Anchor Cyber Blog

Building Cyber Defenses, CIS Control 5: Controlled Use of Administrative Privileges

Posted by Dwayne Stewart on Mar 14, 2018 3:24:04 PM

3:30 min read
A compromise of any account is a problem, but it's especially serious when an outsider gains access to an administrative account. An intruder with full control of a device, website or database and can do serious damage. CIS Control #5’s message is to apply strict control to the level of access that end-users have to network resources, ensuring that each user is granted just the necessary access required to perform their job duties.

Read More

The Vampiric, Voracious, and Probably Preventable, Vulnerability

Posted by Brian Nelson on Mar 13, 2018 11:17:03 AM

1:30 min read
As the pace of security breaches continues to accelerate, a common thread in most breaches is the exploitation of a technical vulnerability--in either the operating system or an application running on top of the operating system. Just in the past two years at Anchor Technologies every breach investigation we have been a part of wasassociated witha known technical vulnerability. The epic Equifax breach was of a technical vulnerability that was public knowledge for months prior to the breach. An annual vulnerability assessment is no longer sufficient to protect your organization.

Read More

Building Cyber Defenses, CIS Control 4: Vulnerability Assessment & Remediation

Posted by Dwayne Stewart on Mar 9, 2018 2:40:50 PM

3:30 min read
Vulnerabilities on Internet connected systems are targeted on a daily basis. The fourth CIS control addresses the need to keep them protected. "Continuous Vulnerability Assessment and Remediation" addresses keeping up with and fixing newly discovered security issues.

Read More

Building Cyber Defenses with CIS Controls: #3 Secure Configurations

Posted by Dwayne Stewart on Feb 20, 2018 1:53:16 PM

3:30 min read
The first two CIS Controls for Internet security address keeping an inventory of hardware and software. The third CIS Control deals with secure system configurations. Its central principle is that a strict process for change control and configuration management is necessary to prevent attackers from exploiting poorly set up hardware and software. The road inside should be a less navigable path for those coming from the outside.

Read More

Know and Control Your Software

Posted by A Lee Taylor on Feb 15, 2018 12:44:05 PM

hands installing authorized unauthorized software on computerWondering how to go about implementing or integrating Control 2 with your current system set up? We're partners with Tenable and Ted Gary's blog post about this specific CIS is especially apt. 

Read More

Building Cyber Defenses with CIS Top 5 Controls: #2-Inventory of Authorized & Unauthorized Software

Posted by Marian Bodunrin on Feb 13, 2018 2:30:35 PM

4:00 min read
The first of the CIS Controls for internet security is taking an inventory of authorized and unauthorized devices/hardware. The second CIS control is so similar it’s natural to wonder why it was granted its own control: an inventory of authorized and unauthorized software. The purpose and some of the methods are similar, but software is more fluid than hardware. Adding software is common, updates are necessary, and vulnerability reports can require reassessing existing software.

Read More

On a Path to Protection? Discover Your Devices.

Posted by A Lee Taylor on Feb 9, 2018 2:43:36 PM

3:00 min read
When an inventory of authorized and unauthorized devices seems daunting, a first step is a comprehensive approach to AdobeStock_106527720.jpegmapping what's there. There are tools that can fundamentally help. One of our partners, ForeScout, has found that "what is often lacking, though, is the clear direction as to what “improving security” actually entails". Following a well-known framework, the CIS Controls, provides this guidance. More from their blog....

Read More

Building Cyber Defenses with CIS Top 5 Controls: #1-Inventory of Authorized & Unauthorized Devices

Posted by Dwayne Stewart on Feb 6, 2018 3:11:58 PM

4:00 min read
The CIS Controls provide a clear and elegant, if not always simple, framework for a cybersecurity plan. From the Center for Internet Security, the top 5 in order of priority:

Read More

Building a Security Awareness Program? Consider This.

Posted by A Lee Taylor on Feb 2, 2018 10:24:23 AM

3:35 min read
When the training of employees becomes your next step in securing the organization against human risk, where do you begin? We've choosen to partner with Wombat because of a storied history of helping with just that. Take a look at a few of the considerations from their blog.....

Read More

The Threat Within

Posted by A Lee Taylor on Jan 25, 2018 1:32:13 PM

3:00 min readrow upon row of blue human figures with light shining on lone red insider threat figure
Insider threats are a hidden and yet obvious peril. They are human security risks to an organization’s cybersecurity from those who have authorized access to the company's data and computer systems. They are the biggest cause of security breaches in companies. They are also difficult to deal with and costly to remediate.

Read More

Cybersecurity news,
tips and tricks written
by experts for you

This blog will provide a series of short postings which will provide a quick view into the latest and most relavant security issues, vulnerabilities and tips for you to focus on. It ssaves you from searching dozens of other pages to determine what information is more relavant and needs to be focused on first.


  • Check back weekly
  • Sign up for our newsletter
  • Patch consistently and often

Subscribe to Email Updates

Recent Posts