42 matches found
OCSF: Working Together to Standardize Data
Teams spend a lot of time normalizing data before any analysis, investigation, or response can begin. It’s an unacceptable burden for you. And its days are finally numbered. Rapid7 and other security vendors are collaborating on an Open Cybersecurity Schema Framework OCSF, an open standard for bo...
RASP: The World Cup’s Last Line of Cyber Defense
No greater sporting event exists that brings the peoples of the world together more effectively than the FIFA World Cup, with the first match kickoff set for Monday, 21 November 2022, in Doha, Qatar, at the Al Bayt stadium in Al Khor. Football fans from all across the globe will pour into the Gul...
Detect active network reconnaissance with Microsoft Defender for Endpoint
The Microsoft Compromise Recovery Security Practice has observed how the security industry has evolved over the last few years as consumers, businesses, and industry professionals continue to adapt to the changing landscape. We have seen the emergence of new frameworks, such as the Cybersecurity...
NIST Cybersecurity Framework: A Quick Guide for SaaS Security Compliance
When I want to know the most recently published best practices in cyber security, I visit The National Institute of Standards and Technology NIST. From the latest password requirements NIST 800-63 to IoT security for manufacturers NISTIR 8259, NIST is always the starting point. NIST plays a key...
NIST and HIPAA: Is There a Password Connection?
When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by...
New Educational Video Series for CISOs with Small Security Teams
Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises SMEs have smaller teams with less expertise, smaller budgets for technology and outside...
How Does Your AD Password Policy Compare to NIST's Password Recommendations?
End-user passwords are one of the weakest components of your overall security protocols. Most users tend to reuse passwords across work and personal accounts. They may also choose relatively weak passwords that satisfy company password policies but can be easily guessed or brute-forced. Your user...
NIST Recognizes RASP as Critical to Lowering Risk
The United States Congress ratified the Cybersecurity Framework set forth by the National Institute of Standards and Technology NIST in 2014 to standardize the practices and controls that mitigate constantly evolving cyberthreats. The framework has been adopted by federal and local government...
Engage Your Management with the Definitive 'Security for Management' Presentation Template
In every organization, there is a person who's directly accountable for cybersecurity. The name of the role varies per the organization's size and maturity – CISO, CIO, and Director of IT are just a few common examples – but the responsibility is similar in all places. They're the person who...
NIST’s privacy framework lets privacy tell its own story
Online privacy remains unsolved. Congress prods at it, some companies fumble with it while a small handful excel, and the public demands it. But one government agency is trying to bring everyone together to fix it. As the Senate sits on no fewer than four data privacy bills that their own members...
WEBINAR: How to Get Enterprise Cyber Security for your Mid-Sized Organization
High-quality cybersecurity posture is typically regarded as the exclusive domain of the large and heavy resourced enterprises – those who can afford a multi-product security stack and a skilled security team to operate it. This implies a grave risk to all organizations who are not part of this...
Best Practices for Endpoint Detection and Response
There are many elements that can complicate enterprise security efforts. From the increasing sophistication of cybercriminal strategies and activities to the wide range of components connected to the network, data protection and infrastructure security has become an uphill battle. Another key...
Assessing Microsoft 365 security solutions using the NIST Cybersecurity Framework
This blog is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series, youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out our last blogNew...
Overwhelmed by overchoice at RSA Conference 2018
As over 500 companies vied for mindshare at this years RSA conference - a cacophony of vendors pitching thousands of products from brightly colored booths - it reminded me of how challenging it was for me to separate signal from noise when I was managing global networks. And the rapid growth of...
NIST Cybersecurity Framework Series Part 1: Identify
The National Institute of Standards and Technology created the Cybersecurity Framework NIST CSF four years ago under the Obama administration. Recently, the framework received added attention when President Donald Trump signed a cybersecurity executive order in May 2017, mandating that government...
January 18, 2017 – Morning Cyber Coffee Headlines – “San Francisco” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! January 18, 2018 - Headlines Carbon Black in the News: SC Awards Finalists 2018...
The CIS Critical Security Controls Explained - Control 2: Inventory of Authorized and Unauthorized Software
As I mentioned in our last post, the 20 critical controls are divided into System, Network, and Application families in order to simplify analysis and implementation. This also allows partial implementation of the controls by security program developers who aren't building a program from scratch,...
Best Practices to Protect You, Your Network, and Your Information
The National Cybersecurity and Communications Integration Center NCCIC and its partners responded to a series of data breaches in the public and private sector over the last year, helping organizations through incident response actions, conducting damage assessments, and implementing restoration...
NIST Publishes Preliminary Cybersecurity Framework
Following an Executive Order issued by U.S. President Barack Obama in February of this year, the National Institute of Standards and Technology NIST yesterday made public a provisional copy of the government’s cybersecurity framework and says it will accept public comment on the draft for the nex...
4th Cybersecurity Framework Workshop: Good News and Bad News
I had a chance to visit a number of industrial events this year and can see the evolution of cybersecurity in the industrial field. One of these was the 4th National Institute of Standards and Technology’s NIST Cybersecurity Framework Workshop CFW. Kaspersky was in attendance at the previous...