July 1, 2019 | Posted in GRC and Strategy by Mike Pinch   Privileged Account Management (PAM) is a critical function in a modern cyber security program.  PAM programs have a high fail rate for a variety of reasons, including: Lack of understanding of key risks around privileged accounts Resistance from system administrators due to […]

March 8, 2019 | Posted in Blue Teams, Purple Teams, GRC, and Strategy by Evan Perotti and Mike Pinch   Back in December 2018, MITRE released the first round of its evaluations on EDR tools, including Carbon Black, CounterTack, Crowdstrike, Endgame, RSA, Sentinal One, and Windows Defender.  Specifically, MITRE tested the APT3 threat group (https://attack.mitre.org/groups/G0022/) […]

January 31, 2019 | Posted in GRC and Strategy by Corrin Woodard and Mike Pinch   In December 2018,  the Healthcare and Public Health Sector Coordinating Council (HPH SCC) released guidance, in coordination with the Department of Health and Human Services (HHS), in order to enhance cybersecurity across the healthcare industry. The guidance is a […]

November 29, 2018 | Posted in GRC and Strategy by Mike Pinch   This blog post contains a copy of the questions and comments we’ve submitted to the FDA regarding their latest Medical Device Cyber Security Pre-Market Guidance draft (Link Here).  In our previous blog post, we provided an overview of the draft.  We believe […]

November 8, 2018 | Posted in GRC and Strategy by Mike Pinch   The FDA released draft guidance for cyber security of medical devices on October 18th, 2018, that if instituted, is going to be an enormous change for the industry, including both medical device manufacturers and healthcare providers.  The guidance is aimed at medical […]