Paradigm Shift Needed for Cybersecurity: Prioritizing Detection Over Response
The field of cybersecurity is facing a critical challenge that demands a paradigm shift in how we approach security. In a recent cybersecurity article by Renee Duddly of ProPublica titled "At What Point Does Profit Trump Safety?" the need for continuous education and a change in perspective is emphasized. Currently, ... Read More
How Does File Integrity Monitoring Work?
File integrity monitoring (FIM) software remains one of the most critical elements for maintaining compliance and system resilience across various frameworks, including PCI-DSS, NIST 800-53, and HIPAA. As changes occur to critical systems and devices, it's possible to become non-compliant with PCI standards in seconds. Your organization's network is dynamic, ... Read More
Change Control and Sarbanes Oxley (SOX) Compliance: What to Know
Why is SOX important? The main reason—it’s the law. Public companies are held to a higher level of accountability under financial regulations to ensure the integrity of the data-handling processes and financial statements through annual audits ... Read More
The Comprehensive Guide to File Integrity Monitoring
File integrity monitoring is one of the most misunderstood controls in cybersecurity. It's powerful in theory, but historically plagued by poor implementation and a reputation for generating more noise than insight. This guide cuts through that history to explain what modern, Next-Gen FIM actually looks like, why it matters for ... Read More
Federal Cybersecurity Progress Report for Fiscal Year 2022
The Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency develop cybersecurity metrics – known as Federal Information Security Modernization Act (FISMA) metrics – to be used in the oversight of agencies’ information security policies and practices ... Read More
File Integrity Monitoring: Fact vs Fiction
File Integrity Monitoring (FIM) has been in practice for the better part of two and a half decades and is often associated with compliance and audits. Its use cases and value add are broad and impact Dev, Sec, and Ops (DevSecOps) if implemented correctly. Prior to 2000, IT compliance mandates ... Read More
AI vs Zero Trust
Artificial intelligence (AI) works via a set of probabilities. When an AI algorithm provides a recommendation, under the hood, the algorithm will make a determination such as "this file has been classified and has a 29% chance of being malware". What is the suitable threshold to raise concerns to the ... Read More
Threat Intelligence Feeds: What They Are and How to Use Them
Threat intelligence feeds are vital to an organization's security infrastructure. But do you know how to use them? ... Read More
SOAR vs SIEM: Benefits & Differences
SOAR and SIEM are terms that people tend to use interchangeably, but they are NOT one and the same ... Read More
