The NIST Cybersecurity Framework (NIST CSF) is a set of guidelines, best practices, and standards developed by the National Institute of Standards and Technology (NIST). Its purpose is to help organizations develop, improve and maintain their cybersecurity strategy. The NIST CSF also includes recommendations for how to detect, respond and recover from security incidents. The NIST Cybersecurity Framework is generally considered to be the most trusted, and comprehensive security framework … Read more The post What is the NIST Cybersecurity Framework? appeared first on Lepide Blog: A Guide to IT ..read more

Privileged accounts are frequently targeted by cybercriminals. They typically try to gain access to a privileged account either by brute-force-guessing the account password or by obtaining credentials via some sort of phishing/social engineering attack. Once an attacker gains access to a privileged account, they can do a lot of damage, which includes elevating their privileges to gain even more access. As they say, “hackers don’t break in, they log in”, … Read more The post What is Identity Security? appeared first on Lepide Blog: A Guide to IT Security, Compliance and IT Operations ..read more

An Intrusion Prevention System (IPS) is a network security solution that is designed to continuously monitor network traffic for malicious activity. An IPS is essentially a more advanced Intrusion Detection System (IDS), which can detect and report on security threats. However, an IPS can also respond to security threats. An Intrusion Prevention System can be installed as a stand-alone solution, either as hardware or software or included as a part … Read more The post What is an Intrusion Prevention System? appeared first on Lepide Blog: A Guide to IT Security, Compliance and IT Operations ..read more

Zero-trust is an approach to network security that stipulates that all users, devices, networks, and applications, verify themselves whenever they need access to critical resources, or whenever it is technically feasible. The Zero-trust security approach was born out of a need for a more holistic way of securing networks that are complex, distributed, and dynamic. Challenges To the Zero-trust Security Methodology The main problem with the zero-trust model is that … Read more The post Zero-Trust Security Challenges appeared first on Lepide Blog: A Guide to IT Security, Compliance and IT Operati ..read more

Chimera ransomware has been around for some time, and while the operation was believed to have been shut down in 2015, it has recently made a come back, with an upgrade that is even nastier than before. Chimera is a Trojan, which means that it cannot spread by itself, but instead relies on its victims to share and install the program. The new strain focuses more on businesses as opposed … Read more The post What is Chimera Ransomware? appeared first on Lepide Blog: A Guide to IT Security, Compliance and IT Operations ..read more

In simple terms, a data security policy describes how sensitive data should be handled, including the logical and physical safeguards in place to keep it secure. A data security policy must be continuously reviewed and updated as technologies, threats, and compliance requirements change. Key Elements of a Data Security Policy Below are the most important elements (or sub-policies) of a data security policy: Acceptable use This policy should outline how … Read more The post Important Elements of a Data Security Policy appeared first on Lepide Blog: A Guide to IT Security, Compliance and IT Oper ..read more

Pretty Good Privacy (PGP) is an encryption standard that uses a combination of symmetric and asymmetric encryption to create a system that is both fast and secure. PGP is primarily used for securely communicating and storing sensitive data, although it is also commonly used for verifying the identity of the sender and the integrity of the data that is sent. PGP has become the de facto standard for email security … Read more The post Complete Guide to PGP Encryption appeared first on Lepide Blog: A Guide to IT Security, Compliance and IT Operations ..read more

As with most other strains of ransomware, Cerber ransomware will encrypt your files, and hold them hostage until a ransom is paid, usually in bitcoin. Once the ransom has been paid, the threat actors will provide the victim with a decryption key, which will unlock their files, assuming they deliver on their promise. The Cerber strain, which was discovered in late February 2016, has now been integrated into a ransomware-as-a-service … Read more The post What is Cerber Ransomware? appeared first on Lepide Blog: A Guide to IT Security, Compliance and IT Operations ..read more

PowerShell was developed so that IT operations and administrative tasks in operating systems like Active Directory could be simplified and automated to save huge amounts of time and effort. PowerShell is able to integrate with services and applications to help administrators get complete control over the management of both clients and servers. With every new update of the underlying framework, PowerShell becomes more advanced, and more features become available. 10 … Read more The post 10 PowerShell Commands to Better Manage Active Directory appeared first on Lepide Blog: A Guide to IT Securit ..read more

When we talk about behavior-based threat detection, what we are essentially pointing to are the threats posed by insiders, and how to mitigate them. In other words, our own employees, whether through negligence or malice, represent the greatest threat to an organization’s assets. What Behaviors Do We Need to Monitor? To address this issue, below are some examples of the types of behaviors that we need to look out for: … Read more The post What is Behavior-Based Threat Detection? appeared first on Lepide Blog: A Guide to IT Security, Compliance and IT Operations ..read more