
“Know thy enemy and know yourself; in a hundred battles, you will never be defeated.” ~ Sun Tzu, The Art of War Sun Tzu’s advice is as applicable in cyber security as it is in battle. He warns, “When you are ignorant of the enemy but know yourself, your chances of winning or losing are equal. If ignorant…
In Part I of the blog series, Hardening Windows Endpoints Against Cyber Attack, I covered the first three steps of an ethical hack. Step 0: Pre-Engagement Step 1: Passive Recon Step 2: Active Recon Now the run really begins. In this blog post, you’ll learn how to put all the knowledge you gained during the…
You snag a seat at your local café and open your laptop. Maybe you’re on the patio, grateful for the heater. The scent of coffee powers up your brain. The low hum of people chatting is welcome, after months of isolation. The logon page appears as you search for the Wi-Fi in your settings. Despite…
With the holiday season upon us, it’s a good time to settle down with a beloved story. I re-watched the Charles Dickens classic, A Christmas Carol, the other day (well, actually it was Scrooged with Bill Murray, of course) and found myself thinking about the parallels with cyber security. Really, I did. In the story,…
To secure Windows endpoints against cyber attacks, it helps to think like a cyber criminal. Cyber criminals look for the cheapest, fastest, stealthiest way to achieve their goals. Windows endpoints provide many opportunities to gain entry to IT environments and access to sensitive information. As part of the ethical hacking community, my ultimate goal is…
Cue music: Ch-Ch-Cha-Changes In recent macOS releases, Apple has been drawing attention to third-party software that uses technology like kernel extensions and system extensions. This technology allows users to install components or apps that extend the native capabilities of the macOS operating system. Apple’s deprecation of kernel extensions (KEXTs) and introduction of Endpoint Security Enabled…
Transitioning to the cloud is one of the most significant technology shifts your company will face. Last year, over 80% of organizations operating in the cloud experienced at least one compromised account each month, stemming from external actors, malicious insiders, or unintentional mistakes. The specifics of cloud security activities may vary depending on your cloud…
Lately we’ve been banging the drum that “every user is a privileged user,” meaning privileged users aren’t limited to system administrators but also include business users with access to applications and endpoints linked to critical business data and functions. The second verse to that refrain is that “every system is a privileged system.” Within your IT environment,…
Service accounts, by their nature, can take on a life of their own. They’re rarely tied to a human owner if managed at all, so service account sprawl takes over and organizations’ privileged account attack surfaces can expand almost beyond measure. And with almost all medium to large organizations unable to pull service accounts into…
The concept of working remotely, or granting remote access, isn’t anything new for most IT professionals. Most organizations have embraced a remote workforce, be it their own employees, contractors, consumers, business partners, and managed service providers. What does “working remotely” mean today? For IT professionals, remote access had been thought of as performing your job…