Mailto and Mailto-2 Ransomware
OVERVIEW In October of 2019, a group of relatively new ransomware strains called Mailto and Mailto-2 were found in the wild. These two ransomware types were also known as “Kokoklock” and “Kazkavkovkiz” where the names have been used interchangeably with no clear definitions at this point of time. This ransomware group gained attention with the […]
Focusing on Big Rocks: A Cybersecurity Strategy for Success
The Big Rocks of Cybersecurity Strategy: As a seasoned cybersecurity leader, I’ve traveled 200,000 miles a year, engaging with CIOs and CISOs worldwide. One common theme resonates with them all: focusing on the “big rocks” of cybersecurity. In this post, we’ll explore what these big rocks are and how Proficio’s Managed Detection and Response (MDR) […]
Exploits in the Wild for Citrix ADC and Citrix Gateway Vulnerability CVE-2019-19781
OVERVIEW In December of 2019, the details of a critical vulnerability affecting certain versions of Citrix Application Delivery Controller (formerly known as NetScaler ADC) and Citrix Gateway servers were publicly disclosed. The Proficio Threat Intelligence Team posted information about the vulnerability and its exploits in our Twitter Feed and issued a security advisory to our […]
Takeaways from the 2019 Data Breach Investigations Report
The 2019 Data Breach Investigations Report was released in December and highlights the many aspects of data breaches and frequency of their occurrence. In review, we find this gives us a great opportunity to reflect on what security teams should focus on in 2020. The Attackers According the report, about 1/3 of attacks originate from […]
Cybersecurity in the Next Decade – Proficio’s Projections for the 2020s
2019 was another busy year for cybersecurity professionals. There were more security incidents than in any previous year, and they included some of the largest breaches of all time. According to Forbes magazine more than 4.1 billion records were compromised. Looking forward to the next decade, we expect cyber defenders to still face many challenges. […]
Goldilocks Security Operations Architecture: Finding the Perfect Balance for Your Security
Organizations today are aware of their cybersecurity risk, but many struggle to determine what is the best way to stay protected. Finding the right balance between using internal resources and outsourced managed services is the key to a successful cybersecurity program. But how do you weigh your need to control technology and operations with the […]
Security Overhaul: Migrating from a Legacy MSSP to a Splunk MDR Service Provider
Why Change? In the early 2000s, when Security Information and Event Monitoring systems (SIEMs) came onto the market, they were often expensive and complex to manage. But many organizations were required to collect, analyze and store security logs to meet compliance requirements, and a SIEM was the perfect tool for the job. Today most IT […]
The SOC Dilemma: Build, Buy or In Between?
IT security teams have a very difficult job, with an ever-changing threat landscape and the fact that a cyberattack only has to succeed once for an organization to be negatively affected. At the same time, most organizations are strapped for resources, especially when it comes to training and keeping experienced in-house security staff. A recent […]
Healthcare organizations and the cloud: Benefits, risks, and security best practices
Healthcare organizations are moving their business-critical applications and workloads to the cloud, and while there are many benefits (lower costs, added flexibility and greater scalability), there are also inherent risks that cannot be overlooked. Ensuring organizations’ sensitive data is being monitored and protected (24/7) is key and having analysts who clearly understand security in the cloud is […]
SIEM challenges: Why your security team isn’t receiving valuable insights
Today, many enterprises use security information and event management (SIEM) software to help detect suspicious activity on their networks. However, to be effective organizations need to surround a SIEM with security experts, advanced use cases, threat intelligence, and proven processes to investigate and respond to threats. Misperceptions: Why not set and forget? Since a SIEM […]
When is it Time to Break Up with your #CyberSecurity Services Provider?
A cybersecurity services provider should be a trusted business partner and act as true extension of an enterprise’s in-house security team. However, sometimes organizations are left feeling dissatisfied with the relationship they’ve forged with the services provider they’ve selected. There are several reasons the relationship may not be working out, and therefore it may be […]
What Your Business Needs to Know About How to Comply With the GDPR
Data security is a global problem that crosses all international borders, time zones and currencies. Cyber criminals based in one part of the world can freely target companies or individuals across the globe in a matter of seconds. Therefore, your organization’s cybersecurity posture must be agile and able to monitor, detect and respond to incoming […]
