Category: Blog

Purple integration with CyberArk PAM

Orchestra’s Purple integration with CyberArk Privileged Access Manager, simplifies and secures credential management. IT and security personnel no longer need to store and manage credentials (passwords, etc.) within the Harmony Purple platform to perform scans. Leveraging CyberArk’s centralized PAM significantly reduces the complexity of conducting scans and helps ensure scans are completed without interruption. Vulnerability […]

Cybersecurity Terminology For 2023

Advances in artificial intelligence and new ways of thinking about cybersecurity are leading to new approaches that will better protect organizations from costly attacks and more effectively manage risk. To help IT professionals gain understanding of these coming changes, here is a list of terms that are relevant to how cybersecurity will be managed in […]

The Digital Cyber Twin – The Difference Maker in Knowing Your Cyber Exposure

Digital cyber twin

One of the fundamental challenges facing any organization is how to gain a solid handle on its cyber exposures. Cyber exposure refers to the vulnerabilities and risks associated with an organization’s network, systems, and data. Knowing its cyber exposure helps an organization better understand its security posture relative to cybercrime, data breaches, and other threats. In […]

Recently Uncovered Linux Security Issues Create Another Wi-Fi Attack Vector

Linux has had long standing issues with memory leaks. These exposures often give attackers the means to crash devices, create denial of service, and in some cases, extract sensitive data from host devices. A security researcher, Soenke Huster from Germany’s Technical University of Darmstadt, recently reported a buffer overwrite in the Linux Kernel mac80211 Wi-Fi […]

Do You have an Evil Twin?

Top Five Wireless and IoT Threats Unlike wired networks, wireless networks can be accessed by anyone. Even restricted wireless environments can be penetrated from nearby. Wireless networks host a wide variety of mobile and IoT devices that are difficult to secure. They often have vulnerable interfaces, unprotected storage, hardcoded backdoors, unencrypted communications and insecure pairing procedures […]

Threat Susceptibility: Achieving Cyber Resiliency Goals

Cyber resiliency goals (i.e., anticipate, withstand, recover, and adapt) support the linkage between the risk management decisions at the mission or business process and system levels and the organization’s risk management strategy. To address cyber resiliency, an organization’s risk management strategy needs to include its threat-framing with respect to cyber threats, its strategies for achieving […]

Threat Susceptibility: From Risk Management To Active Defense

In our previous blog post in this series, Threat Susceptibility: Countermeasures and Risk Remediation Options, we continued our MITRE ATT&CK example and focused on identifying mitigations and security controls that were mapped to the TTPs the organization was susceptible to. In this post, we’ll discuss those mitigations and security controls in the context of Risk […]

Threat Susceptibility: Countermeasures and Risk Remediation Options

In the blog post, ‘The Art of Attack vs The Science of Resilience’ Omri wrote “Cyber risk analysis and management is completely dependent on an understanding of how attackers attack in general, and specifically how attack techniques and methods can be used to threaten your organization. That understanding then needs to be translated into an […]

Threat Susceptibility Assessments: Challenges & Opportunities

What are some of the challenges in assessing cyber threat susceptibility? Penetration Testing is probably the most well-known and most used method for assessing threat susceptibility. These human-driven assessments can be very effective, but the results are a snapshot in time. The organization’s attack surface and the cyber threat landscape are constantly changing and evolving. […]