A cyber risk score provides an objective framework for the evaluation of a security posture. By converting these evaluations into an easy-to-grasp representation of qualitative cyber risk scoring, organizations can better understand how safe their assets are and where they need to improve. ThreatWatch Attenu8 platform offers a way to prioritize and assign a risk score […]

  • Posted in Uncategorized
  • Comments Off on ThreatWatch Risk Scoring
Imbalance between proactive and reactive cybersecurity

NIST Cybersecurity Framework (aka Framework for Improving Critical Infrastructure Cybersecurity) is an excellent resource for all organizations. There are 3 components to the framework as below: Core – Provides a set of desired cybersecurity activities and outcomes using common language that is easy to understand. Tiers – These implementation Tiers help assist organizations by providing […]

Third Party Cyber Risk Management

Overview In this blog article, let us take a look at the current approach to Third Party Cyber Risk Management (TPCRM), what it leaves on the table and what is really desirable. Most organizations today work closely with their business ecosystem which is key for business continuity. This business ecosystem includes but is not limited […]

AWS Cloud Security Vulnerability CSPM

Cloud adoption has increased exponentially over the years. 94% of enterprises use the cloud already. There used to be two main camps of cloud users as below: Cloud users who were skeptical of security of public cloud in the first place. Cloud users who believe that public cloud takes care of all security aspects automatically […]

cyber security

Security and risk folks are constantly trying to improve security without impacting business productivity. It is key to determine which projects will drive most business value while reducing risk. In September 2020, Gartner published their recommendations for Top 10 Security Projects for 2020-21 that security and risk management leaders should focus on. Here is a […]

Understanding the impact and relevance between public vulnerabilities and their weaponization into threats such as different types of malware’s is important to understand the level of investment and the type of focus that is needed for vulnerability management. Setting the Context Often malware is associated with brute force attacks such as compromised credentials to gain […]

  • Posted in Uncategorized
  • Comments Off on Malware and Public Vulnerabilities – Made for each other

Much has been reported, blogged and pod-casted about the recent high-profile cyber security events surrounding Solarwinds. However, for many including myself, there has been a sense of foreboding about such an event for some time now, given the state of third party security. The response from the stakeholders indicate that while this event is still […]

  • Posted in Uncategorized
  • Comments Off on Third party and supply chain security – a different approach
frictionless vulnerability management

Vulnerability assessment and management is a critical piece in the cybersecurity program for any organization. Most organizations perform periodic vulnerability scans. However, traditional vulnerability scanning tools have largely resulted in a painful experience for customers. This is due to multiple reasons as below: Need to install agents or scanner appliances across the fleet These agents […]