Blog
Thought leadership and musings on security topicsBy Category

Malvertising (the nefarious practice of placing digital ads leading to malware) has been making a resurgence over the past few weeks. For quite a while, cybercriminal gangs have been making fake websites leading to downloads of ...

Zero trust network access (ZTNA) is becoming increasingly relevant as the concept of the network perimeter, and the traditional "castle-and-moat" mentality of cybersecurity becomes obsolete. The advent of mobile devices, Wi-Fi ...

The idea of customer self-service has been around since 1833 when Percival Everett’s first self-service vending machines appeared in London, selling postcards. But when it comes to IT, many organizations find self-service daunting ...

Virtual Private Networks (VPN) have been widely used as a solution for secure remote access for decades. However, as organizations have come to rely more fully on remote access as a strategic part of their business, legacy VPNs have ...

Introduction
There’s no escaping the number of breaches occurring daily, our media is full of them. As practitioners it feels like we’re pushing rope uphill as we try to convince organizations to adopt the basic security practices ...

Protecting users against malicious sites and enabling acceptable use policy (AUP) may be accomplished using some basic tools, however, modern organizations don’t have the resources or time to discover, track, and analyze millions of ...

So you’re in charge of your organization’s DNS and hybrid access, and part of the job is providing DNS records to make systems easily accessible but you also need to make sure that you're preventing spoofed domains, which can lead to ...

What is the VMware ESXi OpenSLP heap-overflow vulnerability (CVE-2021-21974)?
A new heap-overflow vulnerability (CVE-2021-21974) has been discovered in the VMware ESXi OpenSLP service. This vulnerability allows attackers to execute ...

With IPSec, SSL, TLS, VPN, SDP, and ZTNA tunnels, it may sometimes become confusing to figure when to use which. IPSec was mostly used for site-to-site VPN and we’re going to focus on remote access. Clearly, there are different types ...

Corporate employees are often required to do work that involves using publicly-accessible resources (e.g., Salesforce or a staging website), which go beyond the bounds of private network control. In light of the need to connect their ...

VPNs, or Virtual Private Networks, have been around for quite some time. But in their legacy form, remote access VPNs are not the safest security solution in this post-COVID, work-from-anywhere, hybrid work environment we live in ...

The negative effects of checking for user credentials at the beginning of a session and granting hours-long access have surfaced many issues, sometimes leading to major security incidents, for users and organizations alike. ...