High-Fidelity Attack Surface Mapping
April 12, 2021Eliminate blind spots and hinder attackers using these three tips to create a high-fidelity map of your organization’s entire attack surface.
The ABCs of Azure Identity Governance Tools
April 12, 2021Discover the main Azure mechanisms for governing identities and providing access permissions.
NetFlow is the Wrong Way to Do Attack Surface Mapping
March 26, 2021If your organization relies on NetFlow data for asset management, you're likely overlooking vital information to map your attack surface.
Crawling Is the Wrong Way To Do Attack Surface Mapping
March 23, 2021When analyzing methods to identify assets, crawling should be one tool in the toolbox, but not the only one. If you use crawling exclusively, you’ll likely miss a lot of assets.
AWS’s Access Analyzer Preview Access is Great — But Is It Enough?
March 16, 2021Learn the ins and outs of the preview access capability in Access Analyzer.
Deconstructing Azure Access Management using RBAC
March 10, 2021Take a focused look at the basics of Azure RBAC (role based access control) -- the main mechanism in Azure for granting permissions to resources. Familiarize you with Azure AD identities and find out how to grant them access to your organization’s resources.
Infrastructure as Code Security Requires Programmatic Controls
March 9, 2021Empower develops with a programmatic approach to security. Here's what you need to know. The concept of shifting security as far left into development as possible is not new, and it is fairly easy ...
Static Lists Are The Wrong Way to Do Attack Surface Mapping
March 8, 2021When identifying and cataloging assets, static lists leave your organization vulnerable to constant changes across your attack surface.
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065: Four Zero-Day Vulnerabilities in Microsoft Exchange Server Exploited in the Wild
March 2, 2021Four zero-day vulnerabilities in Microsoft Exchange servers have been used in chained attacks in the wild.Update March 8, 2021: The Identifying Affected Systems section has been updated with informati...
Keep Your IAM Users Close, Keep Your Third Parties Even Closer
January 28, 2021Technical and legal controls that you take for granted when managing cybersecurity policy within your organization are usually out of reach when a third party is compromised.
Auditing iam:PassRole: A Problematic Privilege Escalation Permission
January 13, 2021How to determine which identities need iam:PassRole to help enforce “use it or lose it” least privilege.
Cloud infrastructure is not immune from the SolarWinds Orion breach
December 23, 2020Organizations exposed to the SolarWinds breach must identify exposed credentials and rotate them asap.