What the Capital One Breach Shows Us About Cloud Workload Protection

What happened?  Many of us woke up to the news that the data of 100 million people were exposed when Capital One’s Amazon servers were breached by Seattle-based hacker.   While information about the specifics of the breach may never be known by the public, this staggering data loss is exceptionally instructive for organizations moving critical […]

Achieving AWS Compliance: Considerations for IT and Cloud Security Teams

Most every IT organization has wrestled with achieving regulatory compliance, meeting auditors requirements, and reporting to management and other stakeholders.   Moving workloads to the cloud introduces new wrinkles to an already thorny set of problems. For organizations moving to the Amazon cloud, it’s critical that they understand their new and changing issues and responsibilities associated […]

Improving OSSEC Manageability, Security, and Compliance with Atomic Enterprise OSSEC

With more than 500,000 downloads per year and hundreds of thousands of active installs, OSSEC is the world’s most widely used open source host-based intrusion detection system (HIDS).  OSSEC is used by organizations in virtually every industry and geography to meet critical security and compliance requirements both on-premise and in the cloud. The open source […]

Leveraging OSSEC for Cloud Compliance and Security

Moving to the cloud presents a host of security and compliance responsibilities for enterprise security and IT teams.  While cloud providers handle hardware and infrastructure, cloud workloads themselves must be secured by the enterprise. Traditional on-premise controls and network security don’t work in the perimeter-less virtual environment of the public cloud. OSSEC offers a free […]

Podcast: What Are Cyber Security Red Teams and Why They Exist

Cyber Security Red Teams have become a common tool for testing enterprise cyber security. They attempt to penetrate security defenses as if they were hackers. Red Teams are motivated to be creative and determine the best way to circumvent security measures in place, sometimes by any means possible. Mike has been red teaming since the […]

Podcast: Why Do Hackers Hack? It’s Not Why You Think

Why do hackers want to break in? It’s a question that has been asked in lots of different ways. From why would they want to? Why would they care? And this is a really good question to ask yourself and to try and understand because often times people tend to look at what they’re protecting […]

Podcast: What Is Virtual Patching and How Can It Enhance Security

Virtual patching is a way of implementing a security policy to eliminate or mitigate a vulnerability. It is not actually patching, but is a way to do something quick and external to the application. Why not just use a patch? Sometimes there is no patch available and other times speed is of the essence. And, […]

Podcast: What Are SQL Injection Attacks?

SQL Injection Attacks are a method for taking advantage of flaws in the way an application is written. In particular, they exploit application vulnerabilities that offer direct access to databases. Mike Shinn, CEO of Atomicorp, has employed SQL injections in cyber security Red Team exercises and built countermeasures that defend against them. In this week’s […]

Podcast: Common Vulnerabilities and Exposures or CVEs Explained. What They Are and How They’re Used

The Common Vulnerabilities and Exposures (CVE) system is a critical tool for the cybersecurity industry. CVEs provide consistency in naming and clarity on the nature and impact of various vulnerabilities. In this week’s Linux Security Podcast, Atomicorp CEO Mike Shinn discusses the origin and management of the CVE process, how it’s used by cybersecurity professionals […]

Podcast: Efail Vulnerability and Its Impact on Encrypted Email

The Efail vulnerability has been in the news and has many people rushing to remove encryption from their email clients. The security vulnerability does impact S/MIME and PGP users, but only a subset. That means a lot of people are removing encryption from their email unnecessarily and putting themselves at risk. Atomicorp CEO Mike Shinn […]