Blog

  • Another reason to disable SMBv1- EternalRocks

    A new worm named EternalRocks is in the news this week . EternalRocks leverages some of the same vulnerabilities and exploit tools as WannaCry but is potentially more dangerous because it exploits seven

    Read More
  • Mitigate “Wannacry” through SMBv1 disabling and hardening

    On May 12th a Ransomware campaign named “Wannacry” has been promoted around the world, successfully attacking organizations such as hospitals, critical government offices, manufacturers and banks. While the ransomware itself and the

    Read More
  • Misconfigured Servers and Applications Stated as One of 10 OWASP Critical Security Risks

    OWASP (Open Web Application Security Project) recently released its 2017 version of its Top 10 List – the Ten Most Critical Web Application Security Risks. As you may know, OWASP is

    Read More
  • Critical hardening requirement from Microsoft- Disable SMB1

    On February 2017 Microsoft released MS17-010, a security update that prevents denial of service and remote code execution. If you need this security patch, you already have a much bigger problem: you

    Read More
  • Server hardening is crucial for warding targeted attacks

    Today’s internal security threat landscape is rapidly changing. Overcoming the threats related to the basic assumption that the attacker has already penetrated our premises is extremely challenging. Both CIS/SANS 20 security controls and

    Read More
  • 20 steps to prevent ransomware attacks

    This article shares some tips and actions that you can take to make your organization (both environment and employees) better capable of dealing with the risk of ransomware attacks. Computer Ransomware is

    Read More
  • Do you need a PCI-DSS-compliant hardening policy?

    Server configuration hardening is a basic requirement for compliance with PCI-DSS V3.2. Server hardening is a fundamental process that ensures the security of servers in the network by reducing the servers attack

    Read More
  • Integrating security best practices to production environments

    The gap between IT and security teams recently defined by analysts as the “SecOps” gap is a significant pain point for every enterprise. The two teams have a fundamental conflict based

    Read More
  • SANS CSC No. 3, When security goes behind the security team

    Security is complicated. The growing threat landscape and multiple breaches encourage security professionals to play a proactive role in securing their organizations. There is a lot of buzz out there that

    Read More
  • Security policy baseline deployment, why is it so challenging?

    A lot have been said about server security baselines, but still a great amount of heavily regulated organizations are struggling to show compliance with hardening baseline requirements.   Server security baseline deployments

    Read More
  • Privileged/Service accounts passwords, when was the last time your IT changed them?

    Privileged accounts represent one of the largest potential security vulnerability an organization faces today. In the hands of an external attacker or malicious trusted insider (such as IT administrators), privileged accounts

    Read More
  • Server hardening, why should you automate it?

    Server security hardening is an essential element for preventing targeted attacks, as outlined in  recent researches reported by both Gartner and the NSA. Consistent, continual IT security hardening is your enterprise’s most

    Read More