Measure what matters: Why MTTR is an incomplete cybersecurity metric? And what can you do about it?

“The line between disorder and order lies in logistics …” Sun Tzu   “The line between disorder and order lies in data driven analytics …” modern cybersecurity One of the most important weapons of Alexander the Great was analytics and logistics. He gathered intelligence on the enemy’s weapons, supply sources, ... Read More
Hunting for Log4j Vulnerabilities: A Fortune 100 Case Study

Hunting for Log4j Vulnerabilities: A Fortune 100 Case Study

Finding Log4j Instances in Runtime and Tracking Completed Remediation at a Fortune 100 Company Time is a funny thing. It’s hard to believe that it’s already been just over a month since Log4Shell, a zero-day vulnerability in the Java logging tool Log4j, was publicly disclosed on December 9th, 2021. The ... Read More
Broad Exposure to Log4shell CVE-2021-44228 Highlights How the Attack Surface Has Exploded

Broad Exposure to Log4shell CVE-2021-44228 Highlights How the Attack Surface Has Exploded

The critical vulnerability CVE-2021-44228 was found in the Java logging library Log4j versions 2.0 to 2.14.1. An exploit known as “Log4shell” was publicly disclosed on December 9th and is being actively exploited in the wild. It is highly recommended this flaw be patched as soon as possible. In the first ... Read More
Spotlight on the Balbix 2021 Internship Program

Spotlight on the Balbix 2021 Internship Program

Summer is one of the most anticipated times of the year at Balbix. It’s not because the days get longer, or because general relaxation sets in after the frenetic pace of the beginning of the year. It’s because every year, we sift through hundreds of resumes, interview dozens of smart ... Read More
Invisible Battles and Hidden Figures

Invisible Battles and Hidden Figures

| | security posture
If you are in the cybersecurity business like me, these last few days have felt surreal. The SolarWinds hack is akin to waking up one day and discovering that your home alarm system was compromised 9 months ago, and burglars have been in and out of your home without you ... Read More
Invisible Battles and Hidden Figures

Invisible Battles and Hidden Figures

| | security posture
If you are in the cybersecurity business like me, these last few days have felt surreal. The SolarWinds hack is akin to waking up one day and discovering that your home alarm system was compromised 9 months ago, and burglars have been in and out of your home without you ... Read More
cybersecurity edge data breaches gap cybersecurity remote

Managing a Remote Workforce During COVID-19

COVID-19 has forced a rapid shift from office life to a fully remote work culture and increased reliance on digital infrastructure. Accompanying this shift is a 667% increase in coronavirus-related cyberattacks since the end of February, ranging from business email compromises to scams and brand impersonation. Additionally, the FBI Internet ... Read More
Security Boulevard
Maximizing Return on InfoSec Efforts

Maximizing Return on InfoSec Efforts

|
In most organizations, when an urgent and/or high severity vulnerability needs to be addressed, all assets tend to be treated with equal, high priority. There are a couple major flaws in this approach ... Read More
Qualys

How Gamification Can Improve Enterprise Cybersecurity Posture

Using gamification can help improve an organization’s overall security while making security a fun endeavor Chief information security officers (CISOs) and corporate security teams are tasked with defending their organization and its assets that contain data that is highly confidential and extremely sensitive. Now, imagine being in the position of ... Read More
Security Boulevard