ThreatWorx Risk Scoring

A cyber risk score provides an objective framework for the evaluation of a security posture. By converting these evaluations into an easy-to-grasp representation of qualitative cyber risk scoring, organizations can better understand how safe their assets are and where they need to improve. ThreatWorx Attenu8 platform offers a way to prioritize and assign a risk score […]

Malware and Public Vulnerabilities – Made for each other

Understanding the impact and relevance between public vulnerabilities and their weaponization into threats such as different types of malware’s is important to understand the level of investment and the type of focus that is needed for vulnerability management. Setting the Context Often malware is associated with brute force attacks such as compromised credentials to gain […]

Third party and supply chain security – a different approach

Much has been reported, blogged and pod-casted about the recent high-profile cyber security events surrounding Solarwinds. However, for many including myself, there has been a sense of foreboding about such an event for some time now, given the state of third party security. The response from the stakeholders indicate that while this event is still […]

REvil / Sodinokibi: A case for better proactive cyber security

“An ounce of prevention is better than a pound of cure”. Whatever way you quote this age-old adage, its hard to argue against it. So it goes in the cyber security context as well – preventing cyber threats is always going to be better than curing them. For more than a decade now, we have […]

Policy Driven Controls Assessment – Bridging the gap between letter and spirit

Information security polices outline the guiding principles for organizations outlook towards security and privacy and also holds itself accountable to its shareholders and consumers. Policies impact both technology and human decisions. There is always an effort to align technology solution with policies. The real challenge is to be able to enforce policies and flag violations […]

Malware prediction

Data Science and commercially available AI/ML implementations now make it possible to predict whether a vulnerability can be weaponized into malware. This could be a critical moment in cybersecurity as it allows vulnerability management to be truly proactive and reduces the remediation workload. But why bother with this? And even if we did, how could […]

THE NEW WEB – Vulnerabilities in Open Source Software

Open Source technologies are becoming the backbone of all modern day solutions. It has huge advantages since the “write-once and use it across the board” approach fosters code reuse. In many cases these open source technologies get extended to adapt to specific requirements and customizations, this has similar traits to polymorphism brought in by modern […]