Blog

‘Tis the season for budget planning. With 2019 coming to a close, you may be scrambling to put together a coherent proposal for 2020. And if you’re lucky, you may have some leftover budget that you need to spend wisely.   Focal Points for 2020 Budgets Analyst firm IDC forecasts a 10% increase in spending around security analytics and SIEM solutions, as well as more than a 10% increase in cyber threat intelligence. Automated continuous security testing, performed using breach and attack.

Continuous security testing is the practice of challenging, measuring and optimizing the effectiveness of security controls on an ongoing basis, using automated testing tools, in order to continually identify new security gaps as they emerge, so they can quickly be fixed. Also called “security effectiveness testing,” the objective of continuous security testing is to find out how effective an organization’s current security controls are, uncover new security gaps as soon as they arise, and.

Cymulate is proud to usher in a new age in the cyber security of small and midsized business (SMBs). With the launch of our new BAS for SMB bundles, it has never been simpler and more affordable to get your security posture up to par with the most security-mature enterprises. When it comes to cyber security, small and medium sized enterprises (SMEs) have it hard. Aware of their limited cyber security resources, threat actors specifically target them for their commercial accounts. According to.

Originally an offshoot of CrySiS, the Dharma ransomware family has brought forth a new variant, as part of its ongoing creation of new strains. In this blog post, we analyze the latest variant found in the wild by malware researcher Jakub Kroustek. Cymulate customers can check if they are vulnerable to this threat by running an Immediate Threat Intelligence simulation of this variant, uploaded to the dashboard on 28th July 2019. (Login to the dashboard here.) Overview Dharma has been operating.

In the beginning there was pen testing. Then, developers accelerated pen testing with automated pentesting tools. Next, came the realization that instead of just one pen tester, a full team of pen testers could be deployed. Instead of seeking and exploiting security gaps opportunistically, they would perform reconnaissance work ahead of time, then plan and carry out a multi-step, multi-vector attack across the cyber kill chain, mimicking today’s sophisticated cyber heists and advanced.

The lead up to this year’s 4th of July has been chockful of cyber events, from cities getting extorted, through triple-threat ransomware, to state-sponsored APT activity. Here’s a recap of last month’s cyber threat highlights. The month started with AMCA (an American billing collections service provider) announcing on June 3 that an unauthorized user had accessed its system containing personal information that AMCA had received from various entities. The personal data of 11.9 million customers,.

In the last few years, APT attacks conducted by individual cybercriminals, organized crime and state-sponsored groups have become prevalent and sophisticated, bypassing standard security controls such as APT, or Advanced Persistent Threat, is a sophisticated attack in which a person or group attains access to a network and remains undetected for an extended period of time.   The DarkHydrus APT Attack Let’s have a closer look at how APT threat actors operate by looking at a recent APT attack,.

In our first blog post, we explained what MITRE’s ATT&CK™ framework is and how it can assist with cyber security. In this blog post, we will have a closer look at how Cymulate’s BAS platform can utilize the ATT&CK framework to boost the security posture of organizations. In general, MITRE’s ATT&CK™ and Cymulate’s BAS platform are perfectly in sync, which is good news for organizations and bad news for cybercrooks. Cymulate covers all Tactics and Techniques of MITRE’s ATT&CK™ matrix an.

Why Cybersecurity Is Critical for a Successful M&A In its “Cybersecurity Is Critical to the M&A Due Diligence Process” research note, Gartner points out that the M&A process is complicated by the inability to integrate and manage the cybersecurity practices of both companies. As part of the due diligence process, the acquiring company needs to examine the cybersecurity history and policies of the organization that it wants to acquire very carefully, as illustrated by the takeover of Yahoo by.

In March 2017, the New York State Department of Financial Services (NYDFS) issued a new regulation, the much discussed 23 NYCRR part 500. Considered to be one of the harshest cybersecurity regulations ever to impact companies, it consists of a new set of standards and requirements for banks, insurance companies, and other financial services organizations. It means that all businesses licensed by the New York DFS and "operating under or required to operate under a license, registration, charter,.