Validating Security Controls and Countermeasures with Penetration Testing

Validating Security Controls and Countermeasures with Penetration Testing

It’s been a few weeks and the dust is starting to settle following the reported data breach in September 2017 at Equifax, one of the big three credit reporting agencies. While other major data breaches have been the result of advanced methods possibly utilizing leaked classified attack techniques, this attack was performed by exploiting a well-known vulnerability within a popular web application.[...]

Three Reasons to Add a Discovery Phase to Your Next OT Security Assessment

Three Reasons to Add a Discovery Phase to Your Next OT Security Assessment

Many of us have accepted that having a 100% accurate inventory of “all the things” (networks, assets, data flows, etc.) is a pipe dream. To put it in NIST CSF terms, if you wait until you master the IDENTIFY function before you do anything in the remaining functions (PROTECT, DETECT, RESPOND, RECOVER), you will likely fail at securing even the most basic environments. So, the condition that[...]

ICS Cybersecurity: 3 Reasons Why Periodic Technical Assessment (Still) Matters

ICS Cybersecurity: 3 Reasons Why Periodic Technical Assessment (Still) Matters

“Our SCADA communications use AES256 and are 100% secure so we don’t worry too much about security.” That’s a real quote from a real Industrial Control System (ICS) manager from this decade. A technical assessment of that system proved otherwise—there were in fact real cybersecurity vulnerabilities that required immediate and long-term remediation.

Practical Steps for Petya Ransomware Protection

Practical Steps for Petya Ransomware Protection

You may have heard that there is a new ransomware campaign leveraging the EternalBlue (MS17-10) exploit from the recent Vault 7 leaks. In less than 36 hours, Petya has had a global impact. Initial reports indicate Petya was targeted at banks and power companies in Ukraine. However, it has spread globally, affecting pharmaceutical companies in the UK, oil shipping companies in Russia, multiple[...]