Hardening Systems Against Attacks Like SolarWinds

March 24, 2021 / by Chuck White

How Key Management, PKI Controls, and Zero Trust Principles are Applied to Thwart Advanced Persistent Threats (APTs)

For years, cybersecurity professionals argued the importance of “zero trust networks” and their concerns have been fully validated in the wake of the SolarWinds incident. Hacking techniques likely used in the SolarWinds Sunburst attack include mapping of sIDHistory, Primary Group ID, as well as AdminSDHolder to help identify and obtain cached Active Directory credentials. The compromised SAML keys and cryptographic materials were then likely used to execute administrative control and exfiltrate data over an extended duration.

Read more

The cost of not meeting NIST 800-171 requirements...more than a missed opportunity

February 08, 2021 / by Charisma Burghouts

The Department of Defense (DOD) put out a deadline mandating that specific controls for Covered Defense Information (CDI) and Controlled Unclassified Information (CUI) residing in nonfederal information systems be in place. Many DOD contractors and subcontractors have missed the deadline and are scrambling to update their cybersecurity standards.

Read more
1
Page 1 of 1

Subscribe to Email Updates

Recent Posts