Deploying and Troubleshooting Compliance Baselines
December 11, 2017, Kyle Snavely, Senior Consultant, Cyber Engineering, Coalfire
If you are in the IT space, you’ve most likely encountered or are bound by some form of regulation/framework such as PCI, HIPAA, FISMA, and/or CGIS. Most of these compliance programs require a hardened baseline to be implemented within your information systems to reduce the risk and impact of an adverse security event. In this post, we’ll take a brief look at building a hardened baseline, examine some tools to assist in a phased approach to deployment, and discuss some common issues that may arise from deploying a system hardening regime.
She Powers Tech
December 01, 2017, Jennifer Tonisson, Partner Marketing Manager, Technology & Cloud, Coalfire
November 28th at the Venetian in Las Vegas, AWS re:INVENT held an important session that could shape the future of technology. The sold-out session, SHE POWERS TECH: Women Supporting Women in Tech, filled a ballroom with 500 women in technology and a few men who were interested in the topic. The impressive line-up of speakers included women in a wide variety of technological fields spanning automotive engineering to technology in fashion.
How Next-Generation Firewall Platforms Help Protect Your Perimeter at Each Stage of the Cyber Kill Chain*
November 16, 2017, Mark Bedell, Senior Consultant, Cyber Engineering, Coalfire
Whether you need to upgrade your firewalls on-premise or in the cloud, next-generation firewalls (NGFWs) can significantly reduce the risks associated with the modern threat landscape. Since attacks have evolved using techniques such as encryption, polymorphism, etc., firewalls have also evolved to protect against some of the most sophisticated attacks. Whether they are deployed as physical appliances or virtual machines, these firewalls are not only “application aware,” but they have become complete threat intelligence managers guarding you against known and zero-day threats.
News and Updates from the PCI Europe Community Meeting
November 06, 2017, Sam Pfanstiel, Solution Principal, PCI, Coalfire
In September, Hurricane Irma forced the PCI SSC to cancel the North America Community Meeting; and the uncertainty of Catalonian independence from Spain may have led some to stay home from the Europe Community Meeting held in Barcelona last week. Nevertheless, the Coalfire team was well-represented in Barcelona. Because there were so many valuable updates, we offer this summary to keep you informed of these important developments in the world of PCI.
Capital One Fraud Seminar Recap
October 26, 2017, Michael Pitcher, Vice President, Technical Cyber Services, Coalfire Federal
Recently, I was honored to be invited as a panelist at a recent seminar hosted by Capital One Spark Business to share some views on fraud prevention and cybersecurity with their customers. I was joined by a few other industry experts, Gerald Glickman, a Manager of Capital One’s Fraud Analysis team, and Jennifer Smith, who led the Cybersecurity and Data Privacy group at the Shulman, Rogers, Gandal, Pordy & Ecker law firm, to round out a diverse group from various parts of the industry. Each of us deal with fraud daily, but we have very different roles: Jennifer on the litigation side, Gerald from inside a bank, and myself from the technical perspective. Read more