White Papers

Enterprises using Microsoft Office products are often unaware of the security risks introduced by M365 default settings. In this real-life case study, one enterprise learns what happens when they take default configurations at face value.

The increased complexity in network and application architectures has made it challenging for teams to ensure the security of enterprise networks. Continuous, always-on packet capture provides the historical network data that enables accurate threat detection, investigation, and response, and allows security teams to take a more proactive threat hunting approach. 

In this business case study, Lightening Electric, a fictional power supplier in Northeast Ohio, learns that a threat actor has gained remote access to a programmable logic controller (PLC). Upon investigation, the security team finds additional security threats lurking in their network.

This reported, based on a survey of cyber security leaders on digital identity-related breaches, explores how the market is evolving and how enterprises can approach securing digital identities with identity governance. 

While most enterprise security teams focus on preventing compromises, the complexity of cloud environments means vulnerabilities and misconfigurations are never going to be fully eliminated. Access entitlements should be a major area of focus for security teams to reduce risk of lateral movement and goes hand-in-hand with the recognized need for zero trust and least privilege security. 

In this business case study, an executive team learns that an insecure Active Directory implementation has led to unauthorized threat actor access to their network. Learn how they dealt with the issue and use the discussion points to explore how your team may address similar problems.

Open source security solutions provide fantastic data capture capabilities that provide critical data to security operations teams. However, nothing comes for free, even if there is no license cost.

Whilst maintaining a high level of security is difficult already, the asymmetry of tasks is enormous - your software teams have to patch and fix all their apps, and your security operations team has to protect your entire perimeter. Your adversary, on the other hand, only has to find one way in through any application.

Ed Amoroso shares technical and architectural guidance for how modern multi-cloud infrastructure can be secured using typical measures available from commercial vendors.

David Hechler speaks with three women who have built successful tech careers and discusses the status of women in the field, why so many feel under-appreciated and what can be done.

Platform advice is offered for SOC analysts and DevOps teams addressing security risks.A patchwork of locally integrated, developed, and open source point security solutions is shown to be suboptimal. Instead, an end-to-end commercial security platform is shown to be a better option.

This research note, jointed produced by TAG Cyber and Sepio, makes the case that rogue devices represent a particularly intense threat to financial service organizations.

For one company, Ubiq Security, development tools that enable securing coding practices don’t go far enough. Their mission is to introduce a security platform that enables developers to incorporate data encryption directly into applications, in minutes, and with as little as three lines of code and two API calls.

The Synack Crowdsourced Security Testing platform is proven to reduce enterprise security risk through a continuous crowdsourced testing methodology enhanced by machine learning and artificial intelligence.

A maturity model based on human layer security factors is introduced using questions than can help an organization self-assess its effectiveness in reducing the cyber security risk associated with inadvertent human error or malicious decisions by people.

Enterprises’ attack surfaces are ever-expanding, and cyber criminals are taking advantage of the known unknowns to compromise and exploit well-meaning but often under-resourced security programs.

By establishing a program to systematically manage the firmware health of PCs in an enterprise, meaningful cost reductions can be obtained by extending replacement intervals.

A simple iterative process is introduced to help guide IT, network, and cyber security teams in the introduction of zero trust access to their enterprise.

Requirements are offered for enterprise security teams to use in selecting automated platforms for their security performance management (SPM). 

In this new TAG Cyber Analyst Report, the technique of data sharding is shown to provide effective back-end security controls for stored and hosted resources in cloud. The method specifically reduces the risk of trusted cloud administrators intentionally or accidentally causing a data breach condition.

TAG Cyber covers the recent announcement by Respond Software of its First Responder Service, which provides human concierge support for SOC teams. The First Responder Service is built on the company’s flagship Respond Analyst platform, which focuses on Robotic Decision Automation for enterprise and managed security service operations.

Canadian enterprise information management (EIM) company OpenText announced its intention this past week to acquire for $1.4B, Boston-based Carbonite, a provider of personal and business backup and recovery solution to prevent data loss. 

Today, Waltham-based cyber security technology company Randori announced general availability of their new Recon platform, which allows enterprise security teams to understand, and hence gain better control of their attack surface.

An identity-based improvement is offered to zero trust security with a BlackRidge Technology case study. The paper is based on discussions with John Hayes of BlackRidge Technology. 

Ed Amoroso of TAG Cyber and Reena Choudhry of Shape Security collaborate on an explanation of the progression of automated cyber attacks through three generations. Worms are should to evolve to botnets, which are then shown to evolve to imitation attacks which automated normal user behavior.

Thirty years ago, a researcher wrote a small piece of software that saved his company from a cyber attack by a college student. The software examined inbound TCP packets for ACK=0, which denoted the start of a session. If a new session looked funny for any reason, then the packet was dropped. Weird source IP addresses or unauthorized destination services were typical justifications for disallowing inbound packets. The code was well-written and it worked.

This Cyber Security Framework for Autonomous Machines is offered as a high-level security and compliance requirements guide for developers creating autonomous machines including future connected cars, robots, medical devices, and industrial controllers. The framework is written in an abstract manner so that it can address each of these diverse areas without imposing specific design decisions. The framework is written in the style of the NIST 800-53 Rev 4 Cybersecurity Framework to simplify its application and use, perhaps as an appendix to any NIST assessment for a computing entity with autonomous machine characteristics.

Commercially-available, end-to-end encryption software application solutions address cyber threats from advanced nation-state actors by securing mobile voice communications from eavesdropping. Existing mobile security frameworks, such as explained in a recent Department of Homeland Security (DHS) study, provide a good base for analysis, but are shown to have dealt insufficiently with the threat to mobile voice and corresponding encryption-based safeguards. A secure cyberspace thus requires increased attention to securing voice in addition to data when using mobile devices.

Several existing and new architectural methods are explained that increase the resilience and survivability of distributed cloud security orchestration as found in the vArmour solution set.

This brief technical note outlines the underlying design and functional operation of the Cyberlytic platform, including how web traffic is analyzed for evidence of cyber security threats, processed using artificial intelligence-based methods, and then assigned risk scoring based on the sophistication, capability, and effectiveness of the observed attack.