• COVID-19 Pandemic Stresses the Importance of Business Continuity

    Rich Curtiss, Director, Healthcare Cyber Risk Services, Coalfire

    One of the more critical aspects of organizational risk management is that of Business Continuity.  Many organizations overlook the importance of developing and instituting a Business Continuity Plan (BCP).

    Read more
  • Applied ThreadFix: Automated Vulnerability Exception Reporting

    Dan Cornell, VP, Product Strategy

    One of the most valuable things about ThreadFix is that it centralizes the results of all your testing, assurance, and remediation activities so you no longer have separate silos of data. This is really valuable from a reporting standpoint. If you need to you can drill down into specific parts of your program or the results of different tools or testing activities, but by default you can look across these to understand your program as a whole. Combined with ThreadFix’s extensive APIs, this allows you to automate a lot of analysis and reporting that you would otherwise have to do with laborious manual tasks. No one ever feels like they have too many people on their security team or that their security analysts don’t have enough to do, so ThreadFix helps to tip the scales back in your favor.

    Read more
  • Keeping Privacy Afloat During a Pandemic

    Chalice Beam, Senior Manager, Health & Life Sciences, Coalfire

    The world is navigating uncharted digital waters and facing evolving challenges to maintain patient privacy. Protected Health Information (PHI) is a ship sailing in a sea of digital risks and vulnerabilities. Humans wreak havoc at every turn – not always intentionally – and actions during times of uncertainty will have long-term effects. Read more
  • Aligning Enterprise Cyber Risk and Business Strategy

    Doug Hudson, Senior Director, Cyber Risk Advisory, Coalfire

    Most business leaders have a contextual awareness of cyber risk and the threats facing their organizations. However, this contextual awareness rarely contributes to a clear, consolidated directive that can be applied across the organizations. Further, many organizations struggle to align their cyber risk management initiatives and their organization’s business strategies. This creates operational friction between those responsible for managing enterprise cyber risk and the business leaders’ goal of expanding their market presence, maintaining revenue streams, and developing new products and services. What is needed is an approach that aligns enterprise cyber risk and business strategy in a way that communicates how cyber risk can enable the business to expand its markets, protect revenue streams, and securely develop and deploy new products and services.

    Read more
  • The Basics of Exploit Development 2: SEH Overflows

    Andy Bowden, Consultant, Coalfire Labs

    In this article we will be writing an exploit for a 32-bit Windows application vulnerable to Structured Exception Handler (SEH) overflows. While this type of exploit has been around for a long time, it is still applicable to modern systems.

    Read more
  • What can Application Security Testing add to DevOps programs?

    ThreadFix Team, Coalfire

    The adoption of DevOps practices by organizations to shorten the standard development lifecycle has put new pressure on security teams to keep up with the pace of development within CI/CD pipelines. In order to accomplish this, security teams need to provide better security insights to developers so that fewer vulnerabilities are introduced, those that make it in are detected earlier and they are resolved quickly.

    Read more
  • Applied ThreadFix: Getting the Most Out of Your Training Investment

    Dan Cornell, VP, Product Strategy

    As we talked about in an earlier blog post, secure coding training for developers can be expensive. Knowledgeable individuals who are adept at training are relatively rare. Quality training materials are expensive to develop and maintain. For these reasons, solid commercial instructor-led training offerings tend to have non-trivial price tag. And that isn’t even the real cost of training because you have to look at the opportunity cost for the developers and other attendees of the training classes. What could they have done with that time if they weren’t in the training class?

    Read more
  • Quality is Job One When it Comes to the HITRUST CSF Assurance Program

    Zach Shales, Senior Director, Cloud Infrastructure, Coalfire

    The HITRUST CSF® remains an essential security and privacy controls framework that addresses the multitude of security, privacy, and regulatory challenges facing both public and private sector organizations. As framework adoption increases across all industries, maintaining integrity is crucial, and continuous improvement should always be top of mind with any endeavor. This was HITRUST’s clear intent when they announced the formation of an Assessor Council back in 2016 and a Quality Subcommittee in 2017. Read more

Recent Posts

Post Topics