Datashield recommends patching any Microsoft Exchange servers due to the recently released series of vulnerabilities, CVE-2021-26855 in particular, and the evidence of this exploit being utilized in the wild. An unauthenticated attacker can compromise the server and obtain access into the network. There is no current mitigation besides patching the affected Exchange servers. Datashield has deployed some initial detections for this CVE, but is still evaluating and creating new detections as we gather more information.

A penetration test or pen test is a simulated cyber-attack against computer systems, application systems, and IT infrastructure to discover loopholes. These simulated cyber-attacks come in diverse forms with the intent of breaching a system through its servers, web or mobile applications, and other endpoints. The purpose of pen testing is to discover exploitable vulnerabilities in a controlled setting before cybercriminals take advantage of them.

SolarWinds Log Event Manager and Splunk Enterprise Security are two of the top security information and event management tools. Both SIEM solutions differ but offer high-performing features that simplify threat detection and response within expansive networks.

SOAR is an acronym thrown around a lot within the cybersecurity industry, but what does it really mean? SOAR stands for Security Orchestration, Automation and Response.

On January 26th, 2020, Mimecast released an updated statement about the compromise first published on January 12th 2020.

Microsoft Defender for Endpoint, formerly known as Microsoft Defender Advanced Threat Protection, provides enterprise-level protection to endpoints to prevent, detect, investigate, and respond to advanced threats.

Zero Trust security concept is a model and framework developed by former Forrester analyst John Kindervag in 2010. Since then, the Zero Trust model is widely adopted, with leading researchers at Gartner, Microsoft, and Google all developing and implementing their variations of Zero Trust frameworks while keeping the core concept intact.

Contrary to popular beliefs, an insider threat is not always a security risk within an organization's immediate perimeter. Current employees and managers aside, an insider threat could be a former employee who had access to specific information, a third-party consultant, or a business partner.