Fresh Thinking for the Modern CISO

powered by Kudelski Security
  • Can Zero Trust be a business enabler? It’s all about perception.

    It was back in 2017 that the Economist predicted data would replace crude oil as the world’s most valuable resource and that there would be a new “asset-light” economy built on digital rather than physical infrastructures. In hindsight, we could say, yes, of course that’s the case. We know the value of data and those…

    Read More >>
  • BIG-IP iControl REST API Authentication Bypass

    Credit: Yann Lehmann iControl REST is an evolution of F5 iControl framework. Leveraging this Representational State Transfer (REST) API, an authenticated user can accomplish anything that can be accomplished from the F5 BIG-IP command line. It is an extremely powerful API. On May 04, 2022, F5 disclosed a critical CVE, CVE-2022-1388. It may allow an…

    Read More >>
  • “INCONTROLLER” / “PIPEDREAM” ICS Toolkit Targeting Energy Sector

    This advisory was written by Travis Holland and Eric Dodge of the Kudelski Security Threat Detection & Research Team Summary Incontroller/Pipedream is a collection of sophisticated tools thought to be created by group dubbed  “Chernovite” by Dragos. Chernovite is assessed to be a a state-sponsored adversary, with the intention for use in future operations. The…

    Read More >>
  • Fournisseur de Services de Sécurité Managés (MSS) : comment faire le bon choix ?

    Avec des centaines de fournisseurs potentiels et une grande quantité d’informations et d’arguments à prendre en compte, le processus d’appel d’offres pour engager le meilleur fournisseur de Services de Sécurité Managés (MSSP) n’est pas une tâche facile. Les professionnels, pour s’y retrouver, doivent cerner les éléments-clés à prendre en compte lors de l’évaluation de ceux-ci,…

    Read More >>
  • 8 Tips for Choosing an MSSP

    Using objective, evidence-based criteria to evaluate vendors is essential. With hundreds of prospective providers and tons of marketing buzzwords to wade through, choosing the best managed security service providers (MSSPs) to effectively protect both your MSP business and your customers is no easy task. However, as C-suite leaders increasingly push back against security expenditures where…

    Read More >>
  • 2022 Cybersecurity Predictions

    Last month Andrew Howard was interviewed by Infosec’s Chris Sienko, on the top risk and cybersecurity trends for 2022. The podcast can be accessed here. Think there’s nothing new under the sun? With cybersecurity trends, you wouldn’t be far off the truth. Every year opinion leaders outline the main cybersecurity trends to watch and often…

    Read More >>
  • Ransomware Threats Are Here to Stay

    Over the past year, security companies have witnessed the massive impact that ransomware attacks like SolarWinds and Kaseya have had on businesses. As businesses play catch up to the tactics used by hackers to deploy malware, even more sophisticated approaches are unleashed. As we prepare for 2022, ransomware is one thing it’s safe to say…

    Read More >>
  • Part 2 – Make the Shift: A Cohesive Approach to Incident Response is Mission-Critical

    In the first of this two-part series, Olivier Spielmann VP of managed security services EMEA at Kudelski Security discussed the factors that drive the need for a more comprehensive approach to Incident Response. The question of how to prevent cybersecurity attacks is never straightforward, but as cyber security attacks increase – especially over the festive…

    Read More >>