Digging in: Why Root Cause Analysis is Crucial in IR

root cause analysis cyber security

by Paul Caiazzo The primary objective of investing in cybersecurity controls is to prevent security incidents. However, no control is perfect – cyberattacks happen and data breaches, unfortunately, occur in the presence of even the most rigorous information security programs. In fact, more than 3.2 million records were exposed in the 10 biggest data breaches in the […]

Got Patch?: Why Patch Management is Important for Cyber Security

Why Patch Management is Important for Cybersecurity

by Paul Caiazzo An effective patch management strategy is one of the foundations of an organizational cyber security strategy. However well understood this may be in theory, many organizations struggle to implement a good patch management program. In this post, we discuss the importance of strong patch management, patch management best practices, and how to […]

Cloud Security Using Defense in Depth

Cloud Security Using Defense in Depth

by Paul Caiazzo Many companies assume cloud security for their data falls under the responsibility of their cloud service provider (CSP): That this entity has adequate tools, policies and procedures in place for protecting the data with which they are entrusted. While this is true to some extent – certain controls within a comprehensive cloud […]

Monitoring Telework Security with Disappearing Network Perimeters

Monitoring Telework Security in a World with Disappearing Network Perimeters

by Paul Caiazzo Many organizations’ security monitoring infrastructure is based upon the assumption that most employees are connected directly to the corporate LAN. By collecting data from Active Directory domain controllers, the perimeter firewall, server and workstation event logs, endpoint protection logs and other key on-premises based data sources an organization can maintain a high […]

Using MITRE ATT&CK Framework for Beyond-Checkbox Cybersecurity

Using MITRE ATT&CK Framework for Beyond-Checkbox Cybersecurity

by Paul Caiazzo What is the MITRE ATT&CK Framework? MITRE’s Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) framework is a threat-focused tool bringing together information about the tactics, techniques and procedures (TTPs) adversaries use to compromise their targets. The goal of the framework is to collect all relevant and available information about the TTPs Advanced […]

CISO Advice: Operating to a Cybersecurity Gold Standard During Crisis and Beyond

Virtual CISO (vCISO)

by Paul Caiazzo As we talk to our customers during this time, questions regarding this unprecedented situation understandably arise: Is Avertium able to stay up and running during the outbreak? How is Avertium ensuring data protection at the highest level when attacks have increased, and employees can’t physically report to work? Avertium’s ability to protect […]

Avertium COVID-19 Preparedness and Response: An Open Letter from CEO Jeff Schmidt

To our Avertium customer and partner community, With the developing coronavirus (COVID-19) situation worldwide, Avertium has actively taken steps to safeguard the health of our employees, mitigate the spread of the virus in the communities to which we are members, while ensuring the continuity of our operations and maintaining consistently high levels of service to […]