Software Integrity

Archive for the 'Red Teaming' Category

 

Protect your employees from phishing and social engineering | NCSAM at Synopsys

It was a busy summer for healthcare IT staff. The Minnesota Department of Human Services potentially breached 21,000 patients’ personal data. Gold Coast Health Plan emailed 37,000 patients to warn them their data had been exposed. And UnityPoint Health had to notify 1.4 million patients about a data breach—only months after the organization’s last data […]

Continue Reading...

Posted in Red Teaming

 

Tineola: Taking a bite out of enterprise blockchain

Parsia Hakimian and Stark Riedesel presented Tineola at DEF CON 26 Enterprise blockchain platforms are one of the big questions faced by many corporations, including some of our customers. And when our customers come to us with complex problems, we take their unique situations into consideration and come up with tailored solutions. So when our […]

Continue Reading...

Posted in Developer Enablement, Red Teaming

 

Exploring a red teaming attack: The not-so-dubious air conditioning repairman

In this example, Dave, our red team engineer, will attempt to gain physical access to a company’s server room by pretending to service the air conditioning. Dave has picked the perfect day: The sun is shining, it’s the Friday before a bank holiday weekend, and everybody around him is in high spirits. Dave knows that […]

Continue Reading...

Posted in Red Teaming

 

Behavioral security at RSA Conference 2018

Wednesday, RSA 2018: On any given day, there are more than 150 sessions to choose from here. Good luck getting to even 5% of those. The good news is that attendees can get access to most of the sessions they missed after the fact, since the slide presentations are posted and videos are made of […]

Continue Reading...

Posted in Automotive Security, Events, Medical Device Security, Red Teaming

 

Think like an attacker during 2-day red team workshop

Most developers focus their day-to-day thought processes on building software rather than breaking it. Meanwhile, organizations face growing and evolving threats against their digital assets and infrastructure. That’s why it’s critically important for security operations and development teams to think defensively. Thinking of any and every possible attack is what red teaming is all about. A […]

Continue Reading...

Posted in Red Teaming, Security Training

 

Lessons learned from this year’s biggest security breaches

As this year draws to a close, we can look back on 2016 and see what challenges the security industry has had to overcome. Jumping on this bandwagon a bit early, I hope to draw attention to some of the more difficult challenges our industry will face in the coming year. In order to do […]

Continue Reading...

Posted in Data Breach, Internet of Things, Red Teaming

 

The greatest security vulnerability: Humans

In the security industry, we hold the following words near and dear to our work: “Humans are the weakest link in the security supply chain.” Even companies with solid, well-built security standards are prone to human error. This is because humans are the most important part of information security and all humans make mistakes. According […]

Continue Reading...

Posted in Red Teaming

 

How can red team simulated attacks protect the digital world?

During the red teaming process, attackers physically enter target facilities. This testing activity tends to be overlooked or downplayed in security testing results. But, it’s important not to forget that old-fashioned attack methods still work. To guard against a physical security breach, it’s critical that your firm encrypt data. Otherwise, red team assessors, much like […]

Continue Reading...

Posted in Data Breach, Red Teaming

 

The open perimeter: Is your internal network protected?

Large enterprises in the past relied on perimeter security to ensure their services were protected from the outside world. This idea of a trusted firewall has eroded over the years, and is considered an outdated approach to security. However, it is incorrect to assume that a firewall is useless despite the fact that the definition of […]

Continue Reading...

Posted in Internet of Things, Red Teaming

 

What does the Panama Papers leak have to do with your firm’s data security?

If you have the Internet, which presumably you must if you’re reading this, you’ve no doubt run across stories about the Panama Papers leak: the revelation that an estimated 2.6-terabyte leak of data given to the press may have you cheering the downfall of the politicians wailing for changes in tax policies. There’s one key detail that the […]

Continue Reading...

Posted in Data Breach, Red Teaming