Academy

What is the NIST 2.0 Framework? | SSH

Admin — Fri, 23 Feb 2024 12:58:19 GMT

NIST, the National Institute of Standards and Technology of the U.S. Department of Commerce, recently published a public draft of the new NIST Cybersecurity Framework (NIST CSF or NIST Framework) - version 2.0.

NIST helps businesses to better understand, manage, and reduce their cybersecurity risk and protect their networks and data.

The original NIST Framework (as well as the updated NIST 2.0 Framework) is voluntary and gives businesses an outline of the best practices for cybersecurity. The NIST Framework has been used widely to reduce cybersecurity risks since its initial publication in 2014, and many organizations use the NIST CSF as an effective framework for addressing cybersecurity risks.

Understanding the Digital Operational Resilience Act (DORA)? | SSH

Admin — Mon, 19 Feb 2024 09:21:56 GMT

The Digital Operational Resilience Act (Regulation (EU) 2022/2554) offers a solution to a pivotal problem in the EU financial regulation.

DORA aims to standardize regulations concerning operational resilience within the financial sector, encompassing 21 diverse financial entities. It addresses key areas such as ICT risk management, incident management and reporting, testing the operational resilience of ICT systems, and the oversight of ICT third-party risks.

What is Privileged Identity Management (PIM)? | SSH

Admin — Tue, 19 Dec 2023 12:14:05 GMT

Privileged Identity Management (PIM) is the practice of securing and managing privileged accounts. It enables people to manage, control, and monitor access to important resources in their organizations.

Organizations want to minimize the number of people who have access to secure information or resources because that reduces the chance of a malicious actor getting access or an authorized user inadvertently impacting a sensitive resource. An organization may implement PIM via a specialized, standalone tool or a set of tools and processes.

What is Identity Governance and Administration (IGA)? | SSH

Admin — Tue, 19 Dec 2023 07:30:27 GMT

Identity Governance and Administration (IGA) is also known as identity security. It is at the heart of IT security operations, enabling and securing identities for users, applications, and data. IGA provides automated access while at the same time managing potential security and compliance risks.

Microsoft Azure AD expands into Entra ID: All you need to know | SSH

Admin — Wed, 13 Dec 2023 10:13:50 GMT

Microsoft recently shared some big news. They have launched a new version of Azure AD, renaming the product into Entra ID. Microsoft says they wanted to simplify their product naming and unify their product family.

Entra ID is a cloud-based identity and access management solution that helps organizations secure and manage identities for hybrid and multi-cloud environments. Entra is an umbrella term for all things related to identity and access in the M365 environment. Entra ID has the same managing and protecting capabilities as Azure AD. But with two new products added to Entra ID, Microsoft is dipping its toes into the SSE world.

What Is the Industrial Internet of Things (IIoT)? | SSH

Admin — Tue, 22 Aug 2023 11:01:26 GMT

The Industrial Internet of Things (IIoT) refers to applying the Internet of Things (IoT) in industrial sectors. IIoT enables industries to manage and control complex manufacturing environments and processes.

IIoT consists of smart devices and sensors that monitor machinery or applications, the networks between the devices, and their connections. These devices collect data related to the machinery or production processes and deliver it to the cloud and/or servers. The smart devices can also be controlled remotely via a connection run over the internet.

IIoT is focused on machine-to-machine (M2M) communication, machine learning, and big data, enabling industries to be more efficient and operate on a much more reliable level.

What is a Secure Email Gateway (SEG)? | SSH

Admin — Thu, 20 Jul 2023 08:56:24 GMT

Secure Email Gateways (SEGs), or Email Security Gateways, are made to filter out malicious email traffic and only deliver non-threatening emails. Are they always effective and enough to protect you from cyberattacks? Not completely.

Read more about Secure Email Gateways, why they are not always trustworthy, and how organizations can protect themselves better from email-based cyberattacks.

What is Email Phishing? | SSH

Admin — Thu, 11 May 2023 13:13:48 GMT

The term “phishing” comes from the word fishing, because the term describes a scenario in which scammers are fishing for sensitive information by appearing as a trusted authority, like a legitimate official company or a high-status employee. Email phishing is the most common type of phishing.

Email phishing is a form of scamming used by online attackers who send vicious emails to intentionally deceive people into believing a fraud. These attacks aim to manipulate email receivers into handing over sensitive data such as financial information, business secrets, login information, or system credentials. The most commonly used technique is to manipulate people by creating a sense of fear and urgency to perform an action, like clicking a malicious link or downloading a file containing malware.

Additionally, email phishing is a social engineering technique. Social engineering is used by online attackers with the aim to understand user behavior, so they can create manipulative techniques and subsequently scam people. The goal of social engineering is to direct and manipulate users into acting without thinking about their actions.

What is Break-Glass Access? | SSH

Admin — Thu, 06 Apr 2023 10:47:18 GMT

When deploying an access management solution, like a privileged access management (PAM) tool, businesses often require a “back-up” access capability that would allow a user or users to access their system even in case of an emergency, when the deployed PAM tool is unavailable to provide access in a regular way. This type of emergency access is called break-glass access.

Protect yourself against Business Email Compromise attacks | SSH

Admin — Wed, 29 Mar 2023 07:58:29 GMT

Business Email Compromise (BEC) has become one of the fastest-growing cybercrime threats in recent years, with businesses of all sizes and industries being targeted. Cybercriminals are also becoming more sophisticated in their tactics and techniques, increasing the threat of BEC.