Meet Federal Information Processing Standard (FIPS) 140-2 and 140-3 Requirements

Posted on by Casey Priester

Federal Information Processing Standard 140-2 (FIPS 140-2) is a requirement for U.S. government organizations and contractors, a government security mandate designed to evaluate and approve encryption solutions serving the federal supply chain. It calls for security by a cryptographic module, and employs a security accreditation program for assessing private sector company security solution capabilities against […]

What Is CMMC and How Can You Rapidly Position to Comply?

Posted on by Casey Priester

As organizations start to think about what their organizations will look like post-COVID, including potential permanent work-from-home situations to support the radical shifts in remote work technology adoption, there is yet another question looming: Are you getting ready for CMMC? Will you be ready? CMMC, or Cyber Maturity Model Certification, is a U.S. Dept of […]

OSSEC for FIM – 6 Whys and Ways to Security and Compliance

Posted on by Casey Priester

Leverage open source security (OSSEC) for file integrity monitoring (FIM), easier compliance, and to accelerate overall enterprise-strength security. 2020’s shift to large-scale remote work and distributed computing forced IT teams to roll out new or expanded services just to keep the business running. 2021 must be about reinforcing security and compliance across this rapidly- and […]

Lessons (and Defenses) Learned From the SolarWinds ‘Sunburst/Dark Halo’ Hack)

Posted on by Casey Priester

The widely reported December 2020 hack of the SolarWinds Orion network performance monitoring system employed a sophisticated series of takeover steps that included backdoors, expired domains, the use of Orion itself as a vector, compromised credentials, and malware implants, all to steal data and compromise systems. The attack, referred to as Sunburst, Sunburst Backdoor, and […]

How to Defend Against Lateral Movement in Windows With OSSEC

Posted on by Casey Priester

You may have started to see greater usage of the term “lateral movement” with regards to cyber attacks. Long a directional and network traffic term, lateral movement now commonly means unauthorized connection and sharing of files between two or more internal endpoints. While an initial breach usually comes from the outside, lateral movement occurs when […]

Posted in Uncategorized | Comments Off on How to Defend Against Lateral Movement in Windows With OSSEC