Blog by John Tolbert

Who is Responsible for Operational Technology Security?
Operational Technology is comprised of the hardware, software, and networks that actuate, control, monitor, and analyze physical processes, machines, and infrastructure used in various industries such as manufacturing, transportation, health care, power generation and distribution, pharmaceuticals, oil and gas, water treatment, etc. OT encompasses multiple categories including Critical Infrastructure Systems (CIS) for civil and national interests, such as power generation and distribution, traffic control, water treatment, etc.; Industrial Control Systems (ICS) such as SCADA nodes,...
Read More
Security for Operational Technology Environments
Operational Technology (OT) systems encompass Industrial Control Systems (ICS), Critical Infrastructure Systems (CIS), and Industrial Internet of Things (IIoT). OT environments face threats similar to those that traditional enterprise IT systems do, as well as threats unique to each type and implementation.  ICS environments are those found in manufacturing facilities and warehouses, and may involve dedicated Human-to-Machine Interfaces (HMIs), Programmable Logic Controllers (PLCs), sensors, valves, actuators, etc. Critical Infrastructure includes regional and municipal power...
Read More
PCI-DSS 4.0 launched
The Payment Card Industry (PCI) Standards Council has published a major update to the Data Security Standard (DSS), version 4.0. This version is an improvement over the current version, 3.2.1, which came out in 2018.   The new publication directs organizations that need to be compliant with the standard to use Multi-Factor Authentication (MFA) build-in “Dynamic Analysis”, or risk-based authentication, in alignment with Zero Trust perform access reconciliations harden systems and servers deploy anti-malware solutions ( Endpoint Protection Detection...
Read More
SentinelOne Acquires Attivo Networks: A Big Leap Forward to Security With Identity
SentinelOne has announced that they will acquire Attivo Networks, a leading Distributed Deception Platform (DDP) and Identity Threat Detection & Response (ITDR) solution provider. This appears to be a good move for SentinelOne, which is a leading Endpoint Protection Detection & Response (EPDR) vendor. SentinelOne went public with the one of the largest IPOs ever last year. Attivo was founded in 2011 in the Bay Area. Their initial focus was on the DDP market. DDP is an innovative approach to detecting and preparing for cyberattacks, whereby organizations deploy decoy resources to...
Read More
Has Your Organization Rolled Out MFA Yet?
Have you entered a password somewhere today? Do you wonder why you’re still having to do that? Did entering that password give you a feeling of digital safety? Did it make your consumer experience more enjoyable? Cybersecurity and identity management experts have been proclaiming the benefits of and absolute necessity of Multifactor Authentication (MFA) and risk-adaptive authentication for years now.  MFA is the leading concept for implementing strong authentication, which is defined as the combination of two or more of the following: something you know, something you have,...
Read More
What is XDR?
Almost all enterprises have many security tools in place already, some of which are still focused on perimeters/DMZs and on hosts, such as servers and endpoints. Endpoint Detection & Response (EDR) tools are becoming more commonplace in enterprises and SMBs. EDR tools depend on agents installed on endpoints to collect and transmit telemetry to the EDR console. EDR agents can be instructed by administrators and programmatically to respond to suspicious and malicious events, taking actions like gathering forensic evidence, terminating processes, removing malware, etc. EDR tools emerged...
Read More
Dark Side Ransomware Attacks
Last week Colonial Pipeline, one of the largest pipelines in the US, was hit by a ransomware attack from the Dark Side cybercrime group. While many pertinent specifics about the attack are not known, FireEye and US Cybersecurity and Infrastructure Security Agency (CISA) have shed some light on how Dark Side’s malware works. These two posts point out some common Tactics, Techniques, and Procedures (TTPs) that all organizations should be on the lookout for as indicators of attack: Password spraying against Virtual Private Network (VPN) devices. Legitimate user credentials...
Read More
Why Enterprises Are Choosing SOAR for SOCs
Security Orchestration, Automation, and Response (SOAR) platforms are attracting a lot of attention from many organizations, from enterprises to government agencies and even those on the upper end of Small-to-Mid-Sized Businesses (SMBs). The reason for this is clear: the cybersecurity landscape continues to evolve and get more complex in order to combat the corresponding rise in frequency and complexity of attacks. SOAR platforms can be the capstone application for Security Operations Centers (SOCs). Most organizations have a plethora of security tools already, such as Endpoint...
Read More
Symphony Technology Group (STG) Acquires McAfee Enterprise Business
STG announced that they intend to acquire McAfee’s enterprise business for around $4B. The McAfee brand will continue to operate and focus on consumer cybersecurity. STG will pick up MVISION, Global Threat Intelligence, database security, unified endpoint security, CASB, CSPM, CWPP, DLP, SIEM, SWG, XDR, and policy management products and services. STG picked up RSA from Dell in September 2020. When the deal closed, STG stated that RSA would remain independent and would pursue growth in their most successful product lines: Archer, SecurID, NetWitness, and the Fraud & Risk...
Read More
Okta & Auth0
Okta will purchase Auth0 for $6.5B. Okta is a leading IDaaS vendor , originally focused on workforce but now addressing B2E, B2B, and B2C use cases. Okta’s solutions are designed for organizations that want to quickly enable cloud-delivered identity and seamlessly interoperate with other SaaS applications. Auth0 had a different entry point into the realm of IAM. Auth0 was aimed at developers, both in functionality and their marketing approach. Auth0’s founders knew that this was an underserved market. Consider a case where a company needs to expose one or two major...
Read More
The Non-Zero Elements of Zero Trust
The ongoing SolarWinds incident illustrates that the much-lauded Zero Trust security paradigm is, in fact, based on trust. Zero Trust is about authenticating and authorizing every action within a computing environment. It is putting the principle of least privilege into action. In an ideal implementation of Zero Trust, users authenticate with the proper identity and authentication assurance levels to get access to local devices, on-premises applications and data, and cloud-hosted resources. Access requests are evaluated against access control policies at runtime. In order for Zero Trust...
Read More
Attack Surface Reduction and XDR
Many if not most organizations have moved to a risk management model for cybersecurity and identity management. Priorities have shifted in two major ways over the last decade: decreasing attack surface sizes focusing on detection and response technologies instead of prevention only Reducing attack surfaces inarguably improves security posture. Achieving the objective of reducing attack surfaces involves many activities: secure coding practices, vulnerability scanning and management, consolidation of functions into fewer products and services, access reconciliation, user...
Read More
1 2 3 4 5 Next