Blog

  • All
  • Company
  • Industry
  • News
  • Partners
The Value of a Secure Sense MSSP

Happy October, AKA Cyber Security Awareness Month for anyone in the #InfoSec world! Throughout the month of October, the Secure Sense team will be taking turns on the blog, sharing our top tips, tricks and best cyber security practices all with the ultimate goal of improving your security posture. Today, we will be revisiting the value of a MSSP (Managed Service Provider!) and how Secure Sense managed services can benefit your...

Read More
How Cloudflare Security does Zero Trust

Throughout Cloudflare One week, we provided playbooks on how to replace your legacy appliances with Zero Trust services. Using our own products is part of our team’s culture, and we want to share our experiences when we implemented Zero Trust. Our journey was similar to many of our customers. Not only did we want better security solutions, but the tools we were using made our work more difficult than it needed...

Read More
Five Questions to Ask Before Choosing an MDR Solution

As the name implies, Managed Detection and Response (MDR) is a cybersecurity service providing detection and response capabilities that minimize the impact of an incident. But what does that mean? We’ll dig into the topic and share questions you should ask your service provider. MDR is a combination of technology and services. The technology provides a range of protection, detection, and response capabilities. The Managed piece consists of technology and services: ...

Read More
Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers

Adversaries often exploit legacy protocols like Windows NTLM that unfortunately remain widely deployed despite known vulnerabilities. Previous CrowdStrike blog posts have covered critical vulnerabilities in NTLM that allow remote code execution and other NTLM attacks where attackers could exploit vulnerabilities to bypass MIC (Message Integrity Code) protection, session signing and EPA (Enhanced Protection for Authentication). The PetitPotam vulnerability, combined with AD-CS relay, is one of the recent severe NTLM relay variations the CrowdStrike Identity Protection research team have seen, which indicates its...

Read More
The Impact Continuous Security Validation has on Security Operations and Incident Response

For organizations that have limited internal resources and security staff, their focus is primarily on attack prevention. The set of automated security validation rules needs to be simple to use and deploy. At a minimum, the security control validation must be automated and provide prescriptive mitigation roadmaps to optimize security control resiliency, as well as threat intelligence operationalization. For more mature organizations with greater security resources and infrastructure, the benefit of...

Read More
Prevention is the Cure: How to Resolve Incidents Before They Occur

Why we need a new approach to endpoint management  By: Michael Martins, VP Partnerships, Tanium Global organizations are spending more money than ever on cybersecurity. The latest estimate put this outlay at an average annual sum of $5.3 million, up 250% since 2019. Yet, at the same time, 85 percent of Canadian companies experienced at least one cyberattack in 2021. And some ransomware groups are making hundreds of millions by exploiting...

Read More
New Research from Delinea Reveals Cloud Automation is Critical to Future-Proofing Cybersecurity

Written by: Brad Shewmake The cybersecurity landscape is rapidly changing as companies transition from the pandemic and assess their changing security needs.     As a new Delinea report explains, businesses need to shift their focus from merely surviving to embracing new security strategies that enable them to thrive in today’s unpredictable world. Security leaders need to take an honest look at the security challenges they’re up against—and future-proof their solutions to protect against today’s sophisticated and evolving...

Read More
How to Implement a Zero-Trust Security Strategy

By Peter Newton | August 25, 2021 Zero-trust operates on the premise that there are constant threats both outside and inside the network. It also assumes that every attempt to access the network or an application is a threat. In other words, zero-trust is a network security philosophy that states no one inside or outside the network should be trusted until their identity has been thoroughly verified. These assumptions underlie the strategy of network administrators,...

Read More
Similarities And Differences Between XDR And SIEM

by: Andrew Hollister, Forbes Councils Member Sr. Director of Labs and Advisor to the CSO at LogRhythm The technology industry in general — and cybersecurity in particular — is awash with jargon, abbreviations and acronyms. One of the acronyms currently gaining traction is XDR (extended detection and response). On the face of it, XDR appears to have very similar aims to a security information and event management (SIEM) platform, so let's take a look at...

Read More
De-Risking Microsoft 365 Against Attacks and Downtime

A new survey shows enterprise CISOs want more security systems and services that fortify Microsoft 365 to protect valuable data and business continuity.   by Thom Bailey Companies have a lot riding on Microsoft 365 — not just email, collaboration, and productivity applications but the valuable business data produced by the workers who use all those apps. This investment in M365 has only increased with the growth of remote work, elevating...

Read More
Camp Secure Sense is back!

It is with great excitement we are welcoming back an industry loved event, Camp Secure Sense! Camp is a central hub for cyber security individuals to learn about cutting edge technologies, discover our services and network among like-minded professionals. Readapt and Defend: Navigating the new security landscape. After a challenging two years of managing security in an unprecedented time, we are turning the focus on how to protect and defend in the...

Read More
More Orgs Suffered Successful Phishing Attacks in 2021 Than in 2020

Enterprise organizations appear to be falling even further behind in their battle against phishing threats despite heightened awareness of the problem and efforts to curb it. A new study shows that in 2021 more organizations experienced at least one successful email-based phishing attack than the year before. There were also more opportunistic and targeted phishing attacks last year compared with 2020, as well as phishing attacks involving ransomware and business email compromise...

Read More
SecurePATCHING Managed Service by Secure Sense

Unpatched systems are the most common technological factor in breaches and loss of productivity. Unfortunately, solutions to patch related risks are often themselves costly in terms of identifying and purchasing quality products, staffing and expertise. Almost two-thirds of breach victims report being breached due to unpatched, known vulnerabilities and many of these victims were unaware that their organizations were vulnerable in the first place. Over half of the impacted organizations rely...

Read More
Asset Discovery and Inventory: 10 Ways Tanium Makes it Fast, Complete and Accurate

By Tanium Staff Asset discovery and inventory — or the process of maintaining a complete, accurate and up-to-date inventory of your IT assets — is more challenging than ever before. Even with proper asset discovery tools, you are managing an environment with an enormous volume of globally distributed assets with complex dependencies — each of which can either fail and lead to performance loss, or be compromised and result in an enterprise-wide security...

Read More
Predictions for 2022: Tomorrow’s Threats Will Target the Expanding Attack Surface

By Derek Manky at Fortinet According to FortiGuard Labs, 2022 is shaping up to be a banner year for cybercriminals, with ransomware on the rise and an unprecedented number of attackers lining up to find a victim. Attacks will continue to span the entire attack surface, leaving IT teams scrambling to cover every possible avenue of attack. This will be incredibly challenging because the attack surface will simultaneously be expanding as organizations transition to...

Read More
Log4j: What is it and how can you identify it?

written by: Matthew Watkinson, CIO, Secure Sense Log4j CVE-2021-44228 Public Disclosure On Thursday December 9th, 2021, a Remote Code Execution (RCE) vulnerability was disclosed [CVE-2021-44228] affecting the Log4j library in versions between 2.0 and 2.14.1.  Log4j is a heavily utilized logging class used in the Java programming language. Because of the widespread use of the log4j library in various java applications, this vulnerability has had a significant impact in modern infrastructure and...

Read More
Shopping Safely Online over the Holidays

The holiday season is upon us, which means wallets are burning holes in pockets around the world faster than a Yule log. While you’re compiling wish lists and shopping lists, this is also the time of year many cybercriminals roll out their best-dressed scams, dampening the holiday spirit for people around the world. Here are some key tips for protecting yourself not only during the holidays, but throughout the whole year: Fake...

Read More
Security Technology: SD-WAN

Welcome to the last week of Cyber Security Awareness month! So far, we’ve really focused on being cyber aware in regards to current types of threats (phishing and ransomware for example) and the importance of training staff and being prepared for anything. Being “technology aware” is vitally important for today’s organizations as the threat landscape (and threat surfaces) evolve rapidly. Most organizations recognize a daunting number of best practices and security requirements,...

Read More
Ransomware Awareness & Response

Welcome back to Cyber Security Awareness Month with Secure Sense! Last week we discussed human error in cyber security and the importance of training your employees to avoid being a victim of a phishing scheme or social engineering attack. This week, we are reviewing ransomware – an attack that is often times a result of credentials stolen via phishing campaigns, or from malicious email links themselves. Ransomware attacks have hit...

Read More
Security Awareness Training

Welcome back to cyber security awareness month with Secure Sense! Due to the current climate, many organizations have transformed their business to run mainly online, and may even have moved their employees to work completely remote. It’s extremely important to regularly keep up on cyber security training for staff as the risk of cyber attacks continue to rise. Cyber Security Awareness month makes for a great time to review your cyber...

Read More