Fresh Thinking for the Modern CISO

powered by Kudelski Security
  • 8 Tips for Choosing an MSSP

    Using objective, evidence-based criteria to evaluate vendors is essential. With hundreds of prospective providers and tons of marketing buzzwords to wade through, choosing the best managed security service providers (MSSPs) to effectively protect both your MSP business and your customers is no easy task. However, as C-suite leaders increasingly push back against security expenditures where…

    Read More >>
  • 2022 Cybersecurity Predictions

    Last month Andrew Howard was interviewed by Infosec’s Chris Sienko, on the top risk and cybersecurity trends for 2022. The podcast can be accessed here. Think there’s nothing new under the sun? With cybersecurity trends, you wouldn’t be far off the truth. Every year opinion leaders outline the main cybersecurity trends to watch and often…

    Read More >>
  • Ransomware Threats Are Here to Stay

    Over the past year, security companies have witnessed the massive impact that ransomware attacks like SolarWinds and Kaseya have had on businesses. As businesses play catch up to the tactics used by hackers to deploy malware, even more sophisticated approaches are unleashed. As we prepare for 2022, ransomware is one thing it’s safe to say…

    Read More >>
  • Part 2 – Make the Shift: A Cohesive Approach to Incident Response is Mission-Critical

    In the first of this two-part series, Olivier Spielmann VP of managed security services EMEA at Kudelski Security discussed the factors that drive the need for a more comprehensive approach to Incident Response. The question of how to prevent cybersecurity attacks is never straightforward, but as cyber security attacks increase – especially over the festive…

    Read More >>
  • Part 1 – Make the Shift: A Cohesive Approach to Incident Response is Mission-Critical

    In this two-part series, Olivier Spielmann, VP managed security services EMEA at Kudelski Security discusses why incident response needs to widen its scope and what every security leader can do to make it happen. Despite the recent good news about the U.S. F.B.I.’s takedown of the REvil ransomware group, whose associates were likely responsible for…

    Read More >>
  • CredManifest: Azure AD Information Disclosure Leading to Privilege Escalation & Free Tool Released

    Summary On November 17th, 2021 Microsoft disclosed the existence of a high severity information disclosure vulnerability impacting Azure Active Directory (Azure AD) that could allow authenticated Azure AD user to escalate their privileges. Azure AD is Microsoft’s Identity and Access Management system used by Azure Cloud and Office 365. The vulnerability, dubbed “CredManifest” (CVE-2021-42306) existed…

    Read More >>
  • From Theory to Practice: How to Get Started with Red Teaming

    It seems like everyone is talking about red teaming these days, and for good reason. Red teaming can be an incredibly useful exercise for organizations looking to test their threat detection and response capabilities as well as their maturity as whole. It’s an evolution of the traditional network pentest, but there are key differences in…

    Read More >>
  • Defending Against Cyberattacks in the Increasingly Vulnerable Manufacturing Industry

    As manufacturing relies more and more on remote access and automation, cyber hygiene continues to be one of the top challenges in securing manufacturers across the nation. In light of several major supply chain disruptions across manufacturing sectors, the Biden Administration recently announced the creation of a Supply Chain Disruptions Task Force to strengthen critical supply chains…

    Read More >>