Solutionary Recognized as an MSSP Leader

Jon-Louis Heimerl

November 20, 2014 - Posted by Jon-Louis Heimerl to Security Insight

In in a recently-released report, a leading technology research and advisory firm recognized Solutionary as a Managed Security Services Provider (MSSP) leader in North America.

Analyst reports like this are extremely useful for enterprises that are considering vendors to provide a service, giving them advice and perspective on a range of potential vendors.

For this research, the firm chose participants based on their ability to deliver enterprise managed security services to clients in North America. Participating companies were evaluated based on 26 criteria grouped into the following three categories:

  • Current offering
  • Strategy
  • Market presence 

To learn more about the MSSP market and how Solutionary was evaluated, download the full report... read more >

Protecting your Website from SQL Injection Attacks

Why Your Website May be Hacked Once Google Indexes It

Jacob Faires

November 18, 2014 - Posted by Jacob Faires to Security Insight

SQL Injection

SQL injection (SQLi) vulnerability on a website is a big fear for a web developer, a bigger fear for a business and one of the biggest fears for anyone involved with finance or point-of-sale (POS).

The attack methodology usually follows these lines:

  1. Identify SQL input locations.
  2. Determine capability of injection.
  3. Use SQLi to exfiltrate data/install backdoor.

How do attackers identify vulnerable targets?

Tools with SQL scanning capabilities, like Burp Suite, Havij and Acunetix, are able to discover vulnerabilities in websites, but they are not the most common way to... read more >

PCI DSS 3.0

Top 5 FAQs for Transitioning From PCI DSS 2.0 to 3.0

Chris Gida

November 13, 2014 - Posted by Chris Gida to Security Insight

PCI Compliance

As the January 1, 2015 submission date for moving from Payment Card Industry Data Security Standard (PCI DSS) 2.0 to 3.0 quickly approaches, organizations and security assessors have been diving into the details of assessments and new requirements. Many organizations are faced with challenges during this conversion phase.

As a security assessor, I am frequently asked questions about PCI DSS 3.0. Here are my top five FAQs:

When should I officially begin a PCI DSS 3.0 assessment?

There has been a lot of confusion about when to move to a PCI DSS 3.0 assessment, especially as assessments are kicking off in 2014. If an assessment begins in 2014, but the submission date is in 2015, then... read more >

Veterans and IT Security

Why Veterans are a Good Fit for IT Security Careers

Joseph (JB) Blankenship

November 11, 2014 - Posted by Joseph (JB) Blankenship to Security Insight

Veterans Day

Happy Veteran’s Day to all of you who are currently serving or have served previously in the U.S. military. Veteran’s Day gives all of us who didn’t serve an opportunity to honor those who did. Thank you for your service!

Honoring Those Who Serve

In his 1954 proclamation to commemorate November 11 as Veteran’s Day (known before as Armistice Day), President Eisenhower said,

I, DWIGHT D. EISENHOWER, President of the United States of America, do hereby call upon all of our citizens to observe Thursday, November 11, 1954, as Veterans Day.  On that day let us solemnly remember the sacrifices of all those who fought so valiantly, on the seas, in the air, and on foreign shores, to preserve our heritage of freedom, and let us reconsecrate ourselves to the task of promoting and enduring peace so that their efforts shall not have been in... read more >

Apple Pay - Google Wallet - Softcard

Will tap to pay actually be used by the public?

Melinda Reinicker

November 06, 2014 - Posted by Melinda Reinicker to Security Insight

tap to pay

This blog series was co-written by Solutionary Minds bloggers Melinda Reinicker and Court Little. Melinda’s shopping expertise was expertly augmented by the payments prowess of Court.

As described in my previous blog, "Apple Pay vs. Other Tap to Pay Providers," Google and Apple are essentially equal when it comes to security, with both of them outpacing SoftCard by a good bit. It’s important to note that they are all better and safer than traditional magnetic strip plastic cards, making the use of credit cards more secure. For more information on the different platforms, please see the first part of the Apply Pay series blogs, posted on Tuesday, October 28.

With the industry reeling from... read more >

Social Engineering Techniques with Covert Gear

Tim Roberts

November 04, 2014 - Posted by Tim Roberts to Security Insight

social engineering

This blog was co-written by Solutionary Security Consulting Services consultants Brent White and Tim Roberts.

With a rogue access-point (AP) in place, the attackers exited the building and made their way to a vehicle parked adjacent the location. Once inside, one attacker surveys the area while the other pivots a high-gain antenna toward the location of the malicious device. Connecting to the device and establishing a foothold into the internal network, he cracks a wicked smile and announces, “I’m in.”

There are several tools available for penetration testers that aid in a successful physical security assessment. These tools are widely available, and if used properly with solid social engineering tactics, can... read more >

Ghosts in the Machines

Cybercriminals Continue to Provide Tricks, Not Treats

Joseph (JB) Blankenship

October 31, 2014 - Posted by Joseph (JB) Blankenship to Security Insight

cybercriminals

It really wouldn’t be right to wrap up National Cyber Security Awareness Month (NCSAM) on October 31 without a Halloween-themed blog.

The NCSAM topic for the final week of the month is “Cybercrime and Law Enforcement.”

It’s not hard to make the analogy of cybercriminals and hackers being “ghosts in the machines.” After all, these malicious actors move about invisibly, easily moving through the technical walls built to keep them out. It’s spooky stuff.

As we have seen throughout 2014, cybercriminals are actively at work, continuing to infiltrate systems and make off with valuable data – credit cards, healthcare records and other personally identifiable information (PII).

The numbers are frightening themselves. A McAfee report from June 2014 estimates that ... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | Older Entries >>

Voted Best Corporate Security Blog 2014
Solutionary is a leading managed security services provider. The Solutionary Minds blog is a place to learn about and discuss IT security and compliance topics.

Click here for the entire RSS feed.

Get the Solutionary Minds blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

 

LATEST TWEETS