Why is asset deduplication a hard problem?
“If you cannot count it, you cannot manage it.” – Every CISO and CIO ever Asset deduplication is a crucial challenge in exposure management (and CAASM). In today’s complex IT environments, effective management of vulnerabilities and other findings relies on accurate asset inventories to understand and mitigate potential risks. Assets ... Read More
4th generation vulnerability prioritization: what is the buzz all about?
In the rapidly evolving world of cybersecurity, staying ahead of threats requires more than just reactive measures—it demands foresight and precision. Enter the 4th generation of vulnerability prioritization, a paradigm shift that’s redefining how organizations approach their exposure management strategies. But what exactly is this new wave of prioritization, and ... Read More
Post DBIR 2024: 7 Ways to Reduce Your Cyber Risk
The Verizon DBIR is the most anticipated annual report on data breaches with many incredible insights, and this year is no exception. The most surprising finding is the rapid explosion in vulnerability exploitation, which now constitutes one of the most critical paths to initiating breaches. Balbix is a data contributor ... Read More
Measure what matters: Why MTTR is an incomplete cybersecurity metric? And what can you do about it?
“The line between disorder and order lies in logistics …” Sun Tzu “The line between disorder and order lies in data driven analytics …” modern cybersecurity One of the most important weapons of Alexander the Great was analytics and logistics. He gathered intelligence on the enemy’s weapons, supply sources, ... Read More
Hunting for Log4j Vulnerabilities: A Fortune 100 Case Study
Finding Log4j Instances in Runtime and Tracking Completed Remediation at a Fortune 100 Company Time is a funny thing. It’s hard to believe that it’s already been just over a month since Log4Shell, a zero-day vulnerability in the Java logging tool Log4j, was publicly disclosed on December 9th, 2021. The ... Read More
Broad Exposure to Log4shell CVE-2021-44228 Highlights How the Attack Surface Has Exploded
The critical vulnerability CVE-2021-44228 was found in the Java logging library Log4j versions 2.0 to 2.14.1. An exploit known as “Log4shell” was publicly disclosed on December 9th and is being actively exploited in the wild. It is highly recommended this flaw be patched as soon as possible. In the first ... Read More
Spotlight on the Balbix 2021 Internship Program
Summer is one of the most anticipated times of the year at Balbix. It’s not because the days get longer, or because general relaxation sets in after the frenetic pace of the beginning of the year. It’s because every year, we sift through hundreds of resumes, interview dozens of smart ... Read More
Invisible Battles and Hidden Figures
If you are in the cybersecurity business like me, these last few days have felt surreal. The SolarWinds hack is akin to waking up one day and discovering that your home alarm system was compromised 9 months ago, and burglars have been in and out of your home without you ... Read More
Invisible Battles and Hidden Figures
If you are in the cybersecurity business like me, these last few days have felt surreal. The SolarWinds hack is akin to waking up one day and discovering that your home alarm system was compromised 9 months ago, and burglars have been in and out of your home without you ... Read More
Managing a Remote Workforce During COVID-19
COVID-19 has forced a rapid shift from office life to a fully remote work culture and increased reliance on digital infrastructure. Accompanying this shift is a 667% increase in coronavirus-related cyberattacks since the end of February, ranging from business email compromises to scams and brand impersonation. Additionally, the FBI Internet ... Read More
