Thanks to marketers, salespeople, and old school big-iron IT grognards, the term "Cloud Computing" has become as amorphous as its puffy, shapeshifting namesake. Movies, commercials, scandals, and phone features have thrown the term around to the point where it has become very difficult for the average IT professional to define. Cloud has hit a point in its hype cycle where people understand just enough to be dangerous -- and this lack of knowledge tends to lead to misconception and oversimplification of an otherwise deeply stratified and diverse set of technologies. In this blog post, I aim to debunk for the Cloud Noobs out there…
Read More
Phishing is a form of attack that often uses email to get access to your company’s data. The emails are designed to get the victim to feel compelled to take action so that they will hand over sensitive information or download malware to give the attacker access to all sorts of data, records, and more. There are a few precautions you can take to avoid such attacks.
Read More
Even though your home network is not a corporate network you are still at risk for cyber crime and attacks. Whether it is a crypto virus locking up your family photos or attackers stealing your payment information, there are real reasons to want to protect your home network. Jeremy went into it a bit in our last blog about network segmentation. While this is just one thing you can perform as a home network protector, there are other steps you can take to ensure you are doing the best you can to keep your family's information safe. Some of these items are easy for the…
Read More
"We need to be compliant so we can pass an audit!" This phrase makes us shudder. Forget being compliant because it is the right thing to do - or because it more times than not leads you down a path to better configuration management or stronger business processes. Many organizations view compliance as an obstacle they must overcome. It impacts numerous business areas, and cybersecurity is no exception. From NERC-CIP to NIST to SOC 2, organizations scramble to make sure their policies and technologies meet these different standards. Whether they do this because it's right or because it's required is only a…
Read More
What is SIEM? SIEM (usually pronounced 'seem' or 'sihm') stands for Security Information and Event Management. It comes in several forms and various price points, including as a software product, appliance or as a service. SIEM collects log and event information from servers, security devices, network devices and applications. It's a single window into all of your network activity. If you like movie references, think of it like the eye of Sauron tirelessly watching your network landscape... But it doesn't just collect the data. It normalizes, correlates and sorts everything into useful categories like threats, failed logins, successful logins, firewall…
Read More