By: Cameron Matthews, vCISO & Sr. Security Consultant at Nth Generation You may think every business and government outfit that creates apps practices Secure Software Development Lifecycles (SSDLC), but you’d be wrong. Thus, the tidal wave of system compromises that afflict businesses on a daily basis. This article concerns the other SSDLC that organizations also do not practice: Secure SYSTEMS Development Lifecycle. This is an even greater problem than the first SSDLC: fail

Secure Access Service Edge (SASE), Secure Service Edge (SSE) – What are these all about? They sound similar, so why does Gartner make so many Magic Quadrants with seemingly overlapping capabilities? Let’s examine the differences and commonalities. SASE is a Gartner specification term coined in 2019 that explores cloud security products more as a framework; whereas SSE, coined in 2022, looks at a group of Cloud Security products within a single management domain. SSE also remo

Technical debt. This is a term used more and more to describe established IT environments that are overdue for updates of many kinds. The demand to deploy new systems and applications along with the lack of budget for regular hardware replacement means regular maintenance tasks can be ignored or deferred too many times, leaving the IT environment at risk. For example, running obsolete vSphere ESXi v5.1 on old processor hardware (i.e., Sandy Bridge, Ivy Bridge, or Opteron serv

By: Jerry Craft, vCISO, Sr. Security Consultant | Nth Generation As a virtual CISO, I have the pleasure of meeting with many different executives across a variety of business verticals every day. In an average day, I meet with executives and discuss business risk. One risk that keeps coming up but getting pushed aside is data retention. Time and time again, I find that some executives are unsure how, or if, they should be concerned about data retention or data classification

By: Jerry Craft, Nth vCISO and Senior Security Consultant Looking for a place to chat with experts? In the late ’80s and early ’90s, I was Matthew Broderick from the movie “War Games.” At that stage of my life, I had already burned through a Commodore VIC-20 and ventured into the new world of a Tandy 8088 computing system. This computing screaming demon was pure Intel 86 processor that had a 20MB hard drive and floppy drives. Yes, younger generations, I could write programs

Why Segmentation? Security, Security, Security!!!! Some say, “It is not if, but when” you will experience devices infected with malware such as ransomware or BIT mining. Opening a file in an email or a link on the web that the Next Generation Firewall (NGFW) or Antivirus (AV) has not detected could infect your machine and attempt to move laterally within your network, looking for valuable data and high-profile servers to attack. This means it can encrypt all your files for ra

Varonis’ CEO, Yaki Faitelson, and Nth Generation vCISO, Rich Lindberg, had the pleasure of recently catching up in a face-to-face exchange. They discussed ransomware and strategic approaches that organizations can utilize to manage this growing threat. This article stems from their recent conversation. Information drives nearly every organization today – and we've become totally reliant on it. Data and Information Technology (IT) provide competitive advantages for organizat

What does the Kaseya ransomware breach have in common with the tragic collapse of a 12-story Florida condominium? Both organizations were warned of critical problems to their infrastructure well in advance. The loss of life in Florida is tragic and there is no comparison to the financial loss of the Kaseya breach, even with the $70 million ransom demand. What is comparable is that both organizations had foreknowledge of the problems but failed to take effective action in adva

IT organizations are used to running older servers, storage, and networking gear. The typical mantra is to run them as long as possible; then even longer in an attempt to save money, reduce IT project churn, and stabilize the IT infrastructure. We’ll discuss a few of the problems that are created by this policy mindset, and the risks that are perpetuated either knowingly or unknowingly. In this article, there are two core viewpoints of the typical company thought processes th

If you have gone through a typical Incident Response Tabletop exercise, you know that it can be very predictive and boring. The scenarios are picked ahead of time. The responses are known. The responses are prepackaged, and it becomes a routine check mark. How do we address this? Make it a game. Gamification of training has long been a way to engage the audience for better results. There are also many ways to bring those same concepts to testing your IRP testing. Here are tw

With recent, acute cyberattacks, including the Colonial Pipeline takedown, ransomware continues to crescendo as a burning topic.