The mobile threat landscape is constantly evolving, with advanced threats like CryptoChameleon emerging all the time. To effectively combat these challenges, organizations need a comprehensive solution – and that’s where combining Mobile Threat Defense (MTD) and Mobile Device Management (MDM) comes in.  While MTD can identify potential threats on mobile devices, it often lacks the capability to take proactive measures to address them once they’ve been identified. Organizations still need a way to manage and secure their devices throughout their lifecycle, from initial enrollment to decomm ..read more

Effective security and vulnerability management is crucial to safeguard organizations from ever-evolving cyber threats. At the core of these practices lies the Configuration Management Database (CMDB), a powerful resource that offers a centralized view of an organization's IT infrastructure. The CMDB plays a pivotal role in upholding robust security and vulnerability management strategies – empowering organizations to proactively identify, evaluate and address risks to their IT systems and data. What is a CMDB and why is it important? The CMDB is a vital resource for organizations aiming to fo ..read more

The concept of Secure by Design, which means designing software with security built in before it leaves the drawing board, is fundamentally changing how software is developed.    Software has often been designed with what’s known as “bolt-on security,” added after products are developed. But that means security is not inherent within the solution. Where there's a conjunction between the core product and a bolt-on, that’s an inflection point for an attack.  That’s why a software provider’s commitment to Secure by Design principles has become so important – and why Ivanti was the ..read more

Microsoft, Google, Mozilla and Adobe all have releases on the July 9, 2024, Patch Tuesday. Microsoft resolved 142 CVEs across five products, Mozilla resolved 16 CVEs in Firefox and Adobe resolved seven CVEs across three updates. Google Chrome is expected to release on or just after Patch Tuesday as well. Microsoft is reporting two known exploited and two publicly disclosed vulnerabilities. The known exploited vulnerabilities are both in the Windows OS along with one of the two disclosures. The other disclosure affects .Net and Visual Studio. Microsoft updates Microsoft has resolved a spoofing ..read more

A new front has opened in American national security. It is being fought in cyberspace, and private businesses in critical industries like energy, healthcare, water and financial services are on the frontlines.   This was the message delivered by Congressman Mark Green (R-TN-7) and Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA) at a business roundtable in Nashville, Tennessee, this week. I was privileged to attend, along with other business executives, to discuss the cybersecurity challenges we face from nation-state attacks. A primary theme was ..read more

Apple declarative management introduces a shift from the traditional command-based model to a more autonomous and flexible framework. This approach aims to improve the efficiency and responsiveness of managing Apple devices. The components of Apple declarative management — declarations, assets, predicates and status channels — work together to create a more efficient, scalable and responsive MDM framework. Declarations define the desired states; assets provide the necessary resources; predicates enable context-aware policy application; and status channels facilitate efficient communication. By ..read more

Cloud-based solutions like Ivanti Neurons offer your organization the latest capabilities, scalability and flexibility for software security and endpoint management. To maintain the most modern portfolio of solutions possible, Ivanti announced the retirement of Ivanti Workspace Control (IWC) on Jan. 31, 2024.   That decision was rooted in our dedication to your success and the pursuit of innovation. Ivanti chose to discontinue IWC because Ivanti has a cloud-first strategy – and User Workspace Manager (UWM) is natively better suited for cloud deployment. As both products have similar ..read more

This month is a much milder Patch Tuesday compared to the zero-day lineup from last month.   Looking at CISA’s KEV Catalog from the end of May up to Patch Tuesday, there was another Chrome zero-day (CVE-2024-5274) on May 28; Justice AV Solutions (CVE-2024-4978) on May 29; a Linux Kernel Use-After-Free vulnerability (CVE-2024-1086) on May 30; an Information Disclosure vulnerability in Check Point Quantum Security Gateways (CVE-2024-24919) on May 30; and most recent, but also an interesting blast from the past, a command injection vulnerability in Oracle WebLogic Server OS (CVE-2017-35 ..read more

With the latest changes in regulations and laws, and with cyberattacks becoming more sophisticated, costly and frequent, it’s unavoidable: You must rethink basic cyber hygiene for your organization. Today, effective cyber hygiene requires you to plan and carry out regular and consistent actions to not only meet current challenges but also to keep pace with a threat landscape that is always evolving. The pivot to remote work, cloud computing and mobile devices created new openings for hackers, as will tomorrow’s developments in IoT and other technologies. What constituted basic cyber hygiene no ..read more

With the latest changes in regulations and laws, and with cyberattacks becoming more sophisticated, costly and frequent, it’s unavoidable: You must rethink basic cyberhygiene for your organization. Today, effective cyberhygiene requires you to plan and carry out regular and consistent actions to not only meet current challenges but also to keep pace with a threat landscape that is always evolving. The pivot to remote work, cloud computing and mobile devices created new openings for hackers, as will tomorrow’s developments in IoT and other technologies. What constituted basic cyberhygiene not v ..read more