Why Should You Care about Cyber Threat and Risk Assessment?
Cyber risks are evolving fast and organizations need to deal with them in more efficient ways. This requires an all-inclusive and agile approach to identifying threats and then eliminating or mitigating them. Orchestra Group’s Harmony IoT and Harmony Purple enable comprehensive cyber risk assessment and management for all sizes of enterprises. Harmony IoT provides outside-in […]
Risk Based Vulnerability Management
Cyber defense is moving to a risk management and operations paradigm (see previous posts on effective cyber risk management and policy based cyber risk management). One aspect of risk management as a cyber defense strategy is risk-based vulnerability management (RBVM). Risk-based vulnerability management is a proactive cyber defense strategy used to prioritize mitigation of cyber […]
SOAR vs. XIP – Reactive to Proactive Cyber Security Operations
The NIST Cybersecurity Framework identifies five functions (Identify, Protect, Detect, Respond, and Recover) as the five primary pillars for a successful cybersecurity program. These functions focus on cybersecurity management at a high level and define both proactive (i.e., protect before the attack – or left-of-bang) and reactive (i.e., response after the attack – or right-of-bang) […]
Orchestra Group conducts first APAC distie deal with emt Distribution
Will offer Orchestra’s full range of Harmony security products in the region. Cyber security vendor Orchestra Group has signed its first distribution agreement for Australia, New Zealand and Asia Pacific with emt Distribution, expanding its reach in the process. The new agreement sees emt offering Orchestra’s full range of Harmony security products to channel partners, […]
Press Release: Aplikacje Krytyczne – Poland selected Harmony IoT by Orchestra Group
Aplikacje Krytyczne deployed Harmony IoT to enhance and strengthen its airspace security and overcome its wireless-born cyberattacks blind spots. The world is full of connected devices. We are constantly surrounded by billions of them. The desire to have a modern, innovative work environment has brought them into offices, and connected them to the networks. […]
Risk of Delay
Many organizations have security policies that have an associated time frame. For example a patch policy could be that a patch must be applied to a vulnerable server within a specific timeframe. It makes sense since timely patching is an important security control – but patching can have a business impact (the need to reboot […]
Smile – You’re on Camera
Verkada Hack 150,000 security cameras, this time – belonging to Verkada, were exposed in the most recent security breach. This should come to us as no surprise and is a sign of more to come. An international hacker group obtained access to the cameras and their footage, including visibility into companies such as Tesla and […]
Exchange, Solarwinds and Supply Chain Attacks
Another major cyber issue is making the rounds this week – the Microsoft Exchange vulnerabilities published last week. The issue is the known exploitation of a set of unpublished vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-26858). These vulnerabilities are being used to attack on-premises versions of Microsoft Exchange Server. They can be used to access email accounts, […]
5 Good Practices for Policy based Cyber Risk
A risk management approach is fundamentally different than the standard approach to cyber security. It requires that organizations explicitly decide on what risks to ignore – an outcome of really deciding where to focus. That is an anathema to most security folks – but that exactly is what is needed at the executive level. As […]
…and Cisco Scores a Perfect 10!!
Cisco just published a vulnerability that could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The CVE-2021-1388 vulnerability ranks 10 (out of 10) on the CVSS vulnerability-rating scale. The weakness is considered critical because even an unauthenticated attacker could remotely exploit it through the affected API. Affected products were announced in […]