Blog

Cyber-Response Fatigue: Relief in Sight

May 29, 2018 | By Shahin Pirooz

A recent article in Security Magazine highlighted a “clear and present danger” for many organizations today—that of cyber-response fatigue. In short, those tasked with securing their companies against IT risk are hitting their limits. With shrinking public tolerance for cybersecurity breaches and greater penalties for noncompliance in regulated industries (consider, for example, the GDPR that just went into effect), the heat and light on and from the boardroom have intensified dramatically. There is a fundamental… Read More

Enemy at the Gate?

April 25, 2018 | By Shahin Pirooz

Reflecting on the recent ransomware attack that shut down the city of Atlanta’s online systems, even weeks later, officials are still struggling to restore key services across the extensive service network. While details about the attack remain thin (and understandably so); authorities have confirmed the city experienced a ransomware cyberattack accompanied by a written demand for $51,000 in bitcoin. While this “hostage situation” played out, scores of government services came to a standstill,… Read More

Why your GDPR risk management approach matters

March 22, 2018 | By Shahin Pirooz

The GDPR comes into effect in less than 75 days, and with fines of up to 4% of your total revenue per infraction, it’s critical to understand your company’s exposure. With the intent of making businesses more accountable for breaches and loss of data, this legislation is being taken very seriously, and organizations are likely to face assessments to ensure their policies are in line with the rules. With the… Read More

Learn more about the Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability

February 15, 2018 | By Shahin Pirooz

Situation On January 29th Cisco published a critical CVE affecting their Adaptive Security Appliance (ASA) line of Next-Generation Firewalls. The vulnerability exists within the XML parser of the ASA Software. Upon initial disclosure, Cisco had not seen attacks in the wild utilizing this vulnerability. However, within the past week sources have indicated that attackers weaponized this vulnerability to some degree. Researchers detected attackers using the vulnerability to DDOS honeypot systems. Problem… Read More

Get past the media buzz around the “Spectre” and “Meltdown” vulnerabilities.

January 11, 2018 | By Shahin Pirooz

Situation On January 3, 2018, researchers, including those with Google Project Zero, released information on three new vulnerabilities: CVE-2017-5753: bounds check bypass CVE-2017-5715: branch target injection CVE-2017-5754: rogue data cache load They grouped these vulnerabilities under the names “Spectre” (CVE-2017-5753 and CVE-2017-5715) and “Meltdown” (CVE-2017-5754). Comprehensive details on both of these are available at https://meltdownattack.com. Security updates to address these vulnerabilities began releasing before disclosure on January 3, 2018. Security updates are continuing… Read More

Why do US-based companies care about GDPR?

September 5, 2017 | By Shahin Pirooz

Why Do Americans care about foreign complainace standards? Data Protection standards aren’t anything new. The General Data Protection Regulation (GDPR) we’re seeing in the news is a facelift of an existing regulatory directive (95/46EC) that’s been active in the EU since 1995. The reason it’s demanding so much attention now is that while this directive focuses on the EU, it isn’t based or enforced geographically but on the users themselves…. Read More

How to Avoid the 36-Month ‘Tech Refresh’

April 20, 2017 | By Shahin Pirooz

Purchasing a new enterprise storage system is usually the largest data center equipment purchase for most companies. The cost is justified because these systems store and protect the companies most critical data and applications. In fact, the purchase often includes multiple systems so it can provide quick recovery at another location in case of a natural disaster or power outage. So how do these storage vendors reward their customers for… Read More

How Gemalto’s Tokenization System Protects Information

April 6, 2017 | By Shahin Pirooz

These days, some online payment processors, particularly mobile processors, rely upon tokenization to help improve security. For example, this technology empowers Apple Pay. Major credit card companies, like MasterCard, Amex, and Visa, are also now backing projects to help improve digital security with tokenization. Problems With Traditional Credit Card Payments Insecure payment processing schemes leave merchants, card holders, and card companies vulnerable. This kind of crime results in the loss… Read More

Who does CASB and Why Do We Need It?

March 30, 2017 | By Shahin Pirooz

A cloud access security broker, usually referred to as a CASB, offers a security gateway between your company’s IT infrastructure and that of a cloud provider. Companies use a CASB to extend their own IT governance policies and government regulations to third-party software and storage. If you have concerns about internal or external security threats, monitoring usage and behavior, or auditing historical data, you may need a CASB. To understand… Read More

IT Governance Risk and Compliance—Remove the Thorn in Your Side

March 23, 2017 | By Shahin Pirooz

In general, governance simply refers to the way that corporations follow business practices that conform to rules. Executives put these rules in place to help balance their own best interests with that of employees, customers, suppliers, governments, and other stakeholders. Naturally, some people may find certain rules inconvenient. However, in this age of mobile devices, remote workstations, elevated security threats, cloud storage, and increasing regulations, companies need excellent IT governance…. Read More

About DataEndure

News & Events