One Does Not Simply Hack APIs… Actually, One Probably Does
Geek Alert Before you read further into this first blog post of my two-part series, be warned that I am about to make analogies comparing Web API security to the epic fantasy trilogy The Lord of the Rings by J.R.R. Tolkien. Yes, I am unapologetically going full geek in this short series. One ...
Continue ReadingSolarWinds Sunburst
Background If you work in Information Security, Technology, or even if you are just a person who stays up to date with recent news headlines, you probably already know about the “Sunburst” hacking fiasco that came to light at the end of December 2020. I use the term “fiasco” ...
Continue ReadingImplementing a Risk-Based Vulnerability Management Strategy
Effective cybersecurity is a continuous process. There is no such thing as absolute or perfect security—but even if you could achieve it, it would be fleeting. New vulnerabilities are discovered, and new exploits and attack techniques are developed every day. Just because you were secure ...
Continue ReadingDefining a Solid Vulnerability Management Strategy
There is no such thing as perfect code. Vulnerabilities are a fact of life. Applications contain mistakes, and flaws, and bugs—no matter how small—and attackers work around the clock to find exploits to take advantage of those flaws, gain access to your networks and applications, and compromise ...
Continue ReadingFinding the FireEye Breach IOCs with Data Analytics
The last thing we need to hear about is another big breach, but here we are. Our friends at FireEye were attacked recently. From what I have seen so far, it sounds like this was a nation-state level attack and all the attackers got for their effort was some tools. If an organization is ...
Continue ReadingData Protection Series Wrap-Up
Hello and welcome back to our Data Protection blog. Thanks to the complexity of the topic, we’re adding a bonus fourth installment/wrap-up and really wanted to get it posted before everyone gets too wrapped-up in holiday shopping and gifts. So, grab a nice mug of hot cocoa (hopefully with ...
Continue ReadingGraphing Modem Data for Fun: Part 6
I started the work on this series three months ago, which seems like both a very long time ago, and not very long ago at all. This blog series started out with a very simple use case. Can we use Grafana and InfluxDB to visualize metric data from an application? I was going to write a single ...
Continue ReadingCommon Challenges of Data Protection Programs
Hello and welcome back to the third installment of our Data Protection blog series. So far, in part one we took a high-level view of the topic, then in part two we dug into the five pillars of an effective program. Now that we understand the topic and the pieces that make it up, it’s time to ...
Continue ReadingWhat Is Vulnerability Management?
Every application, every system, and—by extension—every organization has vulnerabilities. These flaws and weaknesses expose the organization to risk and can be exploited by attackers. Vulnerability scanning or assessment can identify issues, but you need a more comprehensive solution that ...
Continue ReadingGraphing Modem Data for Fun: Part 5
Hi there! Welcome to part 5 of the series where I explore my cable modem data with different data analytics platforms and see what happens. In my previous posts I have built a dashboard for my cable modem data using tools that I was not familiar with. This post is going to be different. The ...
Continue Reading