Evidence of Compromise – No Fun for CISOs

15 July 2020

Meet Ellen. As CISO for a regional bank, she spends her time spreading security awareness, coaching her managers, and supporting the selection of security tools. Ellen doesn’t know that her bank has been compromised, or that a nation-state has been funneling data out of her network with impunity. After three years of pleasant ignorance, Ellen happily retires from the bank and moves to Florida where she enjoys sailing.

The Latest

‘Everyone is welcome’ – Microsoft security panel offers different perspectives on vulnerability disclosure process

Like so many events that fell victim to social distancing during the pandemic, Microsoft’s annual BlueHat conference was cancelled for both 2020 and 2021. This week the Microsoft Security Response Center (MSRC) instead held a virtual panel event discussing vulnerability disclosure.

Email Aliases Aren’t as Safe as You Might Think

Firefox and Apple are offering email alias options, but experts say while they’re helpful, they aren’t as safe as you might think, and should be used with other security measures.

Iran’s Lyceum threat group active against telcos, ISPs. Clopp hits unpatched SolarWinds instances. Mercenaries. Patch Tuesday.

Accenture and Prevailion describe the recent activities of the Iranian threat group Lyceum. It’s concentrated on installing backdoors in ISPs and telecommunications companies.

Copyright 2021 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.