Cloud Security and Governance – Mind the Security Gap Workloads are migrating to the Cloud with ever increasing speed and efficiency. For the most part Enterprise Cloud platforms are more secure than their on-premises counterparts (particularly for small businesses that have often lacked resources and budgets to secure infrastructure accordingly). However, as a business has…
Penetration Testing Penetration testing is essentially recreating malicious attacks in order to exploit and identify gaps within an organisational system. Why an organisation should consider continuous penetration testing? Often penetration testing is completed on the basis of a bi-annual or annual test. There-after the findings are subject to change at the next subsequent release of…
Vulnerability Management – Assessment and Patching An effective Vulnerability Assessment (VA) approach Organisations are most likely to fall victim to automated, indiscriminate attacks which use known vulnerabilities to compromise an environment. Patching, remediating and mitigating the right vulnerabilities at the right time is critical to an organisation’s overall security strategy. However, with the amount pf…
Managed Detection and Response (MDR) What is a Managed Detection and Response service? Managed Detection and Response services extend an organisation’s security program beyond the essential preventative technology set (such as End point and Edge protection measures) to address advanced threat hunting, detection, response and monitoring activities. Fill in your advanced threat detection gaps with…
Endpoint Detection and Response Solutions – EDR / XDR / MDR Endpoint Protection Platforms (EPP) are ever evolving, changing, and growing. If you speak to any vendor of EPP, they will come up with value-added benefits to tempt your business to go with their product rather than a competitor, but the truth be told, the…
SOAR – Security Operations, Analytics and Reporting Orchestration and Automation of incident response are key elements for resource constrained Security Operations teams and larger organisations seeking to mature their security operations and incident response processes. Secure-ISS currently considers SOAR as an advanced function or toolset within a layered defence in depth strategy. What is SOAR?…
Threat Intelligence What is Threat Intelligence? Threat intelligence is information about the activity taking place inside an organisational environment that might result in attacks against that environment (presently or at some point in the future). Further, other forms of threat intelligence can provide visibility on external threats that may at some point in the future…
CASB – Cloud Access Security Broker Cloud Access Security Brokers (CASB) provide visibility and control of cloud-based services for organisations of all size. Over recent years, the number of vendors have increased along with the overall capabilities of the solutions on offer. Why are CASB’s so important to an organisation? With traditional endpoints and network…
Least Privilege Access Control A “Least Privileged” access control regime provides users with only the minimum level of privilege required to complete their role and day to day activities. So how do you achieve such an outcome without adding further workload to already over-burdened help-desk teams and increasing user frustration? As part of the wider…
Incident Response Process Incident Response Planning Not to be too negative, but a serious security incident is a question of WHEN and not IF in today’s digital world. Effective response plans mitigate the potential damage caused by a security incident. What is an Incident Response Plan? An incident response plan outlines how your organisation will…
