The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Getting the Most Value Out of Your Phishing Program

    June 27, 2017, Ryan MacDougall, Sr. Security Consultant

    Are your phishing tests worth the money you are spending on them?

    Please don't misinterpret that as suggesting you shouldn't be testing your users. To the contrary, I think you should be testing all your users (executives of all ranks included) on a regular basis. What I mean by that question is; are you really "testing" your users, or are you merely spot quizzing them?

    Read more
  • AWS Public Sector Summit 2017: Cloud Super Powers and Security

    June 16, 2017, Marshall England, Industry Marketing Director, Technology & Cloud

    Coalfire recently returned from the Amazon Web Services (AWS) Public Sector Summit, held in Washington, D.C., which addresses some of the most pressing issues today’s leaders face around security, governance and compliance, and more. While Coalfire has attended the show in the past, we were especially amazed at how strong of a conference this year was. The crowd totaled more than 10,000 attendees – up from 50 at the first Public Sector Summit only eight years ago. This year’s theme was “Super Heroes” and centered on how AWS provides its customers with “Superpowers” such as Speed, Power, Scalability, Durability, Strength and Truth.

    Read more
  • Q&A from P2PE-NESA Webinar for Merchants

    June 05, 2017, Tim Winston, Principal, P2PE/Payment Processors

    The selection of a PCI-listed P2PE solution and determination of expected benefits can be challenging for even the most sophisticated merchants. The introduction of the NESA program can make decisions more difficult. To help guide merchants, Coalfire and FreedomPay held a webinar “P2PE & NESA for Merchants: How PCI P2PE and NESA Can Reduce Your Compliance Burden and Risk”.

    Read more
  • A Growing Symphony of Security Analytics Tools Needs Careful Orchestration

    May 31, 2017, Dave McClure, Chief Strategist, Coalfire Federal

    Security analytics tools available to companies are increasing rapidly. However, cyber incident and vulnerability prevention, detection, response, and recovery times remain significant challenges as the types of attacks and attack vectors increase.  Newer cyber analytics using machine learning are of primary interest because rule-based or signature-based prevention tools struggle to detect or stop advanced cybersecurity threats.  CIOs and CISOs find that they often need to integrate or “orchestrate” existing cyber analytical tools, processes, and data into repeatable, automated workflows to fully support solid security operations activities.  Concurrently, architectural challenges flourish as cloud services, mobile usage and IoT devices rapidly generate increasing amounts of data, new systems endpoints, and network traffic flows. 

    Read more
  • Ransomware: the anatomy of paying a ransom to decrypt hostage files

    May 25, 2017, Bryce Bearchell, Security Consultant

    Ransomware is on the rise and clients seeking to understand the process can learn from this client’s story about being a victim of ransomware as to what can be expected and how to handle a ransomware attack. Recently a company facing a malware infection approached us to help them deal with the encryption of most of their servers across their domain. This also included systems that held online backups - and there was no offline backup solution (that’s a topic for a whole different blog post). The company had discovered a ransom note on their affected systems, along with data files that had been deleted and new files created in the format of <original_filename>.whereisyourfile that appeared to be encrypted.

    Read more
  • Displaying results 1-5 (of 231)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags