Fresh Thinking for the Modern CISO

powered by Kudelski Security
  • Cyber Risk

    Getting Started with Cyber Risk Quantification and Decisioning

    Over the last few years, there has been increasing interest by CISOs and business leaders in cybersecurity risk quantification. Many of the CISOs we are working with are keen to connect security risk to the language of business. In this article, Graeme Payne reviews how cyber risk quantification and decisioning can be used to communicate…

  • 15 Practical Tips for More Effective Cybersecurity Incident Response

    15 Practical Tips for More Effective Cybersecurity Incident Response

    Building an effective cyber incident response plan requires more than having the right tools in place or engaging the right cyber incident response services. As a security leader, you’re responsible for building the right security foundation and fostering a culture of teamwork and open dialogue during a crisis. Summarizing a recent webinar, this article will…

  • MITRE ATT&CK & D3FEND: Step-by-Step Guide to Closing Security Visibility Gaps

    In this article, summarized from a recent managed detection and response webinar, we’ll explain what MITRE D3FEND is, how it complements the MITRE ATT&CK framework, and how you can use it to identify and close gaps in security visibility. It’s no secret that cybercrime is on the rise with attacks happening more frequently and for…

  • What’s Next in Cybersecurity: Predictions from Andrew Howard

    Every year, the cybersecurity sector publishes articles on what we can expect to see in the course of the year. This article, published originally in InfoSec on August 8, 2022 by Ali Hadley looks at the predictions Kudelski Security CEO, Andrew Howard, made at the beginning of 2022 in a podcast with Infosec. As we…

  • Can Zero Trust be a business enabler? It’s all about perception.

    It was back in 2017 that the Economist predicted data would replace crude oil as the world’s most valuable resource and that there would be a new “asset-light” economy built on digital rather than physical infrastructures. In hindsight, we could say, yes, of course that’s the case. We know the value of data and those…

  • BIG-IP iControl REST API Authentication Bypass

    Credit: Yann Lehmann iControl REST is an evolution of F5 iControl framework. Leveraging this Representational State Transfer (REST) API, an authenticated user can accomplish anything that can be accomplished from the F5 BIG-IP command line. It is an extremely powerful API. On May 04, 2022, F5 disclosed a critical CVE, CVE-2022-1388. It may allow an…

  • “INCONTROLLER” / “PIPEDREAM” ICS Toolkit Targeting Energy Sector

    This advisory was written by Travis Holland and Eric Dodge of the Kudelski Security Threat Detection & Research Team Summary Incontroller/Pipedream is a collection of sophisticated tools thought to be created by group dubbed  “Chernovite” by Dragos. Chernovite is assessed to be a a state-sponsored adversary, with the intention for use in future operations. The…

  • Fournisseur de Services de Sécurité Managés (MSS) : comment faire le bon choix ?

    Avec des centaines de fournisseurs potentiels et une grande quantité d’informations et d’arguments à prendre en compte, le processus d’appel d’offres pour engager le meilleur fournisseur de Services de Sécurité Managés (MSSP) n’est pas une tâche facile. Les professionnels, pour s’y retrouver, doivent cerner les éléments-clés à prendre en compte lors de l’évaluation de ceux-ci,…