Optiv Blog

The Aftermath of Meltdown and Spectre: Now What?

· By Michael Lines · 0 Comments

The recent unveiling of the widely reported Meltdown and Spectre attacks, which exploit critical vulnerabilities in modern processors, sent many within and outside the security industry into a tizzy. In the days following their public announcement, companies are struggling to understand the scope of the issue, their vulnerability and what they can do about it.

Continue reading 0 Shares

Security vs. End User Experience – Find the Balance

· By Dusty Anderson · 0 Comments

Have we become so focused on serving our customers that we are willing to cut corners for the sake of speed and convenience, only to subject the organization to security risks? I’m not suggesting that one has to be prioritized over the other, you can provide a great user experience, while also keeping your users’ identities and access secure. It is possible to achieve a healthy balance.

Continue reading 0 Shares

Cyber Threat Intelligence Requires Commitment

· By Ken Dunham · 0 Comments

It’s been said that in a breakfast of bacon and eggs, the chicken is involved but the pig is committed. This saying is relevant when implementing a cyber threat intelligence program. You must be committed in order to succeed. In this blog post, I’ll explore some of the common pitfalls of implementing a cyber threat intelligence program.

Continue reading 0 Shares

Want to be a Great Security Leader? You Need a Great Lawyer

· By J.R. Cunningham · 0 Comments

Information security continues to evolve as a profession, and this is certainly evident in the role that legislation, privacy, third-party risk and incident management play in the daily life of the information security leader. More often, as I meet with clients to discuss security strategy and risk, security leaders are struggling with the myriad of compliance requirements, various state and national privacy laws, and their relationship with the information security program.

Continue reading 0 Shares

The Risk of Cryptocurrencies

· By Courtney Falk · 0 Comments

Cryptocurrencies are a libertarian ideal: a monetary system outside the control of big government. The modern digital world provides the necessary components for a cryptocurrency to succeed. Computing power has advanced sufficiently to lower the processing burden of cryptography. Now systems are both powerful enough and affordable enough that there is a sufficiently large audience for a cryptocurrency system. But where cryptocurrencies solve some of the fundamental problems of centralized currencies, they also introduce some new problems while still falling victim to other, age-old problems.

Continue reading 0 Shares

Can Your Organization Accept the Risk of Being First?

· By Woodrow Brown · 0 Comments

Optiv recently completed our 2017 endpoint security solution evaluation. For this year’s review, we constructed several use cases that would model threats to enterprise user workstations. The attack scenarios began with exploiting well-known vulnerabilities, such as CVE-2015-0313, and escalated to assumed targeted phishing attacks using custom binaries.

Continue reading 0 Shares

Unmanaged PowerShell Binaries and Endpoint Protection

· By Dan Kiraly · 0 Comments

Optiv recently completed our 2017 endpoint security solution evaluation. The primary focus of the evaluation was to test the solutions’ efficacy across the cyber kill chain. Surprisingly, we discovered a high failure rate in detecting two custom binaries that were created for the evaluation as malicious and the commands executed through them. Both of these binaries incorporated the concept of unmanaged PowerShell.

Continue reading 0 Shares

Third-Party Breaches Will Continue Until Morale Improves

· By Peter Gregory · 0 Comments

I have some bad news for you: breaches at third parties are not going to stop – not any time soon. Various studies show that somewhere between one-third and two-thirds of all breaches have their nexus in third-party service providers. Given the decade-long outsourcing trend that is not showing any signs of slowing down, this means that your organization has a decent chance of experiencing one directly or through one of your third parties.

Continue reading 0 Shares

GDPR Part 3: GDPR and the Information Security Program

· By J.R. Cunningham · 0 Comments

In this third and final part of the series, we’ll spend some time bringing GDPR and its various requirements back into the information security program in an effort to identify areas where GDPR compliance may become a side-effect of a business-aligned, risk-based, data-centric and threat-aware information security program.

Continue reading 0 Shares

Using Micro-Segmentation to Protect Your Data – Part 1

· By Rob Brooks · 0 Comments

As software-defined networking (SDN) technologies have become more prevalent and organizational perimeters have become blurred, micro-segmentation is emerging as a critical requirement for protecting the data within these virtualized environments. Micro-segmentation is a security concept that allows for the separation and protection of virtualized, core data center components.

Continue reading 0 Shares
(120 Results)