Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Skimming Credentials with Azure's Front Door WAF
A Web Application Firewall (WAF) is a powerful thing. It inspects all traffic that traverses it, seeing everything that is submitted to a page. EVERYTHING.…
PCI P2PE vs. E2EE – Scoping it Out
If your payment processor says they use “End-to-End Encryption” your PCI DSS compliance scope may be bigger than you expect. In this blog, we break down how…
HIPAA Applicability - Understanding the Security, Breach Notification, and Privacy Rules
This post is intended to help organizations understand how the Health Insurance Portability and Accountability Act (HIPAA) Security, Breach Notification, and…
CMMC NOPE: Why You Don’t Need to be CMMC Compliant
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for…
HIPAA Business Associates - What’s Your Function?
Many teams working with health care providers receive requests to sign a Business Associate Agreement. In this blog, we break down HIPAA’s definition of a…
HIPAA Covered Entities - It’s More Than Just PHI
Handling health records doesn’t automatically make an organization a Covered Entity. In this blog, we help clear up common misconceptions so teams can better…
WSUS Is SUS: NTLM Relay Attacks in Plain Sight
Windows Server Update Services (WSUS) is a trusted cornerstone of patch management in many environments, but its reliance on HTTP/HTTPS traffic makes it a…
A Big Step on the CMMC Rollout Timeline
A major step on the CMMC rollout timeline was completed recently as the regulatory change that will create the CMMC contract clause made its way to the Office…
Detecting Active Directory Password-Spraying with a Honeypot Account
Password-spraying is a popular technique which involves guessing passwords to gain control of accounts. This automated password-guessing is performed against…
HIPAA Protected Health Information - When Health Information Isn’t Protected
Many organizations don’t understand that not all health information is PHI and apply HIPAA more broadly than is required. This has implications for which…
Protecting Backup and Recovery in the Age of Ransomware
Ransomware attackers frequently target backups and recovery systems to force victims into paying ransoms, making robust protection strategies essential for all…
Penetration Testing and Burnout
It's that feeling of your nerves being stretched like sinew over mounting expectations and due dates. When your attention keeps an exhausted but stubborn focus…
Loading...