Update: The Defensive Security Strategy

September 9, 2021
By in Application Security Assessment, Leadership, Mobile Security Assessment, Penetration Testing, Security Program Assessment, Security Program Management, Security Remediation, Security Testing & Analysis, Social Engineering, Table-Top Exercises, Vulnerability Assessment

Original post:  https://www.trustedsec.com/blog/the-defensive-security-strategy-what-strategy/ Massive exposures and attacks, such as recent SolarWinds and Exchange exploit issues, have been common news lately. While the security landscape has advanced and changed, these massive exposures are continuing to occur. The question is why, and how, are they occurring? While common issues are often leveraged, the mentality around them is…

Read

Is Cyber Insurance Becoming Worthless?

August 17, 2021
By in Decision Making, Incident Response, Incident Response & Forensics, Leadership, Remediation Assistance & Training, Security Remediation

New challenges have emerged that make it difficult to transfer risk. Ransomware has changed the game An overlooked yet the increasingly important challenge in information risk management is finding the right balance between cybersecurity and cyber insurance. We continue to see organizations hit with ransomware from a variety of vectors, including spam emails, drive-by downloads,…

Read

SolarWinds Backdoor (Sunburst) Incident Response Playbook

December 17, 2020
By in Incident Response, Incident Response & Forensics, Research, Security Remediation, Security Testing & Analysis, Technical Counter Surveillance Measures, Threat Hunting

Over the last several days, TrustedSec has received queries on the best ways to contain, eradicate, and remediate the SolarWinds backdoor (aka #solarigate aka Sunburst). The TrustedSec Incident Response team has put together a playbook of recommended actions to provide some level of assurance that your organization is no longer affected by the backdoor. This…

Read

Fear, Cybersecurity, and Right to Repair

November 5, 2020
By in Program Assessment & Compliance, Remediation Assistance & Training, Security Remediation

Massachusetts is the latest state to grapple with Right to Repair legislation. A ballot question in the 2020 election asked the state’s voters to decide whether or not automobile manufacturers must make the telematics data collected by cars’ on-board computers available to independent repair shops. What seems like a debate over who can access the…

Read

Making EDR Work for PCI

September 10, 2020
By in Business Risk Assessment, Endpoint Hygiene Automation, Mergers & Acquisitions Security Assessment, PCI Assessment, Program Assessment & Compliance, Remediation Assistance & Training, Security Remediation

The Endpoint Detection & Response (EDR) and Advanced Threat Protection (ATP) marketplace is abuzz with products that blur the lines of personal firewall, host-based intrusion detection system (IDS) and intrusion prevention system (IPS), anti-virus, system logging, and file integrity monitoring (FIM). These solutions are centrally managed from your web browser and include advanced dashboards for…

Read

Azure Automation – Getting Started With Desired State Configurations

July 21, 2020
By in Endpoint Hygiene Automation, Program Development, Remediation Assistance & Training, Security Remediation

Azure brings a lot of new tools and capabilities to the IT and Information Security toolbox. In fact, there are so many features that it can be overwhelming and difficult to understand when or how to use them. I believe that the revamp of Desired State Configuration (DSC) within Azure is one of these overlooked…

Read

Using Azure to Address Endpoint Hygiene Management

July 14, 2020
By in Endpoint Hygiene Automation, Program Development, Remediation Assistance & Training, Security Remediation

Remote workers are set up, but endpoint management is still an issue Setting up a remote workforce during the COVID-19 pandemic presented a huge challenge, especially trying to get so much done in such a short time frame. While getting extra Zoom licenses was likely pretty easy, there are more challenging issues surrounding remote sharing…

Read

Questions after an assessment? Let TrustedSec be your guide.

June 29, 2020
By in Decision Making, Remediation Assistance & Training, Security Remediation

Are you having trouble remediating your penetration test findings? It might be time to get some help from TrustedSec. After TrustedSec consultants complete security assessments, clients will often ask us to re-test the specific findings from the last test. But in many instances, those same problems exist—sometimes they are exactly the same, but other times,…

Read

Is Zoom’s Lack of End-To-End Encryption a Problem?

April 2, 2020
By in Security Program Assessment, Security Remediation

All of the work-from-home activity coupled with all of the media about Zoom’s lack of end-to-end (E2E) encryption has resulted in a few clients asking us if Zoom can still be trusted to host meetings. It’s not exactly as they portray For those of you catching up, Zoom’s privacy and security have been the target…

Read

Securing a Remote Workforce: Top Five Things to Focus on For Everyone

March 25, 2020
By in Business Risk Assessment, Managed Services, Operational Performance Maturity Assessment, Penetration Testing, Physical Security, Program Assessment & Compliance, Program Development, Program Maturity Assessment, Security Program Assessment, Security Program Management, Security Remediation, Security Testing & Analysis, Training, Vulnerability Assessment

Deploying a remote workforce is uncharted territory for some organizations, while others have been perfecting the model for years. Most security programs have different ways to handle their workforce. For on-premise users, which has traditionally used more of castle mentality where you attempt to prevent outsiders from penetrating the network perimeter (similar to a castle…

Read

  • Search the blog

  • Search by Author

  • Browse by date

  • Browse by Category

  • Clear Form