brainstorm solutions, folks! How can state CISOs flex their cybersecurity muscles with limited resources? 💡 Drop your genius ideas below! #ainews #automatorsolutions #CyberSecurityStruggles #StateCISOs #BudgetBattles 💻🔐🔥 #CyberSecurityAINews ----- Original Publish Date: 2024-09-30 14:11

Increased availability of logging information is a significant advantage. However, resilience goes beyond just capturing the system logs. Processes for analysis and review are a crucial part of a #strategy for detecting and mitigating #security threats posed by malicious actors. Analyzing log #data allows organizations to identify patterns, anomalies, and unauthorized access attempts, enabling proactive measures to be taken to prevent potential breaches. These processes can be time and resource intensive. LogicMonitor can simplify these efforts, aggregating, normalizing, and reporting, allowing operators and practitioners to make decisions quickly when time is critical in incident response. Additionally, the integrity of log data must be ensured, organizations such as Tributech, specializing in data #notarization provide these mechanisms safeguarding the authenticity of log information, improving incident response procedures and effectiveness when events occur. #cybersecurity #technology #riskmanagement #informationsecurity #incidentresponse