Security & Compliance

The GDPR comes into effect in less than 75 days, and with fines of up to 4% of your total revenue per infraction, it’s critical to understand your company’s exposure. With the intent of making businesses more accountable for breaches and loss of data, this legislation is being taken very seriously, and organizations are likely to face assessments to ensure their policies are in line with the rules. With the… Read More

Situation On January 29th Cisco published a critical CVE affecting their Adaptive Security Appliance (ASA) line of Next-Generation Firewalls. The vulnerability exists within the XML parser of the ASA Software. Upon initial disclosure, Cisco had not seen attacks in the wild utilizing this vulnerability. However, within the past week sources have indicated that attackers weaponized this vulnerability to some degree. Researchers detected attackers using the vulnerability to DDOS honeypot systems. Problem… Read More

Situation On January 3, 2018, researchers, including those with Google Project Zero, released information on three new vulnerabilities: CVE-2017-5753: bounds check bypass CVE-2017-5715: branch target injection CVE-2017-5754: rogue data cache load They grouped these vulnerabilities under the names “Spectre” (CVE-2017-5753 and CVE-2017-5715) and “Meltdown” (CVE-2017-5754). Comprehensive details on both of these are available at https://meltdownattack.com. Security updates to address these vulnerabilities began releasing before disclosure on January 3, 2018. Security updates are continuing… Read More

Why Do Americans care about foreign complianace standards? Data Protection standards aren’t anything new. The General Data Protection Regulation (GDPR) we’re seeing in the news is a facelift of an existing regulatory directive (95/46EC) that’s been active in the EU since 1995. The reason it’s demanding so much attention now is that while this directive focuses on the EU, it isn’t based or enforced geographically but on the users themselves…. Read More

Security professionals are in demand right now. Entry-level security jobs, according to Corey Wilburn, security practice manager at DataEndure, fall into either an engineer or analyst role. Corey was recently featured in an IT Business Edge article on the five industries leading the Internet of Things revolution.  He was asked his thoughts on the the most in-demand security jobs right now: “An engineer role would be primarily accountable for the… Read More

With the unrelenting pace of technology change and a host of new challenges and opportunities knocking on 2017’s door, CIOs know that risk-taking is par for the course in IT. The Enterprisers Project asked eight technology and business leaders to share how they cope with risks and tips for taking smarter risks in IT. Here’s what our CTO, Shahin Pirooz, had to say in their article: Celebrate Failure “I’ve built my… Read More

DataEndure’s Digital Defense SOC-as-a-Service (SOCaaS) is an ideal solution for companies to augment their own security capabilities. Contact Us to learn more about SOCaaS. Since the turn of the century the evolving state of Cyberwarfare and Cybercrime; technologies, capabilities, and resources, has grown by leaps and bounds.  The concepts of advanced threats, sponsored nation-state organizations, and highly motivated criminal organizations are relatively new, but the use of the internet and the cyber domain… Read More