Digging in: Why Root Cause Analysis is Crucial in IR

Root Cause Analysis is Crucial in Incident Response

The primary objective of investing in cybersecurity controls is to prevent security incidents. However, no control is perfect – cyberattacks happen and data breaches, unfortunately, occur in the presence of even the most rigorous information security programs. In fact, more than 3.2 million records were exposed in the 10 biggest data breaches in the first half of […]

Got Patch?: Why Patch Management is Important for Cyber Security

Why Patch Management is Important for Cybersecurity

An effective patch management strategy is one of the foundations of an organizational cyber security strategy. However well understood this may be in theory, many organizations struggle to implement a good patch management program. In this post, we discuss the importance of strong patch management, patch management best practices, and how to implement a program […]

Cloud Security Using Defense in Depth

Cloud Security Using Defense in Depth

Many companies assume cloud security for their data falls under the responsibility of their cloud service provider (CSP): That this entity has adequate tools, policies and procedures in place for protecting the data with which they are entrusted. While this is true to some extent – certain controls within a comprehensive cloud security program must […]

Monitoring Telework Security with Disappearing Network Perimeters

Monitoring Telework Security in a World with Disappearing Network Perimeters

Many organizations’ security monitoring infrastructure is based upon the assumption that most employees are connected directly to the corporate LAN. By collecting data from Active Directory domain controllers, the perimeter firewall, server and workstation event logs, endpoint protection logs and other key on-premises based data sources an organization can maintain a high level of visibility […]

Using MITRE ATT&CK Framework for Beyond-Checkbox Cybersecurity

Using MITRE ATT&CK Framework for Beyond-Checkbox Cybersecurity

What is the MITRE ATT&CK Framework? MITRE’s Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) framework is a threat-focused tool bringing together information about the tactics, techniques and procedures (TTPs) adversaries use to compromise their targets. The goal of the framework is to collect all relevant and available information about the TTPs Advanced Persistent Threats (APT) […]

CISO Advice: Operating to a Cybersecurity Gold Standard During Crisis and Beyond

Cybersecurity Gold Standard

As we talk to our customers during this time, questions regarding this unprecedented situation understandably arise: Is Avertium able to stay up and running during the outbreak? How is Avertium ensuring data protection at the highest level when attacks have increased, and employees can’t physically report to work? Avertium’s ability to protect customer data through […]

Avertium COVID-19 Preparedness and Response: An Open Letter from CEO Jeff Schmidt

To our Avertium customer and partner community, With the developing coronavirus (COVID-19) situation worldwide, Avertium has actively taken steps to safeguard the health of our employees, mitigate the spread of the virus in the communities to which we are members, while ensuring the continuity of our operations and maintaining consistently high levels of service to […]