In in a recently-released report, a leading technology research and advisory firm recognized Solutionary as a Managed Security Services Provider (MSSP) leader in North America.
Analyst reports like this are extremely useful for enterprises that are considering vendors to provide a service, giving them advice and perspective on a range of potential vendors.
For this research, the firm chose participants based on their ability to deliver enterprise managed security services to clients in North America. Participating companies were evaluated based on 26 criteria grouped into the following three categories:
- Current offering
- Market presence
To learn more about the MSSP market and how Solutionary was evaluated, download the full report... read more >
Why Your Website May be Hacked Once Google Indexes It
The attack methodology usually follows these lines:
- Identify SQL input locations.
- Determine capability of injection.
- Use SQLi to exfiltrate data/install backdoor.
How do attackers identify vulnerable targets?
Top 5 FAQs for Transitioning From PCI DSS 2.0 to 3.0
As the January 1, 2015 submission date for moving from Payment Card Industry Data Security Standard (PCI DSS) 2.0 to 3.0 quickly approaches, organizations and security assessors have been diving into the details of assessments and new requirements. Many organizations are faced with challenges during this conversion phase.
As a security assessor, I am frequently asked questions about PCI DSS 3.0. Here are my top five FAQs:
When should I officially begin a PCI DSS 3.0 assessment?
There has been a lot of confusion about when to move to a PCI DSS 3.0 assessment, especially as assessments are kicking off in 2014. If an assessment begins in 2014, but the submission date is in 2015, then... read more >
Why Veterans are a Good Fit for IT Security Careers
Happy Veteran’s Day to all of you who are currently serving or have served previously in the U.S. military. Veteran’s Day gives all of us who didn’t serve an opportunity to honor those who did. Thank you for your service!
Honoring Those Who Serve
In his 1954 proclamation to commemorate November 11 as Veteran’s Day (known before as Armistice Day), President Eisenhower said,
I, DWIGHT D. EISENHOWER, President of the United States of America, do hereby call upon all of our citizens to observe Thursday, November 11, 1954, as Veterans Day. On that day let us solemnly remember the sacrifices of all those who fought so valiantly, on the seas, in the air, and on foreign shores, to preserve our heritage of freedom, and let us reconsecrate ourselves to the task of promoting and enduring peace so that their efforts shall not have been in... read more >
Will tap to pay actually be used by the public?
As described in my previous blog, "Apple Pay vs. Other Tap to Pay Providers," Google and Apple are essentially equal when it comes to security, with both of them outpacing SoftCard by a good bit. It’s important to note that they are all better and safer than traditional magnetic strip plastic cards, making the use of credit cards more secure. For more information on the different platforms, please see the first part of the Apply Pay series blogs, posted on Tuesday, October 28.
With the industry reeling from... read more >
With a rogue access-point (AP) in place, the attackers exited the building and made their way to a vehicle parked adjacent the location. Once inside, one attacker surveys the area while the other pivots a high-gain antenna toward the location of the malicious device. Connecting to the device and establishing a foothold into the internal network, he cracks a wicked smile and announces, “I’m in.”
There are several tools available for penetration testers that aid in a successful physical security assessment. These tools are widely available, and if used properly with solid social engineering tactics, can... read more >
Cybercriminals Continue to Provide Tricks, Not Treats
It really wouldn’t be right to wrap up National Cyber Security Awareness Month (NCSAM) on October 31 without a Halloween-themed blog.
The NCSAM topic for the final week of the month is “Cybercrime and Law Enforcement.”
It’s not hard to make the analogy of cybercriminals and hackers being “ghosts in the machines.” After all, these malicious actors move about invisibly, easily moving through the technical walls built to keep them out. It’s spooky stuff.
As we have seen throughout 2014, cybercriminals are actively at work, continuing to infiltrate systems and make off with valuable data – credit cards, healthcare records and other personally identifiable information (PII).
The numbers are frightening themselves. A McAfee report from June 2014 estimates that ... read more >