Massive cyberattacks, difficult configurations? what to do from here? All I have is some unusable data to the hackers – what is important about our stuff. We are inundated with cyberattacks in the news and more terrorist attacks (beheadings, shootings, death etc.) We have to have intent of protecting our assets to the best of … Read more
1. Obtain a technology that will be able to see the attacker trying to communicate with the attack software(malware etc) in your network. This system should have the capability to remove network traffic if it does not pass your rules. The NGFW Next Generation FireWall with an included Intrusion Prevention System(IPS) can get this job … Read more
We know the problems with the Anthem Breach: no encryption But does it mean you should encrypt your data? What does it mean to “encrypt the data” What if your data is “stolen” with correct credentials, i.e. if someone has the username and password then it is over, whether the data is encrypted matters … Read more
Why can’t I just use an automated service like http://www.trust-guard.com ? One reason to reconsider only using Trust-guard is that it is not QSA certified from the PCI Security Standards council: https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php As a pentester (penetration tester) we use a QSA certified tool to verify vulnerability assessments on your resources. (such as Nessus) we have also used … Read more
Is there something fundamentally wrong with our thinking? Anthem is only the latest victim of the multiple victims last year. Over 1 Billion records were breached or stolen in 2014 and human error or accidents are the cause 25% of the time (Network World story). “Mega breaches are the defining trend, exposing tens of millions … Read more
