Cyber Defense eMagazine September Edition for 2021

More documents

Recommendations

Info

Given Cyber Defense Magazine's awarding of unicorns ("a private company with a valuation of over $1 billion") and that Olympic sailing occurred during Black Hat, I created a conceptual framework—The Optis Series—to highlight innovative and socially conscious companies at Black Hat USA 2021 (UserGuiding). The Optis Series contains three articles: bronze, silver, and gold. You can learn about the judging criteria I used for the Optis Series here or scroll to the end of this article. Coalfire Mark Carney, COO of Coalfire Coalfire is known for its abilities in security compliance, but that is not all it offers. Over the past two years, Coalfire’s front-end security and pen-testing teams grew significantly and continue to grow in funding, hiring, and expertise. At present, Coalfire is an organically grown company employing approximately one thousand security professionals globally and plans to hire around three hundred people by the end of 2021. Coalfire specializes in cloud infrastructure services, working with almost every international enterprise cloud infrastructure company. As a result, its products and services—pen-testing, architecture, design, management, compliance, and multi-cloud support—are influenced by how enterprises use the cloud. Furthermore, Coalfire continues to develop these areas; its teams in attack strategy, privacy and risk compliance, and cloud-focused services (i.e., pen-testing, engineering, and management) are expanding. Used with permission from Coalfire. Coalfire recently acquired two companies: Neuralys and Denim Group. Neuralys created pen-testing management platforms into an attack service management framework by utilizing active and passive scanning, which helped clients identify new and existing vulnerabilities on their networks in an outgoing manner. In other words, Neuralys invented a way to continuously pentest networks. Furthermore, Coalfire acquired Denim Group, a consulting firm specializing in pen-testing and application security; their platform, ThreadFix, applies application-specific vulnerability aggregation from over fifty databases and tools. ThreadFix consolidates test results and prioritizes vulnerable clients, reducing the remediation time up to forty percent. Learn more: By reading Coalfire’s 3 Annual Penetration Risk Report and by exploring its Reddit page. College students and faculty may be particularly interested in Coalfire because of its Richard E. Dakin Fund. The fund was created in honor of the late co-founder of Coalfire, Richard E. Dakin. It supports Cyber Defense eMagazine – September 2021 Edition 34 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
scholarship programs at several universities for promising college students studying cybersecurity and related fields. Epiphany Systems Rob Bathurst, Co-Founder and CTO at Epiphany Systems Epiphany Systems is an offensive security company providing red team attack paths and solutions for clients' critical IT assets and users. Its platform is the first offensive cybersecurity program designed to reduce Time-to-Context. Epiphany Systems spun out from Digitalware at the beginning of 2021. At present, Epiphany Systems has 22 employees and expects to hire approximately twelve people by 2022. Epiphany Systems' platform works by analyzing clients' preexisting security data to create attack paths. Then, the platform analyzes each attack path, the likelihood of exploitation, and the consequences if exploited to provide clients' security professionals a surface-level view of vulnerabilities on the network. Furthermore, it integrates with clients' existing security tools. Used with permission from Epiphany Systems. Its innovativeness stems from its Time-to-Context approach, which finds solutions for clients' needs within a specific context. For example, if an administrator can only access a document from one IP address, Epiphany Systems creates attack paths using that knowledge for how that document could be definitively accessed. Bathurst explains, "It is difficult to automate generalized red teaming efficiently. Generalized Cyber Defense eMagazine – September 2021 Edition 35 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2: Understanding The Importance of Gol
Page 3 and 4: Offense Activities Sharing in Crimi
Page 5 and 6: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8: Cyber Defense eMagazine - September
Page 33: Gold Optis: Most Innovative and Soc
Page 37 and 38: Used with permission from Lightspin
Page 39 and 40: Syxsense demonstrates similar possi
Page 41 and 42: Trend Micro Jon Clay, VP of Threat
Page 43 and 44: Used with permission from vArmour.
Page 45 and 46: I was very flexible with my intervi
Page 47 and 48: Given Cyber Defense Magazine's awar
Page 49 and 50: Digital Shadows Alastair Paterson,
Page 51 and 52: ExtraHop DNS LAM. Permission to use
Page 53 and 54: problems from a consultative approa
Page 55 and 56: OneSpan Will LaSala, Director of Se
Page 57 and 58: Learn more: Qualys at Black Hat USA
Page 59 and 60: Bronze Optis: Innovative Technologi
Page 61 and 62: CyberSaint’s Risk Register. Used
Page 63 and 64: Unlike many MSSPs, Nuspire offers c
Page 65 and 66: ZeroFox Sam Small, CSO of ZeroFox Z
Page 67 and 68: Looking Back at Executive Order on
Page 69 and 70: 5. Standardize the Playbook for Vul
Page 71 and 72: How Trustworthy is Your Cyber Defen
Page 73 and 74: assessment when you’re using thir
Page 75 and 76: Hungry for more? Here are some addi
Page 77 and 78: Cyber Security Incident Response Pl
Page 79 and 80: This stage is where you must prepar
Page 81 and 82: Why Passwords Are Important In toda
Page 83 and 84: The Importance of Multi-Factor Auth
Page 85 and 86:
Real-Time Analytics Boost in the Mo
Page 87 and 88:
Combatting Industry Burnout by Buil
Page 89 and 90:
About the Author Rick McElroy is a
Page 91 and 92:
The proliferation of home computing
Page 93 and 94:
About the Author Alan McConnell is
Page 95 and 96:
The website PrivacyAffairs.com laun
Page 97 and 98:
Why Your Hospital Network Needs an
Page 99 and 100:
While the most “secure” solutio
Page 101 and 102:
Offense Activities Sharing in Crimi
Page 103 and 104:
Someone being good in the theft bus
Page 105 and 106:
would discuss the possibilities of
Page 107 and 108:
The ways of escaping from crime sce
Page 109 and 110:
(Security information and event man
Page 111 and 112:
HTML Smuggling: A Resurgent Cause f
Page 113 and 114:
Thereafter, using JavaScript, they
Page 115 and 116:
New CIOs: 5 Key Steps in Your First
Page 117 and 118:
ensures you cover all your bases, l
Page 119 and 120:
Zero trust gives agencies strong ac
Page 121 and 122:
Defeat Ransomware with Immutable Ba
Page 123 and 124:
Conclusion As ransomware attacks gr
Page 125 and 126:
The Help Desk: Putting on a Brave F
Page 127 and 128:
Even when you pull back the curtain
Page 129 and 130:
to master the technical environment
Page 131 and 132:
Using Decentralized, Zero-Knowledge
Page 133 and 134:
Using Edge-based Access Controls to
Page 135 and 136:
The threat landscape for small busi
Page 137 and 138:
SQL Cyber Attacks Are a Danger to Y
Page 139 and 140:
informed and staffing a quality cyb
Page 141 and 142:
An essential early warning system T
Page 143 and 144:
5 Steps to Protect Your Organizatio
Page 145 and 146:
The response plan should include fi
Page 147 and 148:
Cyber Defense eMagazine - September
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
FREE MONTHLY CYBER DEFENSE EMAGAZIN
Page 159 and 160:
Page 161:
show all

Cyber Defense eMagazine September Edition for 2021

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?