<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">
Search:

Cadre Blog

Category: Security

The Shadow Cloud Knows

Author: Tim O'Connor You may have heard of “Shadow IT”. Shadow IT is the term that describes when employees install their own hardware or software without the approval or even the knowledge of the people responsible for supporting, approving, designing or securing an organization’s information technology. These actions cause a laundry list of problems but some of the most serious are sec...

Read More
Category: Security

If your company experiences an information security breach, will customers order from you again?

Author: Tim O'Connor New psychological studies could be a game changer. Damage to reputation and brand name are often some of the most significant hits an organization takes when knowledge of a security breach becomes public. At last peer-reviewed scientific research is starting to provide some guidance into how human psychology reacts to news of a breach and how we might be able use thi...

Read More
Category: Security

Why Security Won’t be the Reason You Succeed, but may be the Reason You Fail

At Cadre, we like to say that security isn’t the reason your company succeeds, but it could be the reason it fails. There’s a lot at risk when a company fails to implement a thorough and successful security eco-system and some companies will never recover from the devastation of a security breach.   What is the true cost of a security breach? It is more than company data and personal inf...

Read More

5 Ways to be Sure You’re not Over- or Under-Solving for Security

Remember the story of Goldilocks breaking into the three bears’ cottage and wreaking havoc? Goldilocks was eager to eat the porridge left by the bears, so she tried the first bowl and soon realized it was too hot. The next bowl was too cold, but the third and final bowl was just the right temperature. It might seem strange to draw lessons about your business’ security practices from a ch...

Read More

Why the Citrix Breach Happened and 6 Steps You Can Take to Protect Your Company

What happened? Citrix, an American software company, disclosed a security breach in which hackers potentially exposed customer data. On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that cyber criminals had gained access to the internal Citrix network. In many cases when dealing with these types of security breaches, one may never receive the full story. Us...

Read More
Category: Security

Did we miss China’s Quantum Sputnik?

Author: Tim O'Connor On October 4, 1957 the Sputnik 1 satellite woke up the world and launched (pun intended) the Sputnik crisis, a period of public fear and anxiety across the Western nations. Until Sputnik 1, the western world had an ingrained bias and view of Russia (USSR) as being technologically inferior. Once Sputnik 1 was launched, it started emitting a radio beacon that could be ...

Read More
Category: Security

Common Security Assessment Questions

Penetration tests and network vulnerability assessments are essential components to a company's information security playbook. Below are frequent questions we receive regarding vulnerability assessments and penetration tests and why they are important. Why should I run a vulnerability assessment or pen test on my network? It’s all about visibility into the unknown.  Good patch management...

Read More
Category: Security

Malware-as-a-Service Empowers Cyber Attackers

Cyber crime is now democratized. In today’s cyber threat landscape, launching a cyber attack is no longer limited to technically savvy hackers. The underground marketplace has made it possible for anyone to become a threat actor. In the second volume of Check Point's 2019 Security Report, we go under the hood of cyber crime. See why Malware-as-a-service has increased, and how it has beco...

Read More
Category: Security

8 Steps to Prevent the Next Data Breach

Sensitive data is being exposed at an alarming rate due to unwanted data breaches. Is your business protected? Recently the Facebook data breach allowed hackers to gain access up to 50 million users, 3 billion users were exposed in the Yahoo! Data breach. The Equifax data breach in 2017 leaked people’s names, social security numbers, birth dates, address and even driver’s license numbers...

Read More
Category: Security

Benefits of Moving to the Cloud

Almost every organization has moved at least part of their operation to the cloud. You can’t browse the Internet or do email without a partial cloud presence. With so many of your competitors flocking to the cloud, you can’t afford to overlook the advantages of migrating more of your operation to the cloud. There are challenges, of course. You need to crunch the numbers, do your research...

Read More
Category: Security

How IaaS (Infrastructure as a service) can cut down your IT spend

IaaS is the first tier of a triad of outsourced cloud services. The top two are PaaS (platform as a service) and SaaS (software as a service). Each “…aaS” involves the customer’s doing less work and the cloud provider taking on more responsibilities for the organization’s IT load.  As the first level of cloud services, IaaS is a resource that provides the servers and storage and the nece...

Read More
Category: Security

Encryption Methods in the Cloud

If you’re going to fly with the eagles in the cloud, you need to be grounded in the best cloud encryption practices. The majority of people know the value of data backup and security. Backup is your insurance against loss; security in the wilds of the cloud is all about encryption. Is your personally identifying and proprietary data in the cloud protected by the best encryption practices...

Read More
Category: Security

Three Wrong Assumptions Business Owners Have About Cloud Security

Moving data and other company solutions to the cloud can pay off in significant ways for businesses. Small and medium enterprises gain by no longer needing to shell out additional money for the costs of maintaining data servers and other expensive software on their premises. Companies that have the most to gain hesitate to make that move because of misconceptions they harbor about the se...

Read More
Category: Security

How to know if your Facebook Account has been Breached

  Watch this video to determine if your Facebook Account has been compromised:      

Read More
Category: Security

If you think Iranian and Russian disinformation memes are designed to change people’s minds and opinions, you might already be deceived!

Author: Tim O'Connor Let me begin by saying I am not an expert on Iranian and Russian disinformation campaigns, although I have been researching them with great interest. What I do have is many years of experience in the information security field and am a practicing stage and parlor mentalist. You may be wondering, what does mentalism have to do with disinformation campaigns? Well, I’m ...

Read More
Category: Security

Talk About Cloud First or Get There Last

By: Phil Swaim There is no doubt one of the greatest innovations in IT of the last 10 years has been the public cloud and virtualization. Being able to deploy resources for storage, computing, and communication with 0 capital expenditure, little risk of failure, little expert technical knowledge required (especially true for SaaS offerings), and a near 0 barrier to entry has provided sta...

Read More
Category: Security

Internal use of SSL/TLS: Risks, Challenges, and Opportunities for Further Consideration

Author: Paul Griggs SSL is a ubiquitous technology introduced in 1994.  The use of SSL, and it’s descendant, TLS, is first and foremost based on established trust.  A trusted authority validates a domain name as belonging to a particular entity.  This trusted authority issues a Certificate to the entity, which is then used to “prove” ownership to any user of the domain. But this model br...

Read More
Category: Security

Your ISP Potentially Knows EVERYTHING that you do through your Internet Connection

  Q. Who knows more about your internet use then Facebook, Amazon or even your browser? A. Your ISP and NOW they can collect and sell your internet usage information! Q. How can you protect yourself? A. Keep reading this blog! Quietly last March, Senate Joint Resolution 34 repealed US broadband privacy regulations that had been in place through the FCC. What does this mean? It means that...

Read More
Category: Security

HID Proximity Access Cards:  Unsafe at Any Speed!

Author: Paul Griggs Many workers are familiar with the venerable HID access card.  You present the card to a badge reader and the door opens.  The badge itself, about the same size as a credit card, identifies the holder to the access control system that controls door access.  But are these badges secure? In the physical lock industry, there is a concept known as a “restricted keyway."  ...

Read More
Category: Security

How to Encourage Your Team to use Stronger Passwords

If you work in any sort of IT/cyber security role, you know it’s imperative to be concerned with hacking. It’s scary out there, especially with increasing reports of organized cyber-criminals going after any sized company, not just the bigger players. As important as it is to create strong firewalls and defend against external threats, one of a company’s biggest vulnerabilities can come ...

Read More
Category: Security

What is Malware?

Malware is a portmanteau of "malicious" and "software". As the name implies, malware is created solely to harm and inconvenience people by corrupting devices and/or data.  Malware runs the gamut of "black hat" software developers wanting a laugh for the wrong reasons to criminal organizations and the intelligence community who want to access their targets' devices and networks to get the...

Read More
Category: Security

Understanding Password Manager’s Risks and Rewards

These last several weeks have brought up a lot of interesting discussions around passwords and password management, both personally and in the enterprise.  This was spurred largely by the news that a Google Project 0 Researcher found many major vulnerabilities in the code of LastPass plugins for Chrome and Firefox, two of the most used web-browsers. When any software is found to have ser...

Read More
Category: Security

When a Technology Becomes a Security Control

As a Chief Information Security Officer (CISO) or Information Security manager, you have to make decisions on how to best mitigate and handle risks for your business.   As with any proverbial cat, there are many ways to skin it. However, technology becomes a great friend to many a security program with promises of providing compliance with regulations and standards, stopping zero-day vul...

Read More
Category: Security

Small Vulnerabilities Can Lead To Catastrophic Results [Part 2]

Not all leaks are the result of malice. In 2006, America On-Line (AOL) negligently published 20 million web queries from over 650,000 of its users. This simple accident resulted in an incalculable amount of brand damage to AOL, and it could have been prevented if AOL had in place a DLP policy that protected sensitive data from being transmitted to their web servers. Often, a data loss ev...

Read More
Category: Security

Small Vulnerabilities can lead to Catastrophic Results [part 1]

When it comes to security, most IT departments focus primarily on network and application security. By now, we've all read news stories about vulnerabilities in various software and are familiar with the importance of preventing unwanted network traffic to important network resources. The importance of best practices in the realms of data loss prevention (DLP), media control, and physica...

Read More
Category: Security

It’s Not Fear Factor, it’s Multi-Factor

What is multi-factor authentication? Multi-Factor Authentication (MFA) is a method used to grant access to a computer or application. Of course the access is only granted after the user has provided a username and two types of authentication methods, i.e., a passcode or in the case of biometrics, a fingerprint. For this to be successful the user must retrieve information from at least tw...

Read More
Category: Security

Encoding, Hashing, and Encryption: What’s the difference?

Encoding, hashing, and encrypting are common concepts applied and discussed when trying to secure data.  Many vendors claim to use strong encryption methods and standards, but it is necessary for a security team to assess whether it really is appropriate. Let’s take a look at the differences between and proper usage of encoding, hashing, and encryption. Encoding To encode something is to...

Read More
Category: Security

Your Single Source for Security Guidance

Your network is important to you and it's critically important to us. Does alignment of business, organizational and technical goals seem impossible to you?  Not to us.  Since 1996, Cadre has been the single source for security guidance, enabling firms to focus on increasing value, efficiency, and productivity. Our team of experienced strategists can help identify the security solutions ...

Read More
Category: Security

Inspecting Encrypted Network Traffic

Encrypted traffic is becoming increasingly prevalent on corporate networks.  By some estimates, over half of the traffic on the Internet will be encrypted by the end of 2015.This poses a problem to organizations who value the security and integrity of their intellectual property and how their employees use the Internet.  Because of limitations of many of today’s network devices, this tra...

Read More
Category: Security

Taking Over Master Membership and Securing VRRP

  Topology: Part 1 (No Firewall Module) Instructions for setup are in the link above. You must install two firewalls and configure VRRP on both of them to act as a cluster.  The first part of this exercise is pure VRRP with no firewall module running. When configured properly, you should have interfaces in Master on one device and interfaces in Backup on the other device. Once the Loki m...

Read More
Category: Security

Breach Mitigation: Will It Take a Village?

No one is immune from data breaches.  We’ve witnessed department stores, hospitals, insurance companies, media giants, dating websites, the federal government and so many others in the news almost daily with yet another breach. This dominated the news in 2014 and in 2015. Breaches have increased.  In fact, we’ve almost become numb to the news reports of yet another data breach or, worse ...

Read More