We use cookies to deliver you the best experience on our website. By continuing to use our website, you consent to our cookie usage and revised Privacy Statement.

Filter By:

Type

Topic

Recent Blogs & Podcasts

Insights Portal

\ Threats & Vulnerabilities 



June 21, 2018 | Vulnerability Assessment and Management
By Kevin Beaver, IANS Faculty

 Best Practices in Database Vulnerability Management

Beyond data encryption and access monitoring, how can organizations ensure the data within their SQL Server, DB2 and Oracle databases are secure? In this Ask-an-Expert written response, IANS Faculty Kevin Beaver recommends performing authenticated vulnerability scans in addition to implementing in-depth penetration testing, monitoring and other controls.

Read More »


June 7, 2018 | Threat Intelligence and Modeling
By Michael Pinch, IANS Faculty

 Threat Intel: From Feed Frenzy to ROI

Fostering good, actionable threat intelligence doesn't have to be complicated. In this report, IANS Faculty Michael Pinch details practical ways to improve your threat intelligence capabilities and ensure your threat intelligence investments reap a real-life return. 

Read More »


May 29, 2018 | Threat Intelligence and Modeling
By Aaron Turner, IANS Faculty

 Adapt Threat Models to Thawing U.S.-North Korea Relations

Is the cyber threat from North Korea likely to lessen, now that relations between North and South Korea, as well as the U.S., seem to be progressing? Not really, says IANS Faculty Aaron Turner. In this Ask-an-Expert written response, he explains why all signs point to increased North Korean cyberattack activity instead and lists some likely targets.

Read More »


May 23, 2018 | Threat Detection and Hunt Teaming
By Ondrej Krehel, IANS Faculty

 Mature Your Threat Hunting Program

How sophisticated is your threat hunting program? No matter your level, the key to success is in collecting and analyzing the right data sets with the right tools, people and processes. In this report, IANS Faculty Ondrej Krehel explains the different levels of threat hunting maturity and offer tips for moving up the scale and incrementally improving your program.

Read More »


May 17, 2018 | Threat Intelligence and Modeling
By Jake Williams, IANS Faculty

 Threat Modeling: Three Basic Approaches to Consider

With so many threat modeling approaches available, how do you choose the right one for your particular environment? In this Ask-an-Expert written response, IANS Faculty Jake Williams recommends three approaches designed to help model threats against PaaS and IaaS cloud assets, in addition to a range of other attacks.

Read More »


May 14, 2018 | Threat Detection and Hunt Teaming
By Dave Kennedy, IANS Faculty

 Threat Hunting: Why Proactive Matters

Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play. In this webinar, IANS Faculty Dave Kennedy explains why threat hunting is important, and how hunt teams can directly increase the overall maturity (and ROI) of your monitoring and detection capabilities. He also details specific methods for detecting abnormal patterns of behavior and other tactics hunters can use to hone their craft.

Read More »


May 14, 2018 | Vendor and Partner Management
By Josh More, IANS Faculty

 Protect Vendor/Supplier Transactions and Payments

With all the incidents of business email compromise and payment system abuse in the news, many organizations are looking to better secure their vendor/supplier payment processes. In this live Ask-an-Expert interaction, IANS Faculty Josh More details two-factor authentication, out-of-band verification and other strategies to help fortify systems against such attacks.

Read More »


May 14, 2018 | Encryption, Digital Signatures, Certificates, Tokenization

 EFAIL Vulnerability Exposes Encrypted Email

On May 14, 2018, security researchers tweeted details and launched a website (efail.de) explaining how attackers could exploit “EFAIL” vulnerabilities to extract plain text from encrypted emails. The vulnerability impacts both the Pretty Good Privacy (PGP) and S/MIME methods of email encryption, which are commonly used in Microsoft Outlook. 

Read More »


May 2, 2018 | Vulnerability Assessment and Management
By Dave Shackleford, IANS Faculty

 Vulnerability Management in a Post-Equifax World

After the Equifax debacle, upper management cares now more than ever before about vulnerability management. How can you use this new spotlight to take your program to the next level? In this report, IANS Faculty Dave Shackleford explains how to drive the right incentives, build the right metrics framework and get IT on board  for a successful, comprehensive vulnerability/patch management program. 

 

Read More »