Why Not to Set Domains to Private IPs
“An ounce of prevention is worth a pound of cure.” ― Benjamin Franklin The concept of risk is ubiquitous across the cybersecurity landscape. In this day and age, it is difficult to envision any security-conscious organization not having alluded, hopefully more than once, to the serious consequences attached to avoiding the subject, particularly when it comes to protecting its most sensitive digital assets and personal data.
Attack Surface Monitoring: Definition, Benefits and Best Practices
The firewall, IDSs, EDR platforms and proxies are your first line of defence. They’re the locks to your entire network, and your scanners are the security cameras that allow you to see what goes on inside. And while these security controls traditionally help to achieve a decent security posture, the threat landscape is rapidly and constantly changing—along with your attack surface.
Top 10 Problems with Your Attack Surface
With the increasing attack surface of web applications, it’s become even more important to identify and understand the most common attack surfaces and how easily problems in your own web application can develop.
Brute Force Attacks: Definition, Types, Examples and Protective Measures
The problem-solving principle of Occam’s Razor that claims that “the simplest solution is almost always the best” also applies to the realm of cybercrime.
Top 5 Tips for Securing Your Dev & Test Environments, and Why You Should
In his seminal work, The Mythical Man-Month, Frederick Brooks Jr. tells us that software development is homologous to a tar pit where many efforts flounder regardless of the appealing nature of the task or the relative tractability of the underlying physical medium. In what he calls one of the “woes of the craft”, the author goes on to explain that the pervasive optimism among programmers regarding the conception of a software project is rarely maintained after we take into account the set of complex interdependencies commensurate with others’ skills and objectives.
Introducing ASRv2: The Next Level in Attack Surface Reduction
After months of hard work, we’re excited to announce the immediate availability of our Attack Surface Reduction tool’s latest version: ASRv2!
Infrastructure as Code: Is It as Secure as It Seems?
Alongside the rise of public clouds, managing the infrastructure of private clouds has never been easier. Tools like Terraform are available, but increasing dependence on them means it’s necessary to understand the security implications they present. After all, your entire infrastructure is dependent on, and accessible through, such a configuration—it’s essentially infrastructure as code, or “IAC”, passed through a tool like Terraform.
Attack Surface Management: You Can’t Secure What You Can’t See
A report from 2016 predicted that 30% of all data breaches by 2020 will be the result of shadow IT resources: systems, devices, software, apps and services that aren’t approved, and in use without the organization’s security team’s knowledge. But shadow IT isn’t the only area where security and IT teams face issues with tracking and visibility.
JARM: A Solid Fingerprinting Tool for Detecting Malicious Servers
The literature on defensive security unanimously recognizes one fact: every so often, a tool comes out that provides blue teamers with an important advantage over their adversaries. This ever-elusive quest features essential requirements and commonalities, such as the ability to proactively seek and detect malicious hosts, or the capacity to swiftly respond to targeted network threats. And with a sharp rise in the number of incidents involving some form of malware or command and control (C2) activity resulting in data theft, vendors are in a tight race to gain their customers’ trust—by leveraging newer alternatives to legacy solutions amidst shrinking budgets.
SecurityTrails Year in Review 2020
The year is almost over, can you believe it? And 2020 has been one heck of a year. With so many ups and downs, we can all agree to breathing a sigh of relief once its end was in sight. Yet however the year treated us, we’d like to acknowledge many good moments and memories made.