Addressing Log4j Vulnerability
Log4j is a ubiquitous piece of software used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information. Recently, a very serious remote code execution (RCE) vulnerability in the popular Java logging package, Log4j (CVE-2021-44228) was disclosed, posing a severe risk to millions […]
Cyber Threat Intelligence, a.k.a. The Art of War
Cybersecurity is a thriving industry, both from the protection and prevention perspective and the threat actors and their growing arsenal. The good guys face a seemingly endless number of challenges. At times, it can seem impossible. Cyber threat intelligence (CTI) is the best solution to address the growing number of bad actors, the enormous amount […]
Protection from Distributed Denial of Service (DDoS) Attacks
A distributed denial of service (DDoS) attack is an intentional attempt to consume the resources of a network, website, service, or application. A tangible example is a large crowd of people blocking the entrance to a store, preventing anyone from entering. If no one can enter the store, service is denied. A DDoS attack is […]
General Data Protection Regulation (GDPR)
The GDPR stands for the General Data Protection Regulation, which is a comprehensive EU data protection law, adopted in May 2016, updating the existing EU data protection law (the 1996 Data Protection Directive) to further strengthen the protection of personal data of individuals in the EU. It takes full effect on May 25, 2018. […]
International Organization for Standardization (ISO 27001)
ISO 27001 provides an international methodology for implementing, managing, and maintaining information security within a company. This information security management system (ISMS) framework minimizes risk and ensures business continuity by proactively limiting the impact of a security breach. ISO 27001 is a globally recognized information security standard, with more than 40,000 organizations certified. ISO […]
Service Organization Controls (SOC2)
SOC2 is a compliance report standard defined by the American Institute of Certified Public Accountants (AICPA). These SOC2 compliance reports provide users with assurances about the controls at a service organization relevant to security availability and processing integrity of the systems used to process users’ data. It also covers the confidentiality and privacy of the […]