Cloud Data Protection: Six Critical Challenges To Tackle
Data Loss Prevention (DLP) is the first term that comes to mind for most when thinking about data protection, but DLP is really just one piece of a broader cloud data protection strategy. DLP must build on a solid foundation of comprehensive visibility, a solid security posture, and a minimized ... Read More
Cloud-to-Internet Communications: Six Key Challenges
Cloud workloads need access to the internet for a variety of reasons, and opening that access introduces risk. While your workloads (hopefully) don’t have web browsers installed from which users are browsing suspicious websites, legitimate access might mean API connectivity to a third-party service, software update services, and more. While ... Read More
Applying Zero Trust to Cloud Workloads
Over the last few years, zero trust has achieved widespread acceptance and adoption, and rightly so. The zero trust security model significantly reduces risk by minimizing the enterprise attack surface and limiting the ability for bad actors to move laterally within a network. With zero trust, organizations move from a ... Read More
The Four Critical Protection Points in your Cloud Attack Surface
Your attack surface represents all of the different ways that an attacker can gain access to sensitive data and compromise applications that your organization is trying to protect. There are hundreds of different attack vectors that an attacker can leverage to gain access to an organization—everything from compromised credentials and ... Read More
Seven Reasons Why Your Cloud Security is a Mess
The term “viral” is most commonly associated with consumer-related content, apps, etc., that rapidly grow in popularity as they spread from one person to the next. But pioneering enterprise software companies have also been able to leverage virality to achieve high growth. One of the earliest successful examples was when ... Read More
Simplifying and Automating Cloud Workload Protection
As enterprises migrate from legacy data centers to the cloud, agility and speed often come at the expense of security. This doesn’t mean that the cloud is inherently insecure, however. In fact, Gartner has predicted that by 2023, 99 percent of cloud security incidents will be the enterprise’s own fault ... Read More
3 Years Later: The Equifax Breach
On September 7, 2017, Equifax issued a breach notification. What was breached? Personal records for a staggering 145 million Americans, including Social Security Numbers, birth dates, addresses, and more. Before the end of the month, Equifax’s CEO, CIO and CSO had all left the company. Eventually, the company would pay ... Read More
You’re Going to Want to Patch CVE-2020-1472 (Zerologon) ASAP
CVE-2020-1472, aka “Zerologon,” is making the news this week as a particularly troubling vulnerability. So troubling, in fact, that the US Department of Homeland Security has issued a directive that all Federal Agencies must have patched their Windows Servers by Monday, September 21, 2020, because it is a “vulnerability [that] ... Read More
How to Quickly Identify and Mitigate New and Changing Cyber Risks
Our customers often mention when we first meet that “we want to get away from days of delay that go by between a request for risk info and the response, and then action to mitigate the risk.” A series of events happened during the most recent Patch Tuesday at one ... Read More
The 20 Most Severe CVEs in Microsoft’s September 2020 Patch Tuesday Update
Fresh off the three day Labor Day weekend, many of you are dealing with the September 2020 release of Microsoft’s monthly Patch Tuesday updates. There are 129 updates in this month’s roll-up, a slight increase over the 120 released in August. Of those, 32 CVEs can be executed by attackers ... Read More