It’s important to remember that MDR providers can only detect and respond to what they can see. For uncovered
layers of the attack surface, security teams must have the people, process and technology to monitor, detect and
respond to advanced and evasive threats. The critical decisions you must address are:
In 2021, eSentire’s Threat Response Unit (TRU) detected and responded to a significant increase in zero-day exploit activity in client environments. This included defending against Solarigate, ProxyLogon, ProxyShell, and most recently, preventing further compromise of client environments that had been targeted...
This white paper provides research-backed threat insights from eSentire’s Threat Response Unit (TRU) on the top tactics and techniques adversaries are using against our customers’ cloud environments.
Download this report and learn:
Why misconfigurations are the top threat to cloud infrastructure;
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
In 2021, there were 1,862 data compromises - a 68% increase over 2020, according to the Identity Theft Resource Center's Annual Data Breach Report. "In this past year, there were more cyberattack-related data breaches than there were all forms of data breaches in 2020," says ITRC COO James E. Lee.
Microsoft researchers tracking Apache Log4j exploits last week discovered a previously undisclosed vulnerability in SolarWinds' Serv-U software. SolarWinds subsequently responded, investigated and fixed the flaw. Some observers described the new vulnerability as "surprising" and "disturbing."
Today’s world of work is difficult to define. Where and how work happens has fundamentally changed, and permanent hybrid working will inevitably strain an organization’s ability to detect cyber threats, especially as the trusted perimeter stretches to include remote workers.
The 2021 Global Workplace Report...
Among the simplest things that vendors can do to help improve the cybersecurity of their products is providing better transparency, especially regarding the third-party components contained in their technology, says Rob Suárez, CISO of medical device maker Becton Dickinson.
Mozilla has released its latest Firefox browser version 96 with a host of new features and improvements for both desktop and mobile browsing. Mozilla has also fixed 18 security vulnerabilities, including 9 high-severity issues and 9 other medium- or low-severity flaws.
It is time to get on the serverless train. Forrester predicts that 25% of developers will be using serverless technologies by next year. But legacy application security testing (AST) tools cannot scale to support serverless applications—failing to address the speed and accuracy they demand. Read this white paper to...
Attackers wielding Night Sky ransomware are among the latest groups that have been attempting to exploit critical vulnerabilities in widely used Apache Log4j software. Microsoft says that among other attacks, a China-based ransomware operator has been exploiting Log4j flaws in VMware Horizon.
Third-party risk management is a key priority among businesses today. Risk leaders are being forced to quickly adjust to an evolving risk landscape and a growing number of vendors. As a result, companies need an efficient way to handle their vendor management process.
What are best-in-class organizations doing today...