Ransomware Damage Claims Driving Insurance Hikes - Security Weekly
The costs of cyber insurance policies are rising exponentially while underwriters are tightening the rules around who qualifies for cyber insurance, and at the same time, insurer capacity is constricting dramatically. The numbers are all over the place, but the latest statistics from the Council of Insurance Agents and Brokers reported a 25.5% increase in […]
Applying Math to Solve Risk-Based Vulnerability Management - Security Weekly
The terms machine learning (ML) and artificial intelligence (AI) are way overused terms in our industry. Every vendor seems to have the latest and greatest ML/AI solution to solve your security problem. But when you really dig into the math, there are mathematical models that can actually help us. So why don’t we focus on […]
Phishing: The Gift that Keeps on Giving - Security Weekly
When we talk about legacy security challenges and solutions, we can’t forget about our old friends email and phishing. Phishing has been around for over 20 years and is still one of the most effect attack paths to steal credential, exploit endpoints, and deploy malware. After 20 years, you’d think we could find effective solutions […]
Sysmon Endpoint Monitoring: Do You Really Need an EDR? - Security Weekly
The endpoint market has been hot for years. At one point, there were over 80 new endpoint vendors trying to displace the traditional anti-virus vendors. The endpoint security market was transitioning from endpoint protection to endpoint detection and response (EDR). EDR is all the rage, but do you really need one? While the endpoint market […]
Phishing and Vishing Protection for Remote Workers - Security Weekly
Phishing is everywhere. Couple that with a new remote workforce, video conferencing, and corporate messaging, now phishing and vishing are everywhere. Why? There are many reasons, including: Increased use of personal computers and phones to conduct our work remotely Increase in phishing emails targeting remote workers Increase in vishing calls to our personal phones targeting […]
Zero Trust Data Security - Security Weekly
In the world of cybersecurity, we talk about a lot of capabilities and tools. But if we think about what the hackers want, it’s our data. Why do we focus so much time and effort on the network and endpoint, but not the data? I get it, data security is hard (or at least it […]
Securing, Monitoring, and Remediating Immutable Infrastructure - Security Weekly
We’ve all heard the term Immutable Infrastructure, especially with cloud deployments, but what does it really mean? What are the security and compliance impacts of Immutable Infrastructure? Let’s start with a quick overview of Immutable Infrastructure. Simply defined, Immutable Infrastructure means that the state of networks, servers, applications, etc. are not subjected to change in […]
How Penetration Testing Tools Validate Vulnerability Scanner Results - The post How Penetration Testing Tools Validate Vulnerability Scanner Results appeared first on Secu... more:
http://feedproxy.google.com/~r/securityweekly/XBIC/~3/ORSGELV37JI/ #vulnerabilitymanagement #penetrationtesting #exploitprevention #patchmanagement #emailsecurity #articlesHow Penetration Testing Tools Validate Vulnerability Scanner Results - Security Weekly
(This post provides an overview of vulnerability assessment and penetration testing activities. For a deeper dive into advanced penetration testing techniques and the latest security research tune-in to Paul’s Security Weekly.) Over the decades, many have inaccurately described vulnerability assessments as penetration tests. What is the difference between a vulnerability assessment and a penetration test? …
Audio Security - PSW #620 - Security Weekly
Audio Security
Bugs, Breaches, & More - ASW #75 - Security Weekly
Bugs, Breaches, & More
ITSEC News