TPG Blog

SecurY3t1 - Real Security for a Real World

Do Diligence?

Do Diligence?

As I travel around speaking, performing network assessments, and discussing security with various corporate leaders, I often hear a fairly consistent and disturbing mantra.

“If you find vulnerabilities and risks in our environment, then we will have to fix it.”

The prevailing wisdom from a security and compliance perspective seems to be.  “If we don’t know about it, we are not responsible for the risk it represents”.

Let me just clear this up…

W R O N G !!!!!!!!!!

Tip of the ‘Berg

Tip of the ‘Berg

If you know me, you know that I regularly preach the need for full scope penetration testing (internal and external with physical, digital, and social engineering attack methods). If I do not think and act as the bad guys do, I will likely miss attack vectors they may not.

I have done numerous external-ONLY penetration test assessments over the years. Many were very limited in scope and prompted by some compliance requirement or by a member of leadership who read about a breach and then decided to “have a look at our external network”.

SOLVED!!!

SOLVED!!!

I was recently fortunate enough to be the face of The Pinnacle Group’s CryptoChallenge at DerbyCon in Louisville Kentucky. I am always amazed to watch the depth of talent brought to bear in these type challenges and I marvel at the process of watching these big brains crunch away at complex mathematic and observational puzzles. This event was no exception. 

Burnin’ Down the House

Burnin’ Down the House

“Oh my God! The office is on fire!” David exclaimed to his wife as he hung up the phone and drug himself out of bed.

This was the moment he had dreaded for years. So many irreplaceable documents stored there. So much data to be lost.

The fire department had called and alerted him in the middle of the night and he was busy throwing on his clothes and rushing to the car to drive downtown. As he arrived, he saw several emergency vehicles and curls of smoke still rising from what was left of the south end of the building. That was where the documents storage room was and his heart sank. In the end, most of what the fire did not destroy was soaked from the attempts to quell the fire.

Your Ears as a Security Control

Your Ears as a Security Control

Recently, I was at a customer site to discuss monitoring, correlation, and alerting. They told a tale that I have heard so many times, all I could do was sit there and nod my head sympathetically. They described a failed SIEM (Security Information and Event Management) implementation that they had recently gone through. After hearing the tale and asking several questions, I discovered that the vendor had not bothered to LISTEN to the IT staff before suggesting a SIEM product and proceeding with implementation.

Get in Touch

192 Richmond Hill Ave Suite 18
Stamford, CT 06902

(800) 634-5516

sales@thepinnaclegroup.com

Follow us  linkedin  facebook  twitter-2