Snort

Securing the power grid: Are you ready for NERC CIP’s upcoming mandate?

Posted on by Admin
Securing the power grid: Are you ready for NERC CIP’s upcoming mandate?

A defense-in-depth strategy is one that protects organizations from attacks that bypass the first layer of security controls. It is a well understood concept, and one that has been adopted by most organizations over the years. However, until recently, the North American Electric Reliability Corporation (NERC) presented a gap where regulation required securing the electronic security perimeter (ESP), but there were no further security controls beyond the network perimeter. If utilities followed NERC CIP, and…

Read More

Determining the 10 most critical vulnerabilities on your network

Posted on by Admin
Determining the 10 most critical vulnerabilities on your network

When it comes to staying on top of security events, a good application that alerts on security events is better than none. It stands to reason then that two would be better than one, and so on. More data can be a double-edged sword. You want to know when events happen across different systems and through disparate vectors. However alert fatigue is a real thing, so quality over quantity matters. The real power of having…

Read More

The myth of the long-tail vulnerability

Posted on by Admin
The myth of the long-tail vulnerability

Modern-day vulnerability management tends to follow a straightforward procedure. From a high level, this can be summed up in the following steps: Identify the vulnerabilities in your environment Prioritize which vulnerabilities to address Remediate the vulnerabilities When high-profile vulnerabilities are disclosed, they tend to be prioritized due to concerns that your organization will be hammered with exploit attempts. The general impression is that this malicious activity is highest shortly after disclosure, then decreases as workarounds…

Read More