Featured content

Not all organizations have the cybersecurity expertise to build their own security team, processes, and systems to protect, secure, and proactively take care of their companies. Some use frameworks, like the NIST 800-53 to help guide and implement the right security controls in place. In this article, we’ll go over the NIST 800-53 framework, identify the companies that need to comply with the standard, and how you can use it to improve your own company’s security posture. Quick review: What is NIST 800-53? Who must comply with NIST 800-53? What is the purpose of NIST 800-53? What is the difference between NIST 800-53 and other frameworks? What are the benefits of NIST 800-53? A breakdown of security and access control families in the NIST 800-53 Framework NIST 800-53 compliance best practices

The National Institute of Standards and Technology (NIST) is the U.S. federal agency that’s tasked with protecting sensitive government information that’s stored or handled by third parties, partners, and contractors. Towards this end, the agency published the NIST 800-171 document to give federal partners a standard by which to safeguard confidential information and conduct cybersecurity. More specifically, NIST 800-171 hones in on how defense contractors and subcontractors handle what’s termed as “controlled, unclassified information,” or CUI. This includes things like personal data, intellectual property, equipment specifications, logistical plans, and any other number of strictly confidential federal defense-related information. In short, NIST 800-171 tells contractors how to handle sensitive information that isn’t officially Classified. If you’re just getting started with NIST compliance or are preparing for a NIST assessment, then you’re in the right place. We’ll outline what NIST 800-171 actually entails, the benefits of compliance, and best practices for maintaining NIST compliance over the long haul.

Salesforce holds a wealth of customer data — and Salesforce audits are becoming a priority for organizations that want to ensure that information is kept secure and within the guardrails of privacy law.

As more and more companies experience crippling security breaches, the wave of compromised data is on the rise. Data breach statistics show that hackers are highly motivated by money to acquire data, and that personal information is a highly valued type of data to compromise. It’s also apparent that companies are still not prepared enough for breaches even though they are becoming more commonplace.

In February, information about the highly successful Conti ransomware group leaked after it declared its full support of the Russian government—vowing to respond to any attack, cyber or otherwise, against Russia with "all possible resources to strike back at the critical infrastructures of an enemy." Radical circumstances create radical change. Think about how the world and our behaviors changed almost overnight with Covid-19. I'd like to highlight a few points from the leaked Conti chats.

Many SaaS applications offer what’s known as vanity URLs — customizable web addresses for landing pages, file-sharing links, etc. Vanity URLs allow you to create a personalized link that looks like this:

What is Bad Rabbit ransomware? Bad Rabbit is ransomware belonging to the Petya family of ransomware that hit over 200 organizations throughout Eastern Europe in October of 2017. Targets were primarily Russian media agencies however various corporate networks throughout Russia, Eastern Europe, and Japan were hit due to the method that ransomware used to spread through networks.

During a recent engagement with a customer, the Varonis Forensics Team investigated a ransomware incident. Multiple devices and file servers were compromised and encrypted by a malicious threat group known as Hive.

If you work in incident response you understand how critical it is to pull forensically sound evidence from compromised devices as soon as possible. This is often in the form of logs or hard disk images.

As part of your professional development in the cybersecurity industry, you’re likely going to face a decision on which certification you should obtain first. This usually pits CCSP and CISSP against each other and what you should choose depends on several key considerations.

The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) provides organizations with guidance and best practices for enhancing information security and safeguarding their networks and data.

Active Directory Group Policy is a fundamental building block of an enterprise network. Group Policy Objects (GPOs) configure settings, behaviors, and privileges for users and computers connected to the Active Directory domain. Whether you are building a new domain or have an existing domain to manage, you can follow several group policy best practices to have an efficient deployment.