Cylance and Tanium—both firms are in the billion dollar valuation club, but what does this buy in terms of cybersecurity? Tanium claims 15 seconds to visibility and control, while Cylance combines AI and machine learning with endpoint protection. Let's find out if these security vendors' solutions can give organizations a fighting chance in a digital world fraught with cyber threats.
As the dominant cloud vendor by market share, AWS—in efforts to rein back control of its public cloud ecosystem—has expanded its plethora of built-in console offerings to go head-to-head with leading 3rd party-developed tools. For example, Amazon Inspector now enables native automated security assessments while AWS CodePipeline offers continuous delivery and release automation services, all from within AWS. And for keeping a keen eye on EC2 instances and application, there's Amazon CloudWatch for native monitoring of AWS cloud resources. Let's see how it stacks up against Nagios, the leading open source infrastructure monitoring platform.
When it comes to public cloud offerings, few vendors can hold a candle to AWS and Microsoft Azure's dominance in the infrastructure as a service (IaaS) space. However, neither have offered much in terms of hybrid/private cloud platforms and tools—until now. OpenStack has long filled this void with its open source cloud computing platform, but Azure Stack's arrival may finally spell an end to its dominance in the category.
In our previous piece 10 Essential Steps for Configuring a New Server we walked through some of the best practices to follow when setting up a new Linux server. But how can you tell if your server is setup correctly? More importantly, how can you ensure those initial configurations don’t drift over time? With UpGuard, you can do both at any scale, so we’ve created a policy within our cyber resilience platform to match our 10 essential steps as an example of how we can help organizations control their IT environments.
15 second visibility versus three decades of infosec experience, which will ultimately prevail? Tanium claims it can provide security teams with visibility and control over every endpoint in 15 seconds or less, regardless of network size; Intel Security is of course the venerable McAfee, rebranded/repositioned after being acquired by its current namesake in 2011. Find out how these two compare when it comes to protecting today's enterprises against cyber threats.
Linux admins have relied on the command line to manage their systems since the beginning. While not as immediately intuitive as a GUI, command line interfaces (CLIs) open up the real power of computing with a slew of versatile commands that can be chained together for nearly any purpose. GUIs, on the other hand, are limited to the nearly always reduced functionality developers built into the buttons and screens. This model makes sense, since only some people will need the “advanced” capabilities of the command line, while others perform only a few tasks over and over with a minimum of knowledge about the software. Regular command line users develop a sense of how to best use the commands over time, but with this UpGuard primer, even dabblers can take advantage of some quick tricks using these five basic Linux commands.
Effective cybersecurity these days is a complex and multifaceted affair involving a myriad of approaches: intrusion detection/prevention, vulnerability detection, malware mitigation, security configuration management (SCM), security information and event management (SIEM), patch management, file integrity monitoring (FIM), and more. For most organizations, however, the shortest path of least resistance means deploying a consolidated platform combining a multitude of these approaches. Tenable SecurityCenter Continuous View (CV) and Symantec Endpoint Protection are two such offerings.
Cyber security compliance standards exist to protect devices, data and people connected to the internet from the myriad threats facing them every day. For example, regulations like the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP) standards ensure businesses operating in the power industry follow certain guidelines with regard to cybersecurity in order to keep the service they provide reliable. Typically, devices that fall within the scope of these regulations include computers, network devices, and other network-connected devices, such as industry-specific tools, card scanners, etc. But what happens when everything is connected to the network?
Continuous monitoring is critical for ensuring that IT assets and controls meet business requirements and expectations—constantly assessing and validating them for quality, integrity, and security. This involves not only identifying infrastructure bugs and issues, but also issues with applications and their components. Deteriorating software performance and downtime can be just as devastating to the business as a data breach or security compromise, and is quite often a red flag for cyber attacks in progress. Two leading solutions, Datadog and SignalFx, can help you spot and decipher the smoke signals before your business goes up in flames.
When it comes to compliance, passing audits means providing adequate documentation that you've taken the necessary steps to secure your environment. Sometimes creating this documentation can be just as difficult as enacting the security measures themselves, so software solutions exist that are supposed to streamline the compliance documentation process and make it easy for both companies and auditors to determine compliance. Tripwire offers a compliance solution with their suite of products, while Industrial Defender, now owned by defense contractor Lockheed Martin, offers their Automated Systems Manager (ASM) product.