Off the top of your head, what percentage of endpoints in your organization are currently protected? Something in the 98 percent+ range? Most enterprises would say having fewer than 2 percent of endpoint devices lacking adequate security would be considered ... continue reading

As the number of home-based workers has accelerated in the last few weeks, it’s introduced new challenges. You may want to expand the number and types of devices employees can use to access company resources. You need to support a ... continue reading

True to form, human-operated ransomware campaigns are always on prowl for any path of least resistance to gain initial access to target organizations. During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found ... continue reading

For our second stop on the journey to holistic cloud protection with the Microsoft 365 security stack we will be discussing Device security. For anyone new joining us on this journey please ensure you check out Part I: Overview and ... continue reading

With the bulk of end users now working remotely, legacy network architectures that route all remote traffic through a central corporate network are suddenly under enormous strain. The result can be poorer performance, productivity, and user experience. Many organizations are ... continue reading

Following a short hiatus, Astaroth came back to life in early February sporting significant changes in its attack chain. Astaroth is an info-stealing malware that employs multiple fileless techniques and abuses various legitimate processes to attempt running undetected on compromised ... continue reading

The world has changed in unprecedented ways in the last several weeks due to the coronavirus pandemic. While it has brought out the best in humanity in many ways, as with any crisis it can also attract the worst in ... continue reading

It has been almost eight years since I first wrote a blog on IIS best practices. During this time, several new versions of IIS have arrived, some reached end of lifecycle; we were introduced a new development platform called .NET ... continue reading

Gaining kernel privileges by taking advantage of legitimate but vulnerable kernel drivers has become an established tool of choice for advanced adversaries. Multiple malware attacks, including RobbinHood, Uroburos, Derusbi, GrayFish, and Sauron, and campaigns by the threat actor STRONTIUM, have ... continue reading

With many employees suddenly working from home, there are things an organization and employees can do to help remain productive without increasing cybersecurity risk. While employees in this new remote work situation will be thinking about how to stay in ... continue reading