Access control lists (ACL) control or restrict the flow of traffic through a digital environment. ACL rules grant or deny access in two general categories: 1. Filesystem ACLs apply to files and/or directories; 2. Networking ACLs apply to the network routers and switches.
A
In October 2023, Ace Hardware, one of the largest hardware retailers in the United States, experienced a cybersecurity incident that overwhelmed several of its IT systems. The attack highlights how important it is to protect your data assets so you can continue business operations and safeguard customer data.
Active Directory (AD) is the proprietary directory service for Windows domain networks. It consists of a database and numerous services that connect users to network resources such as devices, data, folders, etc.
What is Active Directory (AD) Bridging? Active Directory Bridging is a technology in the field of networking that aims to enhance the communication between different network devices, systems and protocols. Understanding Active Directory What is Active Directory? Active Directory is a Microsoft ...
Active Directory (AD) is a critical component for Windows based networks. It is a centralized authentication and authorization service that helps organizations manage users, computers, and applications. AD is responsible for managing permissions to network resources and provides a secure ...
Active Directory (AD) is Microsoft’s proprietary directory service for Windows domain networks. Active Directory authentication is AD’s system for authenticating users, computers, and services. The system relies on protocols which use ticketing to securely grant access. It prevents unauthorized access to AD and aids effective role-based access control (RBAC).
Advanced threat protection is a type of cybersecurity dedicated to preventing pre-planned cyberattacks, such as malware or phishing. ATP combines cloud, file sharing, email, network, and endpoint security.
Agentless monitoring is a form of IT monitoring that does not require the installation of a software agent. Agentless monitoring protocols or APIs collect data and performance metrics from infrastructure, devices, and applications. Without the need to install agents on servers or devices, agentless monitoring offers scalability and ease of maintenance.
Amazon hacked! That was big news for the better part of November 2024 after the online retail giant confirmed that employee data had been leaked due to vulnerabilities in MOVEit software. What started as a third-party attack in May 2023 eventually snowballed into what experts recognized as a major security incident that compromised numerous organizations.
In January and February 2024, American Express notified customers of several third-party data breaches impacting client account numbers. The data breaches allowed unknown parties to access customer information through third-party systems. American Express notes the systems it controls were not compromised.
What Is Anomaly Detection? Anomaly detection is the process of analyzing company data to find data points that don’t align with a company's standard data pattern. Companies use anomalous activity detection to define system baselines, identify deviations from that baseline, and investigate ...
What is an Application Gateway (App Gateway)? An application gateway is a security measure that protects web applications. They replace traditional web applications that require the same login credentials as the data center. Instead, users access application gateways through mobile apps and cloud ...
On Nov. 3, 2023, a ransomware gang hacked into a Bank of America service provider's systems. The data breach exposed the personal information of more than 57,000 Bank of America clients. While it affected only a small sliver of the bank's 69 million total clients, the breach still demonstrated the importance of auditing systems for unauthorized access and having a robust security response plan in place.
Your organization's attack surface is a collection of all the external points where someone could infiltrate your corporate network. Think of your attack surface as any opportunity or vulnerability a bad agent can use to enter part of your IT infrastructure.
As more and more data and critical systems go online, the risks associated with cyber threats magnify. One of the most important aspects of cybersecurity is managing vulnerabilities and the attack surface (AS). While attack surface management (ASM) and vulnerability management (VM) serve similar objectives, they differ significantly in terms of their scope, methodologies, and approaches. In this article, we delve into the details of ASM and VM and provide a comprehensive comparison between the
A runtime decision-making strategy for what features and/or data a user can access based on policies and user attributes.
An audit log is a document that records what is happening within an IT system.
Authentication is the process of verifying a user or device before allowing access to a system or resources.
An authentication bypass vulnerability is a weak point in the user authentication process. A cybercriminal exploiting such a weakness circumvents authentication altogether to gain access to an application, service, or device. They can then expand the attack and steal sensitive data, download malicious firmware, or perform other harmful acts.
When it comes to protecting sensitive data and ensuring systems security, two key concepts come into play - authentication and authorization. Although they are often used interchangeably, they are distinct concepts with different functions, methods, and implications. Understanding the difference between the two is critical for safeguarding confidential information, providing secure access to resources, and complying with relevant regulations. In this article, we will break down the basics of
Amazon Web Services (AWS) has emerged as one of the leading providers of cloud computing services, providing a wide range of management tools for computing, storage, networking, and databases. Among these services are AWS CloudTrail and AWS CloudWatch, two of the most essential tools for IT infrastructures. In this article, we will compare the features, benefits, and use cases of AWS CloudTrail and AWS CloudWatch, their integration with other AWS services, and the pricing structure of each
The difference between an IAM role and a user is that a role can be temporarily or permanently applied to a user to give the user bulk permissions for a task. Unlike a user, a role does not have associated passwords or credentials and can be easily applied to multiple users to grant access to a set of permissions at once.
Understanding NoSQL Databases Before we take a closer look at the various NoSQL databases provided by AWS, let's first understand what NoSQL databases are. In simple terms, NoSQL databases are flexible, non-relational databases that can store and manage unstructured data. They are capable of ...
B
On Nov. 3, 2023, a ransomware gang hacked into a Bank of America service provider's systems. The data breach exposed the personal information of more than 57,000 Bank of America clients. While it affected only a small sliver of the bank's 69 million total clients, the breach still demonstrated the importance of auditing systems for unauthorized access and having a robust security response plan in place.
A bastion host is a server used to manage access to an internal or private network from an external network - sometimes called a jump box or jump server.
Behavior-Based Access Control (BBAC) is a security model that grants or denies access to resources based on the observed behavior of users or entities. It dynamically adapts permissions according to real-time actions, enhancing security by evaluating ongoing activities rather than relying solely on static policies.
A brute force attack is a cyber attack where a hacker guesses information, such as usernames and passwords, to access a private system. The hacker uses trial-and-error until correctly guessing the credentials needed to gain unauthorized access to user accounts or organizational networks.
C
Software or hardware that is either hosted in the cloud or on-premises. It adds a layer of security between users and cloud service providers and often overlaps with secure web gateway (SWG) functionality.
Employer-employee relationships don’t always end well. Terminations, even rightful ones, leave a bad taste in the recipient's mouth — in some cases, so much so that the former employee decides to go on a revenge mission. This situation is what got Cash App hacked in 2021. Insider threats can cause some of the worst security breaches an organization could ever experience. Though in this case, the former employee had already left the company when they illegally downloaded customer data.
Charles Schwab, a behemoth in the brokerage and financial services space, fell prey to a well-orchestrated data breach in mid-2023. In a devastating spree that downed dozens of other companies, hackers primarily exploited vulnerabilities within the MoveIt software solution. The Charles Schwab data breach is a stark reminder that safeguarding consumer and company data shouldn’t be an afterthought, but rather a priority.
In February 2024, JPMorgan Chase reported that it discovered a data breach affecting the personal information of nearly half a million customers. According to the new filings with the Office of the Maine Attorney General, the banking giant found a software glitch that allowed unauthorized access to certain data since August 26, 2021. This Chase data breach highlights the importance of strong security practices and ongoing attention to safeguarding information.
On November 8, 2023, hackers under the username DrOne leaked a database containing the personal information of over 800,000 Chess.com users. While it affected only a small fraction of the company’s 150 million members, the Chess.com data breach still demonstrates the importance of auditing systems for malicious access.
CI/CD (continuous integration/continuous deployment) is a collection of practices for engineering, testing, and delivering software. A CI/CD pipeline is composed of the tools that developers, test engineers, and IT operations staff use to execute these practices. CI/CD pipeline tools leverage automation to improve code quality and speed time to market.
A June 2024 letter posted on the state of Massachusetts website revealed that Citibank experienced a data breach last year. According to the notification to the bank's customers, the Citibank data breach involved credit card information from its Citi Rewards+ product, which ended up exposing customers’ personal information. This article will explore what caused this breach, the steps Citi took to contain it, and what your organization can do to prevent a similar data breach.
What is Cloud Application Security? Cloud application security is a crucial aspect of modern business operations, especially as more organizations turn to cloud-based solutions to store and process sensitive data. It involves the implementation of various security measures to detect, prevent and ...
Cloud Infrastructure Entitlement Management (CIEM, pronounced “kim”) is a category of specialized software-as-a-service solutions that automate the detection, analysis, and mitigation of cloud infrastructure access risk across hybrid and multi-cloud environments.
What is Cloud Workload Security? Cloud workload security is the practice of securing applications and their composite workloads running in the cloud. Examples of cloud workloads include applications, virtual machines, containers, databases, and services. It is necessary to protect all cloud ...
Input/Output (IO) is a fundamental aspect of modern computing systems. In order to effectively send and receive data between a computer and its peripherals, two primary methods are used: Input/Output Access (IOA) and Input/Output Control (IOC). While both these methods perform similar tasks, they have functional differences that set them apart. In this article, we will explore the differences between IOA and IOC, their advantages and disadvantages, and real-world applications.
Container orchestration platforms are becoming increasingly popular with developers and businesses alike. They provide a way to manage and automate the deployment, scaling, and management of containers, making it easier to run and manage applications at scale. But with so many options available, it can be difficult to know which container orchestration platform is right for your needs. In this article, we'll compare two of the most popular platforms, Kubernetes and Mesos, to help you make an
In today's ever-evolving threat landscape, businesses must remain vigilant in defending their networks against potential attacks. As a result, Managed Detection and Response (MDR) and Managed Security Service Providers (MSSPs) have become increasingly instrumental in helping businesses maintain a secure network environment. While both approaches to cybersecurity sound similar, there are subtle differences between the two that are worth exploring.
Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) are two terms that frequently come up in discussions of modern networking. While the two are related, they are not interchangeable. So what's the difference? In this article, we'll compare SDN and NFV, exploring their similarities and differences, and looking at how they are being used in real-world scenarios.
In the ever-changing technology landscape, software-defined networking (SDN) and software-defined wide area network (SD-WAN) are two buzzwords that have caused much confusion. While both technologies share similarities, they offer different approaches to networking. Understanding their differences is crucial for businesses looking to optimize their network infrastructure.
Businesses operate in a data-driven world, handling data for different purposes. As more data is generated, companies seek ways to organize and manage this data. Among the critical data security concerns are SIEM and log management. In this article, we will discuss SIEM and log management, define their key components, address the role they play in cybersecurity, compare their features, and discuss the best way to choose the right solution for your organization.
In the realm of software development, there are two popular approaches to managing complex systems: Site Reliability Engineering (SRE) and DevOps. While these methodologies share some similarities, they also have important differences that set them apart. In this article, we'll delve into the origins, principles, and practices of SRE and DevOps, and explore their key similarities and differences.
As we continue to combat the increase in cybersecurity threats, it’s essential that businesses have a comprehensive plan in place to protect their assets. One key element of this plan is investing in security solutions such as XDR, SIEM and SOAR. But what are these solutions, and how do they differ? In this article, we will break down the basics of XDR, SIEM, and SOAR and highlight the differences between them.
Continuous Adaptive Risk and Trust Assessment (CARTA) is an IT security framework that goes beyond traditional role-based access control (RBAC). By adding attribute-based access control (ABAC), it enables continuous, context-aware security assessment in real time. Gartner introduced CARTA in 2010, building on its original Adaptive Security Architecture.
Credential stuffing is a type of cyber attack that occurs when a person or bot steals account credentials, such as usernames and passwords, and tries to use them to access multiple systems.
Online security risks are a constantly evolving concern. As we increasingly rely on digital platforms for everything from communication to banking and personal file storage, hackers are constantly seeking new ways to gain access to sensitive information. Two common types of attacks are 'credential stuffing' and 'password spraying', both of which can result in significant damage if not detected and prevented in a timely manner.
Cyber insurance, also called cybersecurity insurance or cyber liability insurance, is an insurance policy that covers the losses a business might suffer from a data breach or cyber attack.
D
Data Loss Prevention (DLP) is a series of tools and practices that help companies recognize and prevent data exposure by controlling the flow of information within and outside of the organization.
Data observability is the ability to understand, diagnose, and manage data health across multiple IT tools throughout the data lifecycle. A data observability platform helps organizations to discover, triage, and resolve real-time data issues using telemetry data like logs, metrics, and traces.
Data Security Posture Management (DSPM) refers to the proactive and continuous assessment, monitoring, and enhancement of an organization's data security measures. It involves the analysis of data security policies, controls, and configurations to ensure robust protection against potential threats, vulnerabilities, and compliance risks.
What is Defense-in-depth? Defense-in-depth began as a military term for a layered approach to protection. The NSA has taken that military strategy and applied it to cybersecurity. Defense-in-depth means applying a multi-faceted approach to reducing risk while containing and eliminating threats. ...
In today's fast-paced business world, technology and software development have become crucial for organizations to stay ahead of the competition. With increasing demand for faster and more efficient delivery of software and applications, the need for adopting DevOps and DevSecOps has become more important than ever before. While both approaches focus on delivering high-quality software, there are significant differences between the two that organizations need to understand to make informed
Digital Forensics and Incident Response (DFIR) is a cybersecurity practice for identifying, investigating, and remediating cyberattacks. Computer security incident response teams (CSIRT) collect and review data from applications, networks, and endpoints in order to analyze an attack. They typically follow up with various types of responses, reporting, and remediations.
What Are Directory Services? A directory service is a database containing information about users, devices, and resources. This information, such as usernames, passwords, and user preferences, allows system and network administrators to control access to applications and resources. Directory ...
In March 2023, Discord, one of the world's most popular communication platforms among online communities, suffered a breach that impacted nearly 200 user accounts. Orchestrated through one of Discord's third-party services, the well-known data breach serves as a stark reminder that protecting your customers' sensitive data should be a continuing endeavor — not a one-off event.
What is Dynamic Access Control (DAC)? Dynamic Access Control (DAC) is a Windows Server feature that debuted in Windows Server 2012. It leverages data-governance technology to give administrators granular, context-aware control over access to file system resources. Administrators can set conditional ...
E
In today's world, cyber threats are becoming more sophisticated, and even the most robust security measures cannot guarantee total protection. As a result, organizations have adopted cybersecurity solutions that provide real-time threat detection, response, and remediation capabilities. Three such solutions that have gained popularity in recent years are Endpoint Detection and Response (EDR), Managed Detection and Response (MDR), and Extended Detection and Response (XDR). Understanding the
What is Endpoint Privilege Management (EPM)? Endpoint Privilege Management (EPM) is a critical process that ensures that users and applications have access to the endpoints they need while keeping unauthorized access at bay. An endpoint may refer to a desktop, laptop, server, mobile device, or any ...
An enterprise Kubernetes (K8s) platform packages Kubernetes—an open source container orchestrator—into a simple-to-use product for companies. Container orchestration and K8s cluster management at scale are notoriously complex. An enterprise solution’s built-in management and security features allow companies to deploy Kubernetes into production faster, with less cost and skill required.
What is Enterprise Password Management? Enterprise Password Management is a system or software designed to securely store, manage, and control access to passwords used by employees within an organization. It provides a centralized platform for creating, storing, and updating passwords, as well as ...
An ephemeral environment is a short-lived clone of the UAT (user acceptance testing) or production environment. Software teams create ephemeral environments in order to run tests, preview features, or collaborate with other teams. Ephemeral environments enable them to catch and remediate bugs and security issues early in the software development life cycle.
In March 2017, unfortunate events allowed hackers to access the personal information of millions of Equifax customers. The intruders stayed active in company systems for several months before the company recognized their presence. The Equifax data breach demonstrates why zero-trust authorization protocols are so important to a company's cybersecurity protections.
The Experian data breach proves that no organization is too big for attackers to target. Actually, when you look at it, the bigger the organization, the more enticing it is for hackers. In September 2015, hackers gained access to one of the three main credit agencies in the U.S., Experian. The Experian data breach exposed millions of its customers’ data stored in a server, including T-Mobile customers.
Eye4Fraud provides fraud protection services for online sellers. It examines their transactions to ensure every order is legitimate. Unfortunately, even a company dedicated to fighting against cybercrimes isn't immune to data breaches. In January 2023, Eye4Fraud faced a cybersecurity nightmare. Hackers wormed their way into its systems and stole the details of millions of businesses and their customers.
F
In April 2021, Facebook experienced a data leak. Cybercriminals accessed personal information belonging to more than half a million Facebook users and published it on a hacking forum. Although it's often referred to as one of the biggest cyberattacks of 2021, the original breach actually happened in 2019, but it resurfaced two years later, haunting Facebook shareholders and users alike.
Single sign-on (SSO) and federated identity management (FIM) are two popular methods of identity management that are commonly used to simplify authentication and authorization processes. However, while they may seem similar at first glance, there are significant differences between the two approaches. This article will delve into the similarities and differences between SSO and FIM, and explore some of the benefits and drawbacks of each method.
In August 2024, one of the largest asset managers, Fidelity Management & Research, fell victim to a data breach. This lasted for two days until the firm detected it and shut it down on August 19. This was the second data breach for Fidelity last year. In March, it went through a third-party breach involving Infosys McCamish, which affected about 30,000 of its customers. But this article will explore what happened in the August Fidelity data breach so you can help your organization prevent a
FIDO2 is the newest set of specifications from the FIDO Alliance. It enables the use of common devices to authenticate to online services on both mobile and desktop environments, using unique cryptographic login credentials for every site.
G
In 2018, Google, one of the world's largest tech companies, was at the center of major privacy concerns when it disclosed a data breach that had exposed the personal information of more than 52 million users. The news shocked many, not just because of the size of the breach, but also because it came from such a big tech company.
H
Compliance with the Health Insurance Portability and Accountability Act (HIPAA) means adhering to the rules and regulations that impact what, how, and when protected health information (PHI) can be shared, and by whom.
HITRUST is a non-profit company that delivers data protection standards and certification programs to help organizations safeguard sensitive information, manage information risk, and reach their compliance goals.
A honeypot is a phony digital asset designed to look like a poorly-guarded, valuable asset. The goal is to trick cyber attackers into targeting the vulnerable honeypot, which deflects attention away from critical assets, alerts companies to when and what type of attack is occurring, and enables them to mitigate the risk before important network security perimeters are compromised.
I
Identity and access management (IAM or IdAM) is a framework containing the tools and policies a company uses to verify a user’s identity, authorize controlled access to company resources, and audit user and device access across their IT infrastructure.
Identity as a Service (IDaaS) is an identity and access management (IAM) solution delivered in a cloud-based service that is hosted by a trusted third party.
Identity governance and administration (IGA), also called identity security, is a set of policies that allow firms to mitigate cyber risk and comply with government regulations to protect sensitive data. These policies help prevent breaches by ensuring that the right employees access data only as needed.
What is Identity Lifecycle Management? Identity lifecycle management is the process of managing user identities and access privileges for all members of an organization. It follows each user from onboarding to departure, provisioning, updating or revoking access to applications and resources as ...
Identity security refers to the tools and processes intended to secure identities within an organization. Based upon the Zero Trust model, identity security assumes that any identity may potentially become privileged and access important assets. It aims to protect, manage, and monitor identities to prevent unauthorized access, breaches, and theft.
What is Identity Threat Detection and Response (ITDR)? Identity Threat Detection and Response (ITDR) refers to a range of tools and processes designed to identify and respond to potential identity-based threats to an organization's digital systems. These threats may come from inside the company, ...
While there's an overlap between IGA and IAM, key differences distinguish the two. IAM focuses on authenticating and authorizing user access, primarily dealing with the technical aspects of ensuring the right individuals access the right resources. On the other hand, IGA encompasses IAM processes but extends to managing and enforcing policies related to security and compliance within an organization.
An indicator of attack (IOA) is digital or physical evidence of a cyberattacker’s intent to attack. IOA detection focuses specifically on an adversary’s motive rather than specific tools or methods used. By determining an attacker’s objective early in the attack lifecycle, security teams can proactively prevent a data breach from occurring.
An insider threat is a threat to an organization that occurs when a person with authorized access—such as an employee, contractor, or business partner—compromises an organization’s data security, whether intentionally or accidentally.
ISO/IEC 27001, or ISO 27001, is the international standard that defines best practices for implementing and managing information security controls within an information security management system (ISMS).
ISO 27002, or ISO/IEC 27002:2022, provides guidance on the selection, implementation, and management of security controls based on an organization's information security risk environment.
ISO 27003, also called ISO/IEC 27003:2017, provides guidance for implementing an ISMS based on ISO 27001.
J
Just-in-time (JIT) access is a feature of privileged access management (PAM) solutions to grant users access to accounts and resources for a limited time when they need them.
K
Kubernetes governance refers to the policies and procedures for managing Kubernetes in an organization. Governance applies to technical units (such as clusters, applications, and namespaces) as well as organizational units (such as teams, groups, and users). Governance policies prevent misconfiguration, security vulnerabilities, and other issues resulting from platform mismanagement.
L
Lateral movement is when an attacker gains initial access to one part of a network and then attempts to move deeper into the rest of the network — typically via remote desktop tools or remote administration tools (RATs).
Lightweight directory access protocol (LDAP) is an open-standard and vendor-agnostic application protocol for both verifying users' identities and giving access to on-premises servers, applications, and even some devices. After installing an LDAP client on a user device, it can use transmission control protocol/internet protocol (TCP/IP) to communicate with a directory on the network to access a resource such as an email server, printer, or data set.
The real estate sector has experienced a spate of shocking cyber incidents in recent times. But few have been as devastating as the LoanDepot data breach. A ransomware attack at its core, the January 2024 event is a cautionary tale on the impact of not taking customer data security seriously. The question is, what really happened, and how should you react to a hacker invasion?
Log analysis is the practice of examining event logs in order to investigate bugs, security risks, or other issues. Analyzing automatically generated log files—which capture activity taking place within applications, operating systems, and devices—can help IT staff pinpoint root causes, track user behavior, and solve customer-facing issues.
Log data—from system, application, and security log files, for example—help IT staff identify technical issues, troubleshoot, improve performance, and address security issues. Log management is the practice of collecting, processing, analyzing, and storing log data from multiple sources. It centralizes the data, enabling IT to easily access, search, and analyze it.
M
A man-in-the-middle (MITM) attack is a cyber attack in which a threat actor puts themselves in the middle of two parties, typically a user and an application, to intercept their communications and data exchanges and use them for malicious purposes like making unauthorized purchases or hacking.
In September 2018, Marriott International uncovered unauthorized access to its Starwood brand reservation database—an incident that ultimately became one of the largest data breaches, affecting nearly 500 million guests worldwide.
Microsegmentation is a network security practice that creates secure zones within data center environments by segmenting application workloads into intelligent groupings and securing them individually.
Hardly a year passes without a "Microsoft hacked" story hitting the headlines. In their frequency and sophistication, these incidents highlight a widely known truth: The bigger the company, the higher it is on the hackers' hit list. From the infamous 2021 exchange server attack to the more recent email system compromise, the Microsoft data breach incidents below are worth learning from.
Monitoring is the collection and analysis of data pulled from IT systems. DevOps monitoring uses dashboards— often developed by your internal team—to measure the health of your applications by tracking particular metrics.
On Oct. 31, 2023, Mr. Cooper Group, a leading non-bank mortgage loan servicer, experienced a large-scale data breach. An unauthorized third party gained access to the company's customer data, exposing the personal information of millions of clients. The cybersecurity incident accentuates the importance of implementing effective cybersecurity measures to protect company data and private customer information.
N
When word got out about the National Public Data breach, the world went into a frenzy. Why? National Public Data (NPD) handled billions of personal data records across several countries, including the U.S., U.K., and Canada, for background check purposes. The breach reportedly occurred in December 2023 and went on for several months, all the way to April 2024, when the hackers started selling the stolen data online. Interestingly enough, it took another four months for NPD to acknowledge the
Network segmentation (also known as network partitioning or network isolation) is the practice of dividing a computer network into multiple subnetworks in order to improve performance and security.
NIST compliance broadly means adhering to the NIST security standards and best practices set forth by the government agency for the protection of data used by the government and its contractors.
O
Observability is defined as a measure of how well the internal states of a system can be inferred from knowledge of its external outputs.
OAuth (OAuth 2.0 since 2013) is an authentication standard that allows a resource owner logged-in to one system to delegate limited access to protected information to a third party without sharing the owner’s security credentials. Instead, the third-party system obtains approval from the resource owner for a short-lived access token from an authorization server with approval of the resource owner.
OpenID Connect (OIDC) is an authentication layer built on top of the OAuth 2.0 authorization framework. OIDC allows third-party applications to obtain basic end-user profile information and verify an end user's identity. OpenID Connect (OIDC) allows a wide range of users to be identified, from single-page applications (SPAs) to native and mobile apps. Like SAML, OIDC may also be used to provide single sign-on (SSO) across apps.
In February 2024, a ransomware gang hacked into Change Healthcare systems, a subsidiary of UnitedHealth’s Optum. The data breach compromised the personal information of more than 190 million patients. It also led to the shutdown of the data clearinghouse that serves most U.S. medical providers, millions of patients, and nearly 67,000 pharmacies. The Optum data breach demonstrates why zero-trust security protocols are essential to a company’s cybersecurity protections.
The Organization for the Advancement of Structured Information Standards (OASIS) is a non-profit consortium that develops and promotes open standards for the global information society. OASIS facilitates collaboration among industry participants to drive the adoption of interoperable and scalable solutions in various domains, including cybersecurity and cloud computing.
P
What is Pass-the-Hash (PtH) Attack? Pass-the-hash (PtH) attacks are a type of network attack that involves stealing hashed credentials from one computer and using them to gain unauthorized access to other computers on the network. The attacker does not need to crack the actual password, but rather ...
What is Password Rotation? Password rotation is a security practice that involves changing passwords regularly to prevent unauthorized access to personal or business information. It is typically recommended to change passwords every 30, 60, or 90 days. It is essential to note that password rotation ...
What is Password Vaulting? Password vaulting is a technique used to store passwords in a central location and protect them with encryption. The primary purpose of a password vault is to simplify password management by eliminating the need to memorize multiple passwords for different accounts. ...
Passwordless authentication is a verification method in which a user gains access to a network, application, or other system without a knowledge-based factor such as a password, security question, or PIN.
Hackers accessed thousands of PayPal user accounts between Dec. 6 and Dec. 8, 2022. The attack exposed customers' personal information, opening them up to the risk of fraud and identity theft, among other things. While the PayPal data breach didn't impact all customers, it demonstrates the importance of implementing effective data security protocols.
PCI compliance—or payment card industry compliance—is the process businesses follow to meet the Payment Card Industry Data Security Standard (PCI DSS).
A Policy Decision Point (PDP) is a component in a system that makes decisions based on policies that have been defined within that system. It is a crucial part of a policy-based management system, which is a system that uses policies to manage a network or system.
Policy-Based Access Control (PBAC) is another access management strategy that focuses on authorization. Whereas RBAC restricts user access based on static roles, PBAC determines access privileges dynamically based on rules and policies. Although PBAC is fairly similar to ABAC, ABAC requires more IT and development resources (e.g., XML coding) as the number of attributes required increases.
In network security, least privilege is the practice of restricting account creation and permission levels to only the resources a user requires to perform an authorized activity.
Privileged access management (PAM) encompasses the policies, strategies, and technologies used to control, monitor, and secure elevated access to critical resources for human and service accounts.
Cloud privileged access management is cloud-based PAM consumed as a service, or PAMaaS. Companies can replace their on-premises PAM technology with a fully managed cloud PAM solution. Doing so offers benefits including cost savings, reduced maintenance, and improved security.
A privileged account is a user account with greater privileges than those of ordinary user accounts. Privileged accounts may access important data or systems or exercise administrative powers. For these reasons, it is especially important to secure privileged accounts to prevent unauthorized use.
What is Privileged Session Management? Privileged session management (PSM) is an IT security process that monitors and records the sessions of privileged accounts. When these accounts access servers, databases, and network devices, PSM captures activity, like screen output and keystrokes. ...
Cloud computing has revolutionized the way businesses and organizations operate, allowing them to store, access, and manage data and applications in remote, virtual servers. However, there are many types of cloud services available, including public and private clouds. Both options have their benefits and drawbacks, and choosing the right one for your organization can be confusing. In this article, we will explore the key differences between public and private clouds and their respective
R
A Rainbow Table Attack is a cryptographic attack method that uses precomputed tables of hash values to quickly reverse-engineer plaintext passwords from their hashed counterparts. By matching the hash of a password to a precomputed hash in the table, attackers can efficiently recover the original password without exhaustive search.
“Red team vs. blue team” is a cybersecurity drill during which one group, dubbed the “red team,” simulates the activities of cyberattackers. A separate group, dubbed the “blue team,” defends against the red team’s attacks. This helps organizations test their defense capabilities against real-world attack techniques, discover vulnerabilities, and develop remedies.
ReBAC is a model that extends the traditional Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) models by considering the relationships between entities. These entities could be users, resources, or any other objects in a system. The relationships are typically defined in terms of a graph where nodes represent entities and edges represent relationships.
What is Remote Access Security? Remote access is the ability to access resources, data, and applications on a network from a location other than the network's physical location. It enables users to work remotely and stay productive while working from home, traveling, or other remote locations. ...
Remote code execution (RCE) is a cyberattack in which an attacker remotely executes commands to place malicious code on a computing device. Input or activity on the part of the target (such as downloading malware) is not necessary. RCE can compromise a device and exfiltrate data with nothing more than a public or private network connection.
With the increase in online traffic and the need for secure and fast network connections, reverse proxies and load balancers have become integral components of modern network architecture. However, despite their similarities, there are distinct differences between these two solutions. This article will delve into the key features, their roles in network architecture, and how to choose the right solution for your needs.
What is Robotic Process Automation (RPA) Security? Robotic process automation (RPA) is software that mimics human actions to automate digital tasks. Having many RPA robots, or bots, in production poses a significant security risk by increasing the surface area for cyberattacks. Organizations can ...
Role-based access control (RBAC) is a security approach that authorizes and restricts system access to users based on their role(s) within an organization.
S
Imagine this: Your organization experiences a data breach, yet things continue to run as usual. You don’t experience interruptions, and your partners and clients also don’t notice any irregularities … until an outsider (read law enforcement) raises the alarm that you’re under attack. And as if that’s not shocking enough, the data breach has been happening for months. That is exactly what happened in the Salesforce data breach of 2019.
SAML is a popular online security protocol that verifies a user’s identity and privileges. It enables single sign-on (SSO), allowing users to access multiple web-based resources across multiple domains using only one set of login credentials.
SAML enables SSO by defining how organizations can offer both authentication and authorization services as part of their infrastructure access strategy. As an open standard, SAML can be implemented by a wide variety of identity and access management (IAM) vendors. Additionally, IdPs and service providers that adhere to the standard can communicate freely, regardless of vendor.
Many businesses have traditionally relied on Multiprotocol Label Switching (MPLS) networks to connect their remote sites and branch offices. However, Software-Defined Wide Area Networking (SD-WAN) has emerged as a viable alternative to MPLS, offering greater flexibility, lower costs, and advanced security features. In this article, we will compare the benefits and drawbacks of SD-WAN and MPLS and help you determine which solution is best for your network needs.
Secrets management is a cybersecurity best practice for securing digital authentication credentials. It relies on various tools and methods to store, access, and manage these credentials.
Secure Access Service Edge (more commonly known by the SASE acronym) is a cloud architecture model that combines network and security-as-a-service functions to deliver them as a single cloud-based service.
A Security Incident Response Policy (SIRP) establishes that your organization has the necessary controls to detect security vulnerabilities and incidents, as well as the processes and procedures to resolve them.
Security Operations (SecOps) is a methodology that fuses IT operations and information security. Its goal is to reduce security risks and vulnerabilities in applications without compromising performance, uptime, or business agility and innovation.
Separation of duties (SoD) is the division of tasks among organization members to prevent abuse, fraud, or security breaches. SoD encompasses a set of risk-management, internal control and identity governance policies. It ensures that no single individual is responsible for any important IT or business task in its entirety, providing preventative checks and balances.
What is Shadow IT? Shadow IT is software or hardware in use in an organization without the knowledge of the IT department. Business units or individuals may adopt cloud services, software, or devices without informing IT to help boost productivity. Shadow IT can result in application sprawl, ...
Shoulder surfing is a form of social engineering where an attacker obtains sensitive information by observing the victim's screen or keyboard inputs, often by looking over their shoulder. This technique is commonly used to steal passwords, PINs, or other confidential data in public or crowded places.
Single-factor authentication (SFA) or one-factor authentication involves matching one credential to gain access to a system (i.e., a username and a password). Although this is the most common and well-known form of authentication, it is considered low-security and the Cybersecurity and Infrastructure Security Agency (CISA) recently added it to its list of Bad Practices.
Snowflake hacked! Yes, those were the headlines going around for the better part of April to July 2024. What started as a “small breach” eventually snowballed into what many in the cybersecurity industry consider one of the biggest breaches in 2024. A “limited number” of customer accounts being affected was what Snowflake initially reported, but with what we know now, it was a full-blown malware attack that led to high volumes of compromised customer data ending up on the dark web for sale.
When it comes to modern software development, two terms that are often used interchangeably are Service-Oriented Architecture (SOA) and Microservices. While there are similarities between the two, they are not the same thing. In this article, we will explore the key differences between SOA and Microservices.
SOC 2 stands for “Systems and Organizations Controls 2” and is sometimes referred to as SOC II. It is a framework designed to help software vendors and other companies demonstrate the security controls they use to protect customer data in the cloud.
With a software-defined network, networking devices directly connect to applications through application programming interfaces (APIs), making SDN programmable and independent from the hardware infrastructure.
In April 2011, Sony experienced one of the most notorious data breaches in history when hackers infiltrated the PlayStation Network (PSN). This cyberattack exposed personal information of millions of users, including names, addresses, and potentially credit card details, leading to widespread concern and a major shake-up in the company's approach to cybersecurity.
SOX compliance is an annual obligation derived from the Sarbanes-Oxley Act (SOX) that requires publicly traded companies doing business in the U.S. to establish financial reporting standards, including safeguarding data, tracking attempted breaches, logging electronic records for auditing, and proving compliance.
In today's digital age, many individuals and organizations rely on technology for communication, transactions, and data storage. However, with this reliance comes the risk of cyber attacks such as phishing and spear phishing. While these two terms may seem interchangeable, they have distinct characteristics that set them apart from each other.
Even the best security practices can’t always protect you from one major risk: third parties. A single weak link—whether a vendor, partner, or service provider—can put your entire organization at risk. Just ask Spectrum. In November 2023, news broke of a data breach when Welltok, Inc., acting on behalf of Spectrum Brands, sent a notice to those affected, revealing a security incident that exposed employee data.
In today's digital age, there are many cybercrimes that individuals and organizations need to be aware of. Two of the most common cybercrimes are spoofing and phishing. Although these two terms are often used interchangeably, they are actually different types of cyber attacks with unique characteristics and impacts. In this article, we will explore the definitions of spoofing and phishing, the techniques used in executing these attacks, and the impact they can have on individuals and
Understanding SQL and NoSQL Databases When it comes to managing data, there are two main types of databases: SQL and NoSQL. While both types of databases are used to store and organize data, they differ in their structure, scalability, and query complexity. What is SQL? Structured Query Language, ...
T
While T-Mobile has experienced several other breaches in past years, this article will focus on the latest one: The 2021 T-Mobile data breach took place between March and August 2021. Reports indicated that this breach continued for six months, unknown to T-Mobile, until an outsider informed the company about hackers selling customers' data on the dark web. But what exactly happened, and why didn’t T-Mobile notice the breach? Let’s find out.
A single weak link — whether it's a service provider, vendor, or partner — can put your entire organization at risk. Just ask Target: In December 2013, news broke when one of the largest U.S. retailers acknowledged a major security incident.
Technical debt is any software code which achieves a short-term goal at the cost of some future drawback. It commonly takes the form of code that expedites shipment of new software, which will eventually require refactoring. Technical debt may incur monetary costs or slow the release of new features later on.
Derived from the Greek roots tele ("remote") and metron ("measure”), telemetry is the process by which data is gathered from across disparate systems to paint a picture of the internal state of the larger system that contains them.
What Is a Threat Actor? A threat actor is any individual or group that has the intent and capability to exploit vulnerabilities in computer systems, devices, and networks for their own gain. Threat actors can be individuals, organizations, or even state-sponsored entities. Threat actors can come ...
Threat hunting is the cyber defense practice of proactively searching for threats within a network. Threat hunters look for threats that may have evaded an organization’s existing endpoint security. Their main aim is to prevent any present threats or attacks from advancing and doing serious harm.
The ultimate findings from cyberthreat analyses are referred to as threat intelligence. Producing threat intelligence involves a cycle of collecting data and information on threats, analyzing it, and then carefully interpreting it. Threat intelligence can inform evidence-based decisions on how best to prevent or halt cyberattacks.
The Ticketmaster data breach is a classic case of just how much third parties can put your organization at risk of cyberattacks. In May 2024, ShinyHunters, a notorious hacking group known for carrying out large-scale breaches, broke the internet after it claimed in a post made on a hacking forum that it had hacked Ticketmaster and stolen user data. A few days later, Ticketmaster confirmed the breach in a statement on its website.
In October 2023, Truist Bank suffered a cybersecurity event that exposed the private information of its employees. The hacker group responsible for the attack allegedly tried to sell the stolen data for $1 million on the dark web. Learn more about this data breach and what to do if you think you were compromised.
Two-factor authentication (2FA) adds a second layer of protection to your access points. Instead of just one authentication factor, 2FA requires two factors of authentication out of the three categories: 1. Something you know (i.e., username and password). 2. Something you have (e.g., a security token or smart card). 3. Something you are (e.g., TouchID or other biometric credentials).
U
In the world of web development, CRUD and REST are two terms that are frequently used, but often misunderstood. While both are important and have their own uses, they are fundamentally different. Understanding the difference between CRUD and REST will help you to choose the best method for accessing and manipulating data, based on the specific requirements of your project.
On February 21, 2024, United Healthcare was hacked in a ransomware data breach that impacted its Change Healthcare (CHC) unit. The data breach affected millions of customers and gave hackers access to significant amounts of sensitive personal information, including names, addresses, Social Security numbers, and healthcare records. Recovery from the breach is ongoing.
The United Services Automobile Association (USAA) has experienced several data breaches in the last few years. Most recently, in August 2024, USAA sent a notice to customers informing them that it had experienced a data breach in April. Given USAA's huge customer base of 13 million members and how sensitive they are (military members and veterans), news about this sent shock waves across the U.S. But what exactly happened, and how did the organization contain the breach? Read on for the full
V
In January 2024, a massive cybersecurity event that left 26 million records exposed affected the mobile payment service Venmo. Dubbed the "mother of all breaches" by the media, the incident involved many well-known brands and impacted millions of Americans, with the repercussions still felt today. But what happened exactly, and what should you do if hackers stole your data?
In February 2019, two security researchers identified a massive data leak in a database belonging to Verifications.io, an email validation service provider. This incident gained particular attention because the breach wasn't due to sophisticated hacking. Instead, the catastrophe was self-inflicted due to the company's negligent data security practices. Let's dive into how the Verifications.io data breach ultimately led to the company's downfall.
Vulnerability management (VM) is the proactive, cyclical practice of identifying and fixing security gaps. It typically leverages scanning software to pinpoint vulnerabilities in endpoints, applications, operating systems, and so forth. Security teams may apply patches or reconfigure settings, for example, to eliminate vulnerabilities before attackers can exploit them.
What is a Vulnerability Management Lifecycle? The vulnerability management lifecycle involves continuous monitoring and assessment of systems, regular updates and patches, and testing to ensure that vulnerabilities have been effectively addressed. Vulnerability management is a critical aspect of ...
W
In April 2024, Walmart’s retirement plan administrator, Merrill Lynch, experienced a security incident that revealed how even small internal oversights can create outsized risks. The breach, while limited in scope and unintentional in nature, affected nearly 1,900 Walmart employees participating in the company’s 401k plan.
WebAuthn is the API standard that allows servers, applications, websites, and other systems to manage and verify registered users with passwordless authentication such as a biometric or possession-based device authenticator.
In June 2023, Wells Fargo reported a security incident caused by an employee mishandling customer information in violation of company policy. In response, Wells Fargo took disciplinary action against the employee, updated its security measures, and started monitoring the affected accounts for anomalies.
A non-human identity is any digital credential not tied to a person. It’s what allows systems to communicate with each other securely, without human interaction. These identities can be short-lived or long-standing, privileged or limited—but they all serve the same basic purpose: authentication and access.
A human firewall refers to employees trained to recognize and prevent cyber threats, such as phishing attacks and malware. By fostering cybersecurity awareness and best practices, organizations enhance their defenses, with staff serving as a critical line of protection against breaches and unauthorized access.
A Policy Administration Point (PAP) is a crucial component in access control systems, responsible for defining and managing policies that regulate user permissions within an organization. It determines what actions individuals or entities are authorized to perform based on predefined rules, ensuring effective security and compliance.
A Policy Enforcement Point (PEP) is a component in a security framework that enforces access control policies. It regulates and monitors access to resources by evaluating and applying predefined rules, ensuring compliance with security policies within a system or network.
A policy engine is a software component that allows an organization to manage, enforce, and audit rules across their system. It is designed to provide a centralized point of control for policy management, reducing the complexity of managing rules in large and distributed systems.
A Policy Enforcement Point (PEP) is a component in a security framework that enforces access control policies. It regulates and monitors access to resources by evaluating and applying predefined rules, ensuring compliance with security policies within a system or network.
Access Discovery is the process of identifying and verifying available pathways to digital resources or information within a system or network. It involves locating and confirming the accessibility of data, services, or devices, often used in cybersecurity and network administration to ensure authorized access and detect vulnerabilities.
Active Directory (AD) bridging lets users log into non-Windows systems with their Microsoft Active Directory account credentials. This extends AD benefits across Windows and non-Windows systems and network devices, such as Linux, UNIX, and so forth. It also facilitates identity consolidation and limits the number of local accounts across IT systems, reducing attack surface.
Open Policy Agent (OPA) is an open-source, general-purpose policy engine that enables policy-as-code across diverse software stacks. It provides a unified framework for expressing and enforcing policies, enhancing security and governance by decoupling policy logic from application code.
Continuous Authorization is a security concept ensuring ongoing validation of users' access rights within a system. Employing real-time session monitoring and automated assessments via authorization policies allows dynamic adjustment of permissions based on user behavior and other contextual attributes, bolstering cybersecurity by promptly adapting to evolving threats and anomalous user activities.
What is Continuous Monitoring? Continuous monitoring is a systematic and ongoing process that uses automated tools and technologies to monitor the performance and security of an organization's systems and processes This approach helps businesses to detect problems early, mitigate risks, and ...
Customer Identity Access Management (CIAM) is a specialized branch of identity and access management designed to facilitate secure and seamless customer interactions with digital services. It encompasses tools and processes for managing customer identities, authentication, and authorization, ensuring personalized and secure access to online platforms.
Threat hunting is the cyber defense practice of proactively searching for threats within a network. Threat hunters look for threats that may have evaded an organization’s existing endpoint security. Their main aim is to prevent any present threats or attacks from advancing and doing serious harm.
Deprovisioning removes the access rights and deletes the accounts associated with a user on a network. When an organization offboards an individual, it’s important to terminate the access rights to applications, systems, and data. Neglecting to do so can result in “zombie accounts,” compromised security, or data leaks.
Disaster Recovery Policy is a strategic framework outlining procedures and resources to swiftly restore essential business functions after a disruptive event. It encompasses measures such as data backup, system restoration, and continuity planning to minimize downtime and mitigate the impact of disasters on organizational operations.
eXtensible Access Control Markup Language (XACML) is a standard for specifying and exchanging access control policies in computer systems. It provides a framework for expressing fine-grained access control decisions, allowing organizations to define and manage access policies in a flexible and interoperable manner.
Fine-grain access controls are a type of access control that enables granular access to systems, applications, and data. Access is based on specific attributes, characteristics, or conditions.
Group-Based Access Control (GBAC) is a security model that regulates access to resources by assigning permissions based on user group membership. It streamlines authorization management by granting or restricting access to individuals based on their inclusion in predefined groups, enhancing overall system security and administration efficiency.
Identity Fabric refers to an integrated set of identity and access management services that provide seamless and secure user access across a diverse range of platforms, applications, and environments. It aims to unify disparate identity systems into a cohesive, flexible, and scalable framework, supporting a consistent user experience and robust security measures.
Kerberoasting is a post-compromise attack technique for cracking passwords associated with service accounts in Microsoft Active Directory. The attacker impersonates an account user with a service principal name (SPN) and requests a service-related ticket. They then crack the password hash linked to that service account, log in with the plaintext credentials, and advance the attack.
What is NoSQL Injection? NoSQL Injection is a type of injection attack that exploits vulnerabilities in NoSQL databases by injecting malicious code into a query. This technique can allow attackers to bypass authentication, access unauthorized data, and modify data and database structure. NoSQL ...
A One-Time Password (OTP) is a security feature that generates a unique, temporary password for a single transaction or login session. Unlike static passwords, OTPs enhance security by preventing unauthorized access, as they are only valid for a short duration and cannot be reused.
Policy-as-Code refers to the practice of managing and implementing policy decisions through code, making them enforceable and verifiable within IT environments. This approach enables automated enforcement, validation, and auditing of policies, typically used in areas like security, compliance, and infrastructure configuration.
Privileged identity management is the process companies use to manage which privileged users—including human users and machine users—have access to which resources.
What is Remote Desktop Protocol (RDP)? Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft that allows users to remotely access and control a Windows-based system using a graphical user interface (GUI). With RDP, the user can interact with the remote system's desktop as ...
Segregation of Duties (SoD) is a risk management principle that ensures critical tasks are divided among different individuals to prevent conflicts of interest and unauthorized activities. This helps maintain internal controls, reduce the risk of errors or fraud, and enhance overall organizational security and integrity.
Vendor Privileged Access Management (VPAM) is a cybersecurity strategy that focuses on controlling and securing third-party access to an organization's sensitive systems and data. It involves implementing measures to authenticate, monitor, and manage the privileged access granted to external vendors, minimizing the risk of unauthorized activities.
Zero Trust Data Protection is a security framework that assumes no inherent trust, requiring verification from anyone trying to access data, regardless of their location or network connection. It emphasizes continuous authentication and strict access controls to mitigate cyber threats and safeguard sensitive information.
X
X11 Forwarding is a feature of the X Window System that allows a user to run graphical applications on a remote server while displaying them locally. This is commonly used over SSH, enabling secure execution and display of GUI applications across different machines.
Y
The 2013 Yahoo data breach is a classic case of how security flaws and weak encryption can expose your business to cyber threats. In August 2013, a group of unknown hackers exploited a vulnerability in Yahoo’s system and exposed the personal data of every single user.
Z
Zero Trust is a modern security model founded on the design principle “Never trust, always verify.” It requires all devices and users, regardless of whether they are inside or outside an organization's network, to be authenticated, authorized, and regularly validated before being granted access.
As cyber attacks become more advanced and frequent, organizations are realizing the importance of enhancing their cybersecurity strategies. Two approaches that have gained notable attention are zero trust and the principle of least privilege. Although they share similarities, these strategies differ in significant ways. In this article, we will explore the concepts of zero trust and the principle of least privilege and compare and contrast their key components and real-world applications.
Zombie accounts: forgotten accounts that open the door to bad actors looking to insert malware, steal data, and damage your internal systems.
