Orenda Security LLC

Are you mastering your cloud infrastructure management ? ?? Cloud Infrastructure Management: 10 Best Practices for Success ?? We can only highly support the point 9 in regards to conducting periodic reviews and audits ?? We'd even go further than this, while point in time assessment are a great baseline to build a posture enhancement roadmap, you'd ideally implement a continuous process to make sure your cloud security posture doesn't deteriorate over time ?? Reach out for more about this ! #cybersecurity #cloud #cloudmanagement https://lnkd.in/e9-JR7Xf

Cutting edge technology based on the hype is not meaning that security is properly covered "Wake Up And Smell The Ransomware—Starbucks Impacted By Cyber Attack" ?? Fact is, all the technology stack involved in digital transformation and innovation should be treated according to your third party risk management plan. ?? This involves applying the same due diligence as you do on your existing stack, to avoid affecting your posture when ramping up new systems, even when they are from third parties. ?? From your software bill of material (SBOM) to your stack architecture inventory, are your controls in place ? #cybersecurity #securityassessment #technology #digitaltransformation https://lnkd.in/ggb28fRK

An interesting take from threat actors, as they use an actual security solution driver to shutdown other security solutions on systems. "Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections" ?? According to the article, the initial access is unknown, so the payload delivery is not clear yet. ?? Hopefully you do have layered security in place, with overlapping security controls in order to detect unwanted behavior and payloads in your systems. #cybersecurity #threatintellingence #technology https://lnkd.in/gFsJ5tes

Whether developed in-house, or from third party, your deployed online applications should follow proper security review. ? Cross-Site Scripting Is 2024's Most Dangerous Software Weakness ? MITRE and CISA's 2024 list of the 25 most dangerous software weaknesses exposes the need for organizations to continue to invest in secure code ? Cross-Site Scripting allows attackers to run their malicious scripts on your online applications, making it look like they belong to your organization. #cybersecurity #xss https://lnkd.in/ekTKFA42

Technical security controls are just a part of your resilience plan. "Don’t Hold Down The Ctrl Key—New Warning As Cyber Attacks Confirmed" ? As threat actors focus on creative ways to bypass your organization's security, you must ensure you keep your staff aligned with the best behavior in such situations. ?? Best practices, security controls and policies are a great baseline, but keeping your teams aware is also a key element, with #cybersecurity awareness training ? Wherever you are in your security journey, we can support your continuous enhancement efforts, from validating your existing posture, to support your organization maintaining an acceptable risk posture over time. #rismanagement #cybersecurityawareness https://lnkd.in/esm-GNXs

A proper security posture is a continuous work, it needs regular assessments, a proper integration in change management, and timely security updates "Palo Alto Networks Patches Critical Zero-Day Firewall Bug" ? Expedition firewall appliance's PAN-OS interface tool has racked up four critical security vulnerabilities under active attack in November ? This did lead to advise customers to update immediately or and take them off the Internet. ?? Depending on the risk and exposure, timely can mean immediately. Have you considered maintaining a layered security approach ? #cybersecurity #paloalto #pan #panos https://lnkd.in/eiS2b8NN

Threat intelligence helps organizations to assess the risks they face. The vertical in which the business is working, is a key factor in regards to cyber risks. "Moody’s Cyber Heat Map flags extreme cyber risks for critical infrastructure, impacting telecommunications and airlines" Organizations in such verticals could use such intel to adjust their security posture and adjust their risk evaluation accordingly. #cybersecurity #threatintelligence #riskmanagement https://lnkd.in/eiNhDHjX

?? The third party risk assessment task is a critical one, as it helps your organization assess the impact of third parties on your attack surface. ?? "OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution" ?? When such situation appear, if you have a proper and formal third party risk management process, you'll quickly identify and tackle the potential impact of such situation. ? It's also a good opportunity to ensure this actually risk is identified and that you have security controls that compensate this risk (such as network segmentation, and any other overlapping control aiming at reducing the impact of such situation) #cybersecurity #IoT #cloud https://lnkd.in/gx89GfbY

Organization's security scope is often wider than expected. "New Android Malware SpyAgent Taking Screenshots Of User’s Devices" ?? Security purpose is to achieve information security, and ensure safety in organizations ? Once security controls are compensating risks as expected, information governance can take place ?? Yet, organization's environment are dynamic, and security should be embedded in the change management process, ensuring continuous alignment with the operational reality. ?? Smart phone handling organization's data are fully part of the attack surface, and should be included in the security strategy, in order to maintain a proper security posture. #cybersecurity #governance #android https://lnkd.in/ea872rJf

Back to the basics on this Friday, with a reminder about backups ! "Mastering the 3-2-1 Backup Approach: What It Is and Why It Works" ?? Security is critical, and backups are a mandatory corrective control, in order to recover when things turn bad ?? Nowadays, most organizations employ cloud based services, for operations, and backups. When going with the cloud backup option, many factors and options should be considered, with 2 key elements : - Encryption, to protect confidentiality of backups - Immutable backups, to ensure that integrity is protected from A to Z ? Obviously, backups should be tested, on a regular basis, like your security posture should be continuously assessed. Ideally, you'd have a certified partner, supporting your organization to achieve your goals in a formal way. #cybersecurity #backups #resilience https://lnkd.in/e_gXEYDE