All about Virtualization and Cloud Security | Recent Articles:

Advanced Persistent Threats (APTs) are sophisticated, stealthy attacks designed to gain access to an organization’s network systems over a long period of time in order to covertly steal sensitive information or drain financial resources. 

• EDR and MDR represent two viable paths to achieving successful security defense
• Internal teams use EDR tools to launch investigations and guide remediation actions
• MDR brings professional cross-skilled security analysts and proactive threat hunters
• Security tipping point is determined by gaps in time, skills, efficiency and outcomes

• Efforts have long been underway to create more advanced cryptography, and the market appears ready to deploy these solutions
• Promising new approaches include quantum key distribution, biometrics encryption, and homomorphic encryption

This is the second of a 3-blog series on Practical Cyber Resilience. In the first part, I covered the four key characteristics (or guiding principles) of cyber resilience. In this blog we will review the main objectives and 5-step Cyber Resilience Analysis methodology, as defined by the NIST Special Publication 800-160, Developing Cyber Resilient Systems.

• Attack wiped out 1200 of a company's 1500 Microsoft Office 365 accounts
• Always revoke the access rights of former employees and contractors

• 53% of Web traffic is now cloud-related, a 20% year over year increase.
• 61% of all malware is directly delivered via the cloud.
• Malicious Office documents represented 17% of all malware detected.

• Analysts expect the global IoT market to grow from about $212 billion in 2018 to about 1.3 trillion by 2026
• Unfortunately, these devices often ship with security flaws, poor API management, and lack efficient ways to provide security updates
• Special Publication 800-213 helps federal agencies understand how IoT devices can impact the network and information security risks within their organizations

Bitdefender data suggests IT teams face murky waters in 2021, as the disruptive shift to remote work and cloud-based operations continues to create security blind spots attackers can exploit. With the SolarWinds breach sending ripples well into the future, supply chain attacks are top of mind. Now is the best time to consider a truly robust cybersecurity tool stack, as no technology layer can prevent attacks that silently climb the supply chain ladder.

• Mistaken assumptions about smart home cybersecurity lead to more problems
• We put much trust in a particular IoT device, but we don't secure it enough
• There's always a solution, no matter the security issue

We understand the public announcement of several critical zero-day vulnerabilities in Microsoft Exchange server is concerning for our customers. This communication details how Bitdefender is responding to ensure customers are protected and provides recommended mitigation steps you can take against this threat.

Add four more awards to Bitdefender’s growing trophy case! This week AV-TEST, one of the most respected independent testing organizations in cybersecurity, awarded Bitdefender with four Best Protection awards.

• Have we reached a tipping point where providing for your own cyber-defense no longer makes sense?
• Could you achieve better overall security outcomes by partnering with a top MDR service provider?
• Have you considered the critical decision factors that could tip the balance between EDR and MDR?
• Do you know which questions to ask when considering a prospective MDR service provider?

• More people are using wearable devices such as smartwatches, in part because of the work-from-home model
• These devices store growing volumes of personal data and in many cases are connected to corporate resources, presenting potential security risks

Filling positions in the information technology career field, particularly in cybersecurity, can present unique challenges. Companies and organizations have realized the vital role cybersecurity plays in daily operations, including protection of company assets from cybercrimes such as DDoS attacks, ransomware, and advanced phishing campaigns. Skilled cybersecurity professionals are being recruited to alleviate these risks and take measures to prevent breaches. Finding suitable candidates can prove difficult, as interviewers must account for the candidate’s analytical and technical skills and determine if the individual would be a good fit for the team and culture. This blog will explain how Bitdefender’s Security Operations Center (SOC) approaches this common challenge by focusing mainly on candidates’ analytical and problem-solving skills.  We will also address our views on questions of technical and cultural fit.

• 83% of employers now say the shift to remote work has been successful for their company, compared to 73% in a prior survey.
• Less than one in five executives say they want to return to the office as it was pre-pandemic.
• Enterprises are going to have to balance convenience and security over the long haul.

• Be the voice of authority by tracking market trends for your audience
• Connect content with action; help them see the why and how to act
• Failing to respond to mark shifts can have devastating consequences

This blog post was authored by Michael Reeves, CISSP, Cloud and MSP Security Architect

• Bitdefender's telemetry shows a huge disparity in the number of culpable operating systems
• Learning from available security-related data is a necessary step to strengthen the IoT industry
• The current state of IoT security requires an outside security solution that acts an equalizer