A foundational component of any security program is ensuring that the organization has a clear understanding of where risk resides. One of the most effective ways to understand infrastructure weaknesses and test your defenses is with a penetration test (aka: ethical hacking) assessment.The growing number of malware and ransomware attacks is a key indicator of the severity of risk for organizations...

Learn about the Health Insurance Portability and Accountability Act (HIPAA) and the requirements for HIPAA compliance in Data Protection 101, our series on the fundamentals of information security.

Learn more about data loss prevention software in Data Protection 101, our series covering the fundamentals of data security.

These days, companies are continually falling prey to attacks from thieves who get past their cyber security measures and steal consumer and financial data. They target system vulnerabilities to acquire the information they seek, which is usually cardholder data.Until 2004, there were no set regulations or standards for merchants and vendors to follow for preventing cardholder theft. Major credit...

Comparing and quantifying your cybersecurity posture against peer organizations in the financial sector provides valuable context for how your cybersecurity program performs relative to others in your industry. Digital Defense’s Insight peer comparison report in the Fortra Vulnerability Management platform vulnerability and threat management platform provides actionable and detailed intelligence...

Microsoft Domain Controller “ZeroLogon” VulnerabilityA recent disclosure by Dutch security firm Secura B.V. has highlighted how dangerous a Netlogon vulnerability (CVE-2020-1472) included in the August 2020 Patch Tuesday release can be to a network. To exploit this vulnerability, an attacker with an established foothold in an internal network could exploit the weak cryptographic algorithm used by...

In the battle against cyber adversaries, IT security professionals have to carefully balance competing objectives; protecting business assets and processes while enabling legitimate business operations and initiatives. Maximizing both objectives is challenging, especially in a highly competitive and digitally connected business environment. Far too frequently, sacrifices in cyber defenses and...

When a network or device is compromised, it is critical to respond as quickly as possible in order to minimize the risk to your business. To have an almost instantaneous incident response, you have to do two things: you have to detect the incident immediately and you have to respond immediately. Here we’ll show how combining automated detection with network access control (NAC) can improve...