ControlScan Blog

Posts Tagged: Network Security



  1. Home
  2. ControlScan Blog
  3. Posts Tagged: Network Security

Sophisticated Attackers Targeting Petroleum Marketers

February 17, 2020Published by

Lately, there has been a wave of cyberattacks specifically targeting the petroleum industry. This is due to a handful of recent successes by the attackers with some very large and well-known brands. Given the success that the attackers had in those environments, they are moving on to other similar and potential targets within the industry and attempting to find additional value to compromise. In this post, I’ll share specifics about how the petroleum industry is being targeted and ways you can protect your network from a potential compromise.

  Read More   

Security Patching: How Fast is Fast Enough?

October 3, 2019Published by

October is National Cyber Security Awareness Month (#NCSAM), and one of the topics I like to bring up is security patching. Just about every IT leader will tell you that timely security patching is a priority for their organization. So why did our latest ControlScan research find that 43% of IT teams are taking more than a week to implement even the most critical of security patches?

  Read More   

3 Cybersecurity Functions That Should Not Be On ‘Autopilot’

April 25, 2019Published by

When cybersecurity coverage gets slim—whether it’s due to a lack of internal expertise or technology capabilities, or both—key business functions tend to go on what I call “autopilot.” Firewalls run using outdated configurations, legitimate security threats go unnoticed, and everyone is just hoping today isn’t the day an employee clicks a bad link and unleashes a crippling malware attack. Learn about the three business functions that should never be put on cybersecurity autopilot, and how to proactively address your organization’s expertise and manpower challenges.

  Read More   

Unapproved Devices on the Network

August 13, 2018Published by

I’ve found myself in this conversation a few times recently, about what determines that a device on the network is “unapproved.” The fact is, the only unapproved devices on your network are those that defeated your security measures to get on it. If you build the network correctly, then you have lists of monitored and unmonitored devices, but not unapproved.The issue at hand is how to identify and account for your monitored and unmonitored devices. With that accomplished, it’s much easier to spot an anomaly that could lead to a breach.

  Read More   

Your Penetration Test Cost is About to Go Up

December 12, 2017Published by

Penetration tests have always had a higher price tag, but their overall cost to you is about to increase in 2018. Here’s what’s changing and how you can keep these costs contained in 2018 and beyond.

  Read More   

It’s Time to Redefine the IT Security Perimeter

June 5, 2017Published by

As an IT security assessment professional, my job is to look at companies’ data security zones and their network perimeter compliance. I am looking at the normal stuff: Firewalls, servers and hardening standards as required by PCI, HIPAA, ISO 27001, etc.Without properly implemented and maintained security technologies in place, it’s impossible to protect your perimeter from compromise. But are you truly clear on what that perimeter is?

  Read More   

New Data Security Warning for FTP Use in Healthcare

April 19, 2017Published by

FTP servers are essential for sharing files and data, but healthcare providers continue to utilize them in an insecure manner. Just last year, the ControlScan Security Consulting team saw this in action within a large healthcare organization. What happens when FTP goes wrong and how can you prevent your FTP server from leaking ePHI? Read on to find out.

  Read More   

Healthcare Data Breaches, Compliance and the HIT “Fear Factor”

January 13, 2017Published by

It’s Friday the 13th and there’s a “fear factor” in health IT. If you don’t know where your HIT organization’s security and compliance weaknesses lie you’re likely feeling that fear—today and every day.But don’t try to fight off cyber criminals with monster spray! Read this blog post and learn how to arm your organization appropriately.

  Read More   

Got Third Party Risk? Ask the Right Questions.

November 15, 2016Published by

Third party relationships make your life easier in a multitude of ways, from streamlining processes, to providing additional human resources, to ensuring operational efficiency. Unfortunately, these relationships also introduce increased business risk related to data security and compliance.If one or more of your third party vendors doesn’t maintain a strong security posture and is consequently compromised, your business could very well end up sharing the burden of recovery. Read this ControlScan blog post for three steps you can take to lessen your business’s third party risk.

  Read More   

How to Make Multi-Factor Authentication Meaningful

October 7, 2016Published by

One of the easiest ways you can protect business accounts from unauthorized use is to incorporate multi-factor authentication, or MFA. But how do you use it in a way that has a meaningful impact on your organization’s security risk reduction efforts?

  Read More   

Cyber Defense and the Unknown Enemy

September 30, 2016Published by

Cybersecurity Unknowns: It’s not the “who” but the “what.” When you stop and think about your business’s IT security, do you often wonder who the unnamed faces are behind the relentless barrage of cyber attacks out there? Everyone has an opinion: “Government target—must be a nation-state” or “Little guy—must be a disgruntled ex-employee.” Our assumptions, […]

  Read More   

Network Security Monitoring Goes Beyond the SIEM

September 22, 2016Published by

Congratulations! Your organization has implemented a SIEM platform for network security monitoring. However, don’t expect it to consume logs and machine data from your environment and effortlessly spit out actionable alarms. In other words, experienced human involvement is necessary to truly realize your SIEM’s benefits.

  Read More   

Take Event Log Monitoring Off the “Too Hard” Pile

July 12, 2016Published by

Event log monitoring—or keeping an eye on your system logs for security and compliance purposes—can be a challenge. Here at ControlScan we see businesses and their IT teams struggling with its implementation and/or maintenance just about every day.

  Read More   

What It Really Takes to be Secure

June 13, 2016Published by


What’s Your Data Security Approach? Growth and change is inherent to any healthy organization, but that positive change can have a negative impact on the security of your organization’s data. Have you considered what it really takes for your organization to be secure? If not, it’s probably time to ask some hard questions, the first […]

  Read More   

The Secret to Making Compliance Suck Less

June 6, 2016Published by

Have you been told your organization needs to comply with certain information privacy and/or security standards, such as PCI, HIPAA, etc.? If so, you may find yourself quickly overwhelmed with all the requirements for bringing people, processes and technology into “compliance.” Yes, compliance can suck.

  Read More   

Next »



Back to Top