Increasing Your IQ Around Attack Surface Reduction

Your Attack Surface Problem Is Really an Asset Management Problem

The foundation of effective security is knowing what you need to protect. Without a full inventory of your Internet-connected assets, you don’t have a clear picture of your attack surface. And that means you can’t identify and remediate exposures. While many organizations today may think they understand their attack surface, the truth is that they don’t because of a fundamental breakdown in asset management and governance.

Continue reading

When attackers need minutes, not hours

When Attackers Need Minutes, Not Hours

Machine-speed attacks mean even brief exposures can be damaging

It has never been more important for organizations to track and monitor their full, global Internet attack surface. Recent research shows that malicious actors can find and attempt to exploit exposures that are up for only minutes. Attackers using sophisticated tools to scan the entire Internet for exposures, coupled with automated, machine-speed attacks can now more easily breach unknown or unmonitored assets, potentially bringing your entire network to a standstill.

Continue reading

Managing Application Side-Effects: An Introduction to Redux-Saga

Source

Before you begin…

This article consists of two parts: first understanding side-effects and how they relate to Redux, and then digging into the fundamentals of Redux-Saga. Feel free to skip to the Redux-Saga section if you are purely interested on jump-starting your understanding of Redux-Saga. But if you are still uncertain about whether Redux-Saga is right for you, then the first part of this article may help you with that decision.

Continue reading

Transition from Monolith to Microservices

Monolith to Microservices Part 3: Our Solution

This post is part of a 3-part series on Expanse’s transition to a Microservices [1] Architecture built on Java and Spring Boot. In this series, we seek to share the issues we faced with the monolithic system, why we think the Spring Boot-based services will address them, and how we are affecting this change, with other technologists who love to design or think about systems.

Continue reading

Shiny Things

Shiny Things: Why Your Certificates Matter

Who really ever wants to be a target? Unless it is of someone’s affection, it is pretty much never a good thing. Especially in the world of cybersecurity. Now don’t get me wrong, it doesn’t take much to attract the attention of someone hacking for fun, profit, or even to make a statement, but sometimes we do things that attract unnecessary attention to ourselves.

Continue reading

Transition from Monolith to Microservices

A Transition from Monolith to Microservices Part 2: Finding a Solution

This post is part of a 3-part series on Expanse’s transition to a Microservices Architecture built on Java and Spring Boot. In this series, we seek to share the issues we faced with the monolithic system, why we think the Spring Boot-based services will address them, and how we are affecting this change with other technologists who love to design or think about systems.

Continue reading

Transition from Monolith to Microservices

A Transition from Monolith to Microservices Part 1: Deciding to Transition

This post is part of a 3-part series on Expanse’s transition to a Microservices [1] Architecture built on Java and Spring Boot. In this series, we seek to share the issues we faced with the monolithic system, why we think the Spring Boot-based services will address them, and how we are affecting this change with other technologists who love to design or think about systems.

Continue reading

If You Leave it They will Come

If You Leave It, They Will Come

The idea of security through obscurity has been universally rebuffed by laymen and experts alike. Even so, it is still widely relied upon in even the most security-aware organizations. But hiding an asset or vulnerability or weakness from people only works for so long. Eventually, people find it. And those people aren’t always the good guys.

Continue reading

Machine speed attacks create new security risks for remote workforce tech

Machine-speed Attacks Create New Security Risks for Remote Workforce Technologies

RDP and other productivity-enhancing tools leave organizations exposed to attacks on their ever-changing attack surface

In a previous post, we discussed advances in technology that have made it possible to scan the entire public Internet much faster than ever before. Because of these advances, the thought that exposures can simply hide on the Internet is no longer true. You may think that your organization isn’t a target for cybercriminals, but the ease through which an exposure can be found opportunistically means that you may end up a victim anyway.

Continue reading

Quantitative Methods for Assessing Cyber Risk - Part 3

Part 3: Quantitative Methods for Assessing Cyber Risk

Accurately model risk to up-level cyber discussions and evolve security postures

Most businesses are very comfortable assessing risk, whether it be from a project failing, market uncertainty, workplace injury, or any other number of causes. But when it comes to cyber security, rigor disappears, hand-waving commences, and analysts pick a color (red, yellow, or green).

Continue reading

Quantitative Methods for Assessing Cyber Risk Part 2

Part 2: Quantitative Methods for Assessing Cyber Risk

Accurately model risk to up-level cyber discussions and evolve security postures

Most businesses are very comfortable assessing risk, whether it be from a project failing, market uncertainty, workplace injury, or any other number of causes. But when it comes to cyber security, rigor disappears, hand-waving commences, and analysts pick a color (red, yellow, or green).

Continue reading