Blogs

Security Validation in 2021: Why It's More Important than Ever

Earl Matthews, VP of Strategy, Mandiant Security Validation  •  December 10, 2020

The past year has been marked by economic uncertainty stemming from the global pandemic, which has also created an expanded remote workforce and broadened the attack landscape.

Insurance Fraud is Evolving: So Must Our Response

Dennis Toomey, Global Director, Counter Fraud Analytics and Insurance Solutions, BAE Systems Applied Intelligence  •  November 25, 2020

Outpace the Attackers with the Latest Frontline Intelligence

Kimberly Goody, Senior Manager at Mandiant Intelligence  •  October 28, 2020

Continuously Validate Security to Maximize the Value of Your Investments

Earl Matthews, VP of Strategy, Mandiant Security Validation  •  September 22, 2020

The 2020 Security Effectiveness Report shares our findings from an evaluation of 100+ enterprise production environments globally across every major vertical.

Fraud Thrives in a Crisis - Why The Insurance Community Needs to Stay Vigilant

Dennis Toomey, Global Director, Counter Fraud Analytics and Insurance Solutions, BAE Systems Applied Intelligence  •  April 21, 2020

Alongside the sad and vast expense of legitimate claims, it is an unfortunate fact that in times of economic hardship, people have a history of taking any opportunity to exploit financial institutions for ill-gotten gain.

7 Habits of Highly Effective (Remote) SOCs

Jon Hencinski  •  April 20, 2020

As organizations shift to a remote workforce for their SOCs, they need to keep in mind seven daily habits. Here's a guide.

What's the Return on Investment of a Vendor Management Platform?

Tony Howlett  •  March 24, 2020

An emerging technology, Vvendor Privileged Access Management (VPAM) can provide both operational efficiencies and increased security in your projected ROI analysis. And that is a rare combination in InfoSec these days.

Growing Medical Device Sophistication Opens Security Issues

Tony Howlett  •  January 29, 2020

Securing medical devices properly is of crucial importance. However, before this goal can be completely achieved, there are several challenges to overcome.

NIST 800-171 & Why Organizations Need Password Similarity Blocking in Active Directory

Josh Horwitz  •  January 7, 2020

Adopting the policies in NIST 800-171 brings multiple security-related benefits, including best practices for data access policies, reduced risk of data breaches and insider threats, and a scalable approach to protecting sensitive data.

Identity Theft Protection: A Crucial Consideration in Today's Heightened Environment

Allen Spence  •  December 16, 2019

According to the Identity Theft Resource Center, there were over 1,200 reported breaches last year alone, which exposed over 400 million records.

The Hidden Cost of a Third-Party Data Breach

Tony Howlett  •  December 4, 2019

Your best bet to avoiding the potentially exorbitant costs of a vendor hack is to not have one in the first place. A solid vendor risk management program, backed up by technology, policies, and procedures is the best protection. Good review and audit processes can catch any vendor-related problems before they become...

4 Key Considerations for Employee Password Hardening & Compromised Password Monitoring

Mike Greene  •  November 19, 2019

The new method of weak and compromised continuous password monitoring can reduce user frustration and IT burden.

4 Automated Password Policy Enforcers for NIST Password Guidelines

Mike Greene  •  November 15, 2019

3 Key Risks with Employee Passwords in the Financial Services Industry

Josh Horwitz  •  October 14, 2019

One of the most common threat vectors plaguing financial services institutions is the employee password.

Introducing Continuous Password Protection for Active Directory

Josh Horwitz  •  September 6, 2019

With widespread use of Active Directory across industries and organizations of all sizes, it is frequently a target for bad actors who can use a cracking dictionary or exposed credentials to gain unauthorized access to an employee's account.