Orchestra's Blog

Top Five Wireless and IoT Threats Unlike wired networks, wireless networks can be accessed by anyone. Even restricted wireless environments can be penetrated from nearby. Wireless networks host a wide...

Cyber resiliency goals (i.e., anticipate, withstand, recover, and adapt) support the linkage between the risk management decisions at the mission or business process and system levels and the organization’s...

In our previous blog post in this series, Threat Susceptibility: Countermeasures and Risk Remediation Options, we continued our MITRE ATT&CK example and focused on identifying mitigations and security controls...

In the blog post, ‘The Art of Attack vs The Science of Resilience’ Omri wrote “Cyber risk analysis and management is completely dependent on an understanding of how attackers...

What are some of the challenges in assessing cyber threat susceptibility? Penetration Testing is probably the most well-known and most used method for assessing threat susceptibility. These human-driven assessments...

  What are the targets of cyber threats? In the NIST cybersecurity framework core function of ‘Identify,’ organizations are tasked to do ‘Asset Management’ where they need to discover...

From personal experience I can definitively say that there is no such thing as 100% cyber security. As we can see from the ever growing number of cyber attacks...

Summary On December 9, 2021 a serious vulnerability in the Java-based logging package Log4j was disclosed. This is a remote code execution (RCE) vulnerability, meaning that it allows an attacker to...

The acquisition will expand Orchestra’s information security platform and enable it to discover network vulnerabilities while increasing its global footprint.

Part 4. Rethinking cybersecurity from the viewpoint of risk   There are two principles to planning good governance: you automate away toil to ensure reliability and quality, but you...

Part 3. Rethinking cybersecurity from the viewpoint of risk   Policy is the centrepiece of both cybersecurity and risk management. Having a policy, as well as knowing it and...

Part 2. Rethinking cybersecurity from the viewpoint of risk The ability to estimate risk presumes a certain level of insight into relationships, both technical and human. Yet, too much...

Part 1. Rethinking cybersecurity from the viewpoint of risk Did we get cybersecurity wrong? Thirty years after the infamous Internet Worm was loosed upon an unsuspecting world, ravaging the...

Wireless adoption is quickly emerging in every industry vertical that is using digitalization to simplify operations. The issue is that from a security perspective, the move to wireless creates...

Cyber risks are evolving fast and organizations need to deal with them in more efficient ways. This requires an all-inclusive and agile approach to identifying threats and then eliminating...

Cyber defense is moving to a risk management and operations paradigm (see previous posts on effective cyber risk management and policy based cyber risk management). One aspect of risk...

The NIST Cybersecurity Framework identifies five functions (Identify, Protect, Detect, Respond, and Recover) as the five primary pillars for a successful cybersecurity program. These functions focus on cybersecurity management...

Will offer Orchestra’s full range of Harmony security products in the region. Cyber security vendor Orchestra Group has signed its first distribution agreement for Australia, New Zealand and Asia...

Aplikacje Krytyczne deployed Harmony IoT to enhance and strengthen its airspace security and overcome its wireless-born cyberattacks blind spots.   The world is full of connected devices. We are...

Many organizations have security policies that have an associated time frame. For example a patch policy could be that a patch must be applied to a vulnerable server within...

Verkada Hack 150,000 security cameras, this time – belonging to Verkada, were exposed in the most recent security breach. This should come to us as no surprise and is...

Another major cyber issue is making the rounds this week – the Microsoft Exchange vulnerabilities published last week. The issue is the known exploitation of a set of unpublished...

A risk management approach is fundamentally different than the standard approach to cyber security. It requires that organizations explicitly decide on what risks to ignore – an outcome of...

Cisco just published a vulnerability that could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The CVE-2021-1388 vulnerability ranks 10 (out of 10) on the...

Graphs are about the connectedness of objects. Graph’s show us correlation and dependence between seemingly random objects as well as the degrees of freedom and separation from other objects. Social...

As financial firms become more digital, the EU decided these firms need to focus on ensuring their operations are as cyber resilient as possible. Cyber resilience means the ability...

Security (or Safety) in numbers is the hypothesis that, by being part of a large physical group or mass, an individual is less likely to be the victim of a...

Vulnerability scanning, penetration testing and red teams are the main detective controls for residual cyber risk – i.e. the risk that remains given controls already in place. Vulnerability scanning...

Cybersecurity is moving away from using threats, vulnerabilities and exploits as the management metaphor towards risk-based cybersecurity management. Using risk terminology, penetration testing is a standard detective control used...

Lack of standard metrics to measure, manage and benchmark cyber risk limits security efficiency and effectiveness, making it difficult to prioritize and coordinate cyber defenses Single security truth from...

Organizations’ cyber security stack consist of 100-150 different disconnected point tools or technologies making it difficult to assess and act on the big picture. Organizations based their security operations...

In today’s modern world business needs are constantly shifting, IT and cyber risk landscape require a constant stream of attention and resources. CISOs role isn’t just about security, but...

ITIL (IT Infrastructure Library) is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. ITIL is used by CIOs (especially...

I am a subscriber to the NIST cyber security framework school of thought. Even though it is officially called the “Framework for Improving Critical Infrastructure Cybersecurity” it isn’t just about securing...

A value-driven approach to cyber security would help businesses understand where to spend their cyber security budget, and how much to budget. One way to estimate how to spend...

Visibility is context. Analytics combine context with events. Policy translates that into a ”plan of action implemented by controls. Another way to put it is “Given” a context, “When”...

Cynefin is a sense making framework that divides problem response into simple, complicated and complex. The goal is choose the right response paradigm so that when a problem occurs the...

What is a Platform? The word “platform” even though it is used quite often, is a chameleon word – meaning different things in different contexts and to different people....

There are three business types that lend themselves to becoming a platform – infrastructure management businesses, product innovation and commercialization businesses, and customer relationship businesses [from John Hagel’s post...

Another option for starting a platform is a pure platform play, in essence, “let’s bet the bank that we guessed right approach”. This is an expensive approach since you...

The best way to create a platform combines an immediate solution approach with an emergent platform play. It requires a market ripe for a platform (see my earlier post...

Creating a platform is the embodiment of the chicken and egg problem. If there are no consumers – producers have no one to sell to. If there are no...