Oops, I did it again
The ongoing quest to catch a cybercriminal — While looking out the window, Carl discovers something interesting. Something that can change his and Jennifer’s lives altogether. While studying for his exams, he conceives a brilliant idea. Discreetly, he drafts a plan. Will he achieve his goal and make his girlfriend happy when the plan is successfully executed? Or will someone intervene? The danger of a cybercriminal can come from anywhere, and they can wreak havoc when they strike successfully. Are you prepared for when chaos strikes?
The moment I graduated from school and received my diploma in accountancy, I received a job offer to start as a junior system and network administrator. Simultaneously I got introduced to the world of cybersecurity. However, back then things were not as complicated as they are today. Like any other…
Do you have an effective cyber hunting team?
In cybersecurity, everything is evolving rapidly. It is an ongoing battle between adversaries and defenders. And the terrible thing is, the defenders indeed drew the short end of the stick. They need to defend against any type of threat while the adversary has the time and can sharpen and perfect his threat. Therefore, the logical question is ‘How do you keep up with the developments of the adversaries?’
Are you really remediating all the discovered vulnerabilities?
According to an article published by PcMag, LastPass was breached in 2022 by a 3-year-old vulnerability! You would expect that a security vendor is remediating all discovered vulnerabilities swiftly. But that on its own raises a few questions. Questions like ‘Do you really scan all your assets?’ and ‘Do you really track remediation efforts?’. These are questions that every CISO/Security Manager should be asking its vulnerability scanning team. But is it that simple?
What is your security strategy?
One of the most famous quotes written by Sun Tzu in his book ‘The art of War’ is ‘Keep your friends close, your enemies even closer’. You should also apply this in the cyber security domain. Treating the adversaries as your enemy allows you to define boundaries on how far they can go before you need/want to act. And the same applies to the rest (your friends). By setting boundaries (risk acceptance) you know when your friend has become your enemy. Setting boundaries is what we do within the InfoSec world. But are we setting the right boundaries?
Some practical tips when you are on Zero Trust Architecture journey
As everybody is talking about Zero Trust Architecture, the confusion is growing and growing. So, I will share practical tips for implementing the Zero Trust Architecture principles/policies. — The definition of Zero Trust Architecture The National Cybersecurity Center of Excellence (NCCoE, part of NIST) defines Zero Trust Architecture as ‘A zero trust architecture treats all users as potential threats and prevents access to data and resources until the users can be properly authenticated and their access authorized. In essence, a zero trust architecture allows…
Security is more than just a budget code
Every so often you will receive questions from the senior management team like ‘Where can we save money?’ and ‘Security is just a cost center. Is it possible to lower these costs?’. And yes, these questions make sense if you follow the reasoning why. It is all about the company’s profitability and keeping the shareholders satisfied. But is this really the right way? — But before the question can be answered if it is possible to reduce the budget of the security department, there is a fundamental question to be asked first. What is the purpose of the security department?
Is EDR with Sysmon enough? Or do you need XDR as well?
Although the difference is just one letter, the level of protection is a different story. Extended Endpoint Detect and Response, or in short XDR, is the successor of Endpoint Detect and Response, or in short EDR. But what does actually extended mean? — As already stated in a previous article, protecting your endpoints with just a classic antivirus solution is not enough anymore. Online you can find enough articles on how to avoid detection by classic antivirus solutions.
Attack Surface Management - Is it just another buzzword or is it something more?
Attack Surface Management is currently one of the buzzwords in the security community. Various security vendors have released products covering Attack Surface Management. But is just installing another security tool enough to cover this buzzword? What is Attack Surface Management? Where to start with Attack Surface Management? — The SANS Institute and Gartner drafted already various documents, reports, and guides on Attack Surface Management. Therefore, one might think it is crucial to implement, and that you should invest in it.