Enterprise Security: Tools, Reviews, Tips and Tricks
In the past, corporations and large organizations were usually the targets of cyber attacks. Today, however, organizations of all sizes need to be mindful of cyber threats lurking in the wild, and need to work towards a goal of impenetrable security.
Along with our Tips category that shares resources for the more strategic side of cybersecurity, our “Enterprise Security” category tackles the risk of unauthorized access and the securing of all entry points.
Enterprise security covers all strategies, techniques and processes that secure digital assets and critical information against malicious attackers trying to gain unauthorized access to an organization's system and networks. This area encompasses the “Technology, People and Processes” involved, with the goal of focusing on the strategic, legal and cultural requirements needed to protect an organization’s information.
In this category, you’ll find in-depth information about different aspects of enterprise security, including common security risks for organizations of all sizes, concepts such as Zero Trust, advanced persistent threats, ransomware attacks, and of course, a bit on the security teams responsible for creating and maintaining the cybersecurity posture of an organization — red teams, blue teams, purple teams, security operations centers, and more.

August Product Update: Exposed Admin Panels, Risk Rules API, Risk History by Host, and more!
At SecurityTrails we continuously upgrade, improve and enhance the quality of user experience in our Attack Surface Intelligence platform.

Atlassian Confluence on-premise vulnerability: Remote access with a hard-coded password
This vulnerability affects on-premise installations of Confluence, where the “Questions for Confluence” add-on is installed or has been installed at any point. Admins should update their instances immediately and ensure they have not been compromised.

Popular Misconfigurations that Make Containerized Apps Vulnerable to Attacks
With today’s staggering number of internet users, and the fact that web applications themselves are doing more than they ever have in the past, scaling, maintaining, and developing large web applications has become a significant challenge for DevOps teams.

Guide and Enrich Red Team Operations with Attack Surface Intelligence
One of the many cognitive spaces where cybersecurity practitioners often like to boast of ingenuity lies in the realm of adversarial emulation.

Journey to the Underbelly of the Beast: Out-of-Band Management Security and the Attack Surface
As of this writing, enterprise networks around the world are still known to be supporting some form of hardware-based remote access and control capability, collectively referred to as out-of-band management (OOBM), as a fallback mechanism to provide system administrators with an alternate data path to computing elements that may otherwise be unreachable through more traditional network media.

The CVE Approach: A Reductionist Way to Handle the Attack Surface
As recently as the 1990s, the information security industry lacked a fundamental mechanism to deal with the notion of sharing both hardware and software vulnerabilities using any sort of meaningful taxonomy.

How to detect developer mistakes before the bad guys do
Web development is one of the largest, if not the largest, sectors in the current tech space. Everything you see on the internet falls more or less into the web development category, which ranges from basic website UI and UX development to complete application frontends and backends. And the surface area of web development is probably the largest it’s ever been.

RDP: Risks and Prevention Tips for Your Attack Surface
The Remote Desktop Protocol (RDP) belongs to a subset of ITU-T protocol standards purposely designed to provide reliable transport of visual, input, control, and component-sharing data and capabilities from one remote computer system to another.

Attack Surface Intelligence: When the Power Comes from the Data
In the current era of the remote workforce, businesses have struggled to meet customer and stakeholder expectations of evolving cyber threats. While organizations choose the best option to update their internal security posture continuously, they often do very little to monitor external threats on their attack surface.

Preventing Subdomain Takeover Attacks with Attack Surface Intelligence
Next year will mark the 40th anniversary of the creation of the Domain Name System (DNS) by Paul Mockapetris, a pioneer of the IT industry whose forays into early distributed systems and email delivery applications led to the groundbreaking naming exchange that permeates today’s internet.