Fresh Thinking for the Modern CISO

powered by Kudelski Security
  • MITRE ATT&CK & D3FEND: Step-by-Step Guide to Closing Security Visibility Gaps

    In this article, summarized from a recent managed detection and response webinar, we’ll explain what MITRE D3FEND is, how it complements the MITRE ATT&CK framework, and how you can use it to identify and close gaps in security visibility. It’s no secret that cybercrime is on the rise with attacks happening more frequently and for…

    Read More >>
  • What’s Next in Cybersecurity: Predictions from Andrew Howard

    Every year, the cybersecurity sector publishes articles on what we can expect to see in the course of the year. This article, published originally in InfoSec on August 8, 2022 by Ali Hadley looks at the predictions Kudelski Security CEO, Andrew Howard, made at the beginning of 2022 in a podcast with Infosec. As we…

    Read More >>
  • Can Zero Trust be a business enabler? It’s all about perception.

    It was back in 2017 that the Economist predicted data would replace crude oil as the world’s most valuable resource and that there would be a new “asset-light” economy built on digital rather than physical infrastructures. In hindsight, we could say, yes, of course that’s the case. We know the value of data and those…

    Read More >>
  • BIG-IP iControl REST API Authentication Bypass

    Credit: Yann Lehmann iControl REST is an evolution of F5 iControl framework. Leveraging this Representational State Transfer (REST) API, an authenticated user can accomplish anything that can be accomplished from the F5 BIG-IP command line. It is an extremely powerful API. On May 04, 2022, F5 disclosed a critical CVE, CVE-2022-1388. It may allow an…

    Read More >>
  • “INCONTROLLER” / “PIPEDREAM” ICS Toolkit Targeting Energy Sector

    This advisory was written by Travis Holland and Eric Dodge of the Kudelski Security Threat Detection & Research Team Summary Incontroller/Pipedream is a collection of sophisticated tools thought to be created by group dubbed  “Chernovite” by Dragos. Chernovite is assessed to be a a state-sponsored adversary, with the intention for use in future operations. The…

    Read More >>
  • Fournisseur de Services de Sécurité Managés (MSS) : comment faire le bon choix ?

    Avec des centaines de fournisseurs potentiels et une grande quantité d’informations et d’arguments à prendre en compte, le processus d’appel d’offres pour engager le meilleur fournisseur de Services de Sécurité Managés (MSSP) n’est pas une tâche facile. Les professionnels, pour s’y retrouver, doivent cerner les éléments-clés à prendre en compte lors de l’évaluation de ceux-ci,…

    Read More >>
  • 8 Tips for Choosing an MSSP

    Using objective, evidence-based criteria to evaluate vendors is essential. With hundreds of prospective providers and tons of marketing buzzwords to wade through, choosing the best managed security service providers (MSSPs) to effectively protect both your MSP business and your customers is no easy task. However, as C-suite leaders increasingly push back against security expenditures where…

    Read More >>
  • 2022 Cybersecurity Predictions

    Last month Andrew Howard was interviewed by Infosec’s Chris Sienko, on the top risk and cybersecurity trends for 2022. The podcast can be accessed here. Think there’s nothing new under the sun? With cybersecurity trends, you wouldn’t be far off the truth. Every year opinion leaders outline the main cybersecurity trends to watch and often…

    Read More >>