Optiv Blog

PCI Compliance Every Day – Requirement 7

· By Jeff Hall, Scott Chimner · 0 Comments

This post focuses on PCI DSS requirement seven; restricting access to cardholder data and in-scope system components based on the “need to know” and/or the principle of “least privilege.” “Need to know” as defined in the PCI DSS is “when access rights are granted to only the least amount of data and privileges needed to perform a job.”

Continue reading 0 Shares

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 20

· By Joshua Platz · 0 Comments

Test the overall strength of an organization’s defenses (the technology, the process and the people) by simulating the objectives and actions of an attacker.

Continue reading 0 Shares

DEF CON is Here: A Reminder to Manage and Remediate Security Vulnerabilities of Your Third Parties

· By James Robinson · 0 Comments

Every year I like to take a look at the talks at Black Hat and DEFCON to see if there are areas of risk I need to review. This year, like others, has focused on different hacking and defensive techniques. It also included a theme on cloud components as well as IoT, and new vulnerabilities within both. If your organization develops these products, you have the ability to talk with the development teams and review the devices for the vulnerabilities.

Continue reading 0 Shares

Indicators of Compromise (IOCs) are Not Intelligence

· By Ken Dunham · 0 Comments

When discussing the topic of cyber threat intelligence, I frequently hear questions about Indicators of Compromise (IOCs). IOCs are not intelligence but are important data points within the intelligence process. Meta-data is a better way to think about how to connect the dots between assets, threats, threat agents, counter-measures and other variables that factor into cyber threat intelligence.

Continue reading 0 Shares

Update: Intelligence Advisory – Petya Outbreak

· By gTIC · 0 Comments

This is an update to the Intelligence Advisory: Petya Ransomware Outbreak - released June 27, 2017. Optiv’s Global Threat Intelligence Center (gTIC) received several sources pertaining to the newly created Petya ransomware strain. This new strain is being referenced as GoldenEye, Petyawrapper, NotPetya, SortaPetya, and Petna.

Continue reading 0 Shares

Petya / Petna / NotPetya Ransomware Recommendations from the Trenches

· By Nick Hyatt · 0 Comments

Here we go again. Not long ago I updated a blog post containing actionable recommendations to protect your environment from ransomware threats, including WannaCry. In the wake of yesterday’s Petya attack, I thought it would be prudent to update that blog again and reinforce concepts discussed therein.

Continue reading 0 Shares

The Most Important Threats for Your Organization to Watch

· By Courtney Falk · 0 Comments

The Optiv Cyber Threat Intelligence Estimate 2017 is a yearly report that reviews important events of the past calendar year, and uses them to make projections for the coming year. Professionals from Optiv’s Cyber Threat Intelligence practice and the Global Threat Intelligence Center (gTIC) collaborated to identify the most important threats to watch.

Continue reading 0 Shares

What Changes will EO 13800 Bring to Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure?

· By Russell Pierce · 0 Comments

Anyone who has held the position of CIO or CISO in a government agency or bureau can tell you implementing an effective information risk management program has been more of a journey then a destination; and anyone who is surprised that we as a nation have struggled to protect our applications, data and infrastructure hasn’t been following the news.

Continue reading 0 Shares

Cyber Threat Intelligence – Putting out Fires or Firefighting?

· By Ken Dunham · 0 Comments

When it comes to fighting malware, combatting nation-state threats, and securing digital assets, the information security industry has much to learn from firefighters. Though we fight online threats, and firefighters fight fires, both roles have reactive and proactive challenges. Optiv strongly advocates that organizations become firefighters: not only responding reactively but also strategically and proactively.

Continue reading 0 Shares

Thank You for the Help!

· By Bill Heck · 0 Comments

One of the more influential things in my life that directed me towards a career in information security was the 1983 movie, WarGames. I was already a bit of a computer nerd in the early 80’s, but WarGames opened my eyes to the broad scale of what could be done from the comfort of your home. It wasn’t just about what I could do locally, but those ridiculously slow dial-up modems opened up a whole new world of possibilities!

Continue reading 0 Shares
(328 Results)