Search results

Cloud-native organizations need an efficient and automated way to identify the security risks across their cloud infrastructure. Sergei... Cloud Security CSPM essentials – what you need to know? Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 11/24/22 Published Cloud-native organizations need an efficient and automated way to identify the security risks across their cloud infrastructure. Sergei Shevchenko, Prevasio’s Co-Founder & CTO breaks down the essence of a CSPM and explains how CSPM platforms enable organizations to improve their cloud security posture and prevent future attacks on their cloud workloads and applications. In 2019, Gartner recommended that enterprise security and risk management leaders should invest in CSPM tools to “proactively and reactively identify and remediate these risks”. By “these”, Gartner meant the risks of successful cyberattacks and data breaches due to “misconfiguration, mismanagement, and mistakes” in the cloud. So how can you detect these intruders now and prevent them from entering your cloud environment in future? Cloud Security Posture Management is one highly effective way but is often misunderstood. Cloud Security: A real-world analogy There are many solid reasons for organizations to move to the cloud. Migrating from a legacy, on-premises infrastructure to a cloud-native infrastructure can lower IT costs and help make teams more agile. Moreover, cloud environments are more flexible and scalable than on-prem environments, which helps to enhance business resilience and prepares the organization for long-term opportunities and challenges. That said, if your production environment is in the cloud, it is also prone to misconfiguration errors, which opens the firm to all kinds of security threats and risks. Think of this environment as a building whose physical security is your chief concern. If there are gaps in this security, for example, a window that doesn’t close all the way or a lock that doesn’t work properly, you will try to fix them on priority in order to prevent unauthorized or malicious actors from accessing the building. But since this building is in the cloud, many older security mechanisms will not work for you. Thus, simply covering a hypothetical window or installing an additional hypothetical lock cannot guarantee that an intruder won’t ever enter your cloud environment. This intruder, who may be a competitor, enemy spy agency, hacktivist, or anyone with nefarious intentions, may try to access your business-critical services or sensitive data. They may also try to persist inside your environment for weeks or months in order to maintain access to your cloud systems or applications. Old-fashioned security measures cannot keep these bad guys out. They also cannot prevent malicious outsiders or worse, insiders from cryptojacking your cloud resources and causing performance problems in your production environment. What a CSPM is The main purpose of a CSPM is to help organizations minimize risk by providing cloud security automation, ensuring multi-cloud environments remain secure as they grow in scale and complexity. But, as organizations reach scale and add more complexity to their multi- cloud cloud environment, how can CSPMs help companies minimize such risks and better protect their cloud environments? Think of a CSPM as a building inspector who visits the building regularly (say, every day, or several times a day) to inspect its doors, windows, and locks. He may also identify weaknesses in these elements and produce a report detailing the gaps. The best, most experienced inspectors will also provide recommendations on how you can resolve these security issues in the fastest possible time. Similar to the role of a building inspector, CSPM provides organizations with the tools they need to secure your multi-cloud environment efficiently in a way that scales more readily than manual processes as your cloud deployments grow. Here are some CSPM key benefits: Efficient early detection: A CSPM tool allows you to automatically and continuously monitor your cloud environment. It will scan your cloud production environment to detect misconfiguration errors, raise alerts, and even predict where these errors may appear next. Responsive risk remediation: With a CSPM in your cloud security stack, you can also automatically remediate security risks and hidden threats, thus shortening remediation timelines and protecting your cloud environment from threat actors. Consistent compliance monitoring: CSPMs also support automated compliance monitoring, meaning they continuously review your environment for adherence to compliance policies. If they detect drift (non-compliance), appropriate corrective actions will be initiated automatically. What a CSPM is not Using the inspector analogy, it’s important to keep in mind that a CSPM can only act as an observer, not a doer. Thus, it will only assess the building’s security environment and call out its weakness. It won’t actually make any changes himself, say, by doing intrusive testing. Even so, a CSPM can help you prevent 80% of misconfiguration-related intrusions into your cloud environment. What about the remaining 20%? For this, you need a CSPM that offers something container scanning. Why you need an agentless CSPM across your multi-cloud environment If your network is spread over a multi-cloud environment, an agentless CSPM solution should be your optimal solution. Here are three main reasons in support of this claim: 1. Closing misconfiguration gaps: It is especially applicable if you’re looking to eliminate misconfigurations across all your cloud accounts, services, and assets. 2. Ensuring continuous compliance: It also detects compliance problems related to three important standards: HIPAA, PCI DSS, and CIS. All three are strict standards with very specific requirements for security and data privacy. In addition, it can detect compliance drift from the perspectives of all three standards, thus giving you the peace of mind that your multi-cloud environment remains consistently compliant. 3. Comprehensive container scanning: An agentless CSPM can scan container environments to uncover hidden backdoors. Through dynamic behavior analyses, it can detect new threats and supply chain attack risks in cloud containers. It also performs container security static analyses to detect vulnerabilities and malware, thus providing a deep cloud scan – that too in just a few minutes. Why Prevasio is your ultimate agentless CSPM solution Multipurpose: Prevasio combines the power of a traditional CSPM with regular vulnerability assessments and anti-malware scans for your cloud environment and containers. It also provides a prioritized risk list according to CIS benchmarks, so you can focus on the most critical risks and act quickly to adequately protect your most valuable cloud assets. User friendly: Prevasio’s CSPM is easy to use and easier still to set up. You can connect your AWS account to Prevasio in just 7 mouse clicks and 30 seconds. Then start scanning your cloud environment immediately to uncover misconfigurations, vulnerabilities, or malware. Built for scale: Prevasio’s CSPM is the only solution that can scan cloud containers and provide more comprehensive cloud security configuration management with vulnerability and malware scans. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

The company received an 89 percent Willingness to Recommend score based on reviews AlgoSec Recognized with Established Vendor Designation in 2024 Gartner® Peer Insights™ Voice of the Customer for Network Automation Platforms The company received an 89 percent Willingness to Recommend score based on reviews June 11, 2024 Speak to one of our experts RIDGEFIELD PARK, NJ – June 11, 2024 – AlgoSec , a global cybersecurity leader, today announced it has been named an Established Vendor in the 2024 Gartner Peer Insights Voice of the Customer for Network Automation Platforms. The Voice of the Customer report synthesizes Gartner Peer Insights’ reviews into insights for IT decision makers. The report details that 89% of AlgoSec end-users are willing to recommend its solutions. AlgoSec received a composite rating of 4.3 based on objective reviews by validated users and customers on: Product Capabilities (4.6/5), Sales Experience (4.45), Deployment Experience (4.6/5) and Support Experience (4.5/5). “The expansion of networks from the data center to cloud and SASE architectures adds new levels of complexity that demand next-generation network security to ensure critical business applications don’t expose organizations to added risk. At the same time, orchestration and automation are vital to keep pace in a constantly evolving landscape,” said Avishai Wool , Chief Technology Officer and Co-Founder, AlgoSec. “Gartner’s Established Partner designation underscores AlgoSec’s commitment to guiding organizations on their network automation journey. Our certified framework brings together solid security policies, ongoing training, smart technology investments and collaboration between internal and external stakeholders.” Achieving IT security and compliance goals, at scale, is only possible through extensive integration options, total visibility and intelligent automation. The AlgoSec platform is purposely built to simplify and automate security policy management on-premise and in the cloud. Integrated change management automation monitors if security processes remain effective as organization’s requirements evolve, often resulting in real-time implementation of policy changes vs. days. This level of automation frees up team members and resources to focus on what matters most: ensuring the network is secure. To learn more visit: https://www.algosec.com/products/fireflow/ About the Report Gartner Peer Insights Voice of the Customer for Network Automation Platforms is a document synthesizing Gartner Peer Insights’ reviews into insights for IT decision makers. This aggregated peer perspective, along with the individual detailed reviews, is complementary to Gartner expert research and can play a key role in your buying process, as it focuses on direct peer experiences of implementing and operating a solution. In this document, only vendors with 20 or more eligible published reviews during the specified 18-month submission period are included. About AlgoSec AlgoSec, a global cybersecurity leader, empowers organizations to secure application connectivity and cloud-native applications throughout their multi-cloud and hybrid network. Trusted by more than 1,800 of the world’s leading organizations, AlgoSec’s application-centric approach enables to securely accelerate business application deployment by centrally managing application connectivity and security policies across the public clouds, private clouds, containers, and on-premises networks. Using its unique vendor-agnostic deep algorithm for intelligent change management automation, AlgoSec enables acceleration of digital transformation projects, helps prevent business application downtime and substantially reduces manual work and exposure to security risks. AlgoSec’s policy management and CNAPP platforms provide a single source for visibility into security and compliance issues within cloud-native applications as well as across the hybrid network environment, to ensure ongoing adherence to internet security standards, industry, and internal regulations. Learn how AlgoSec enables application owners, information security experts, DevSecOps and cloud security teams to deploy business applications up to 10 times faster while maintaining security at https://www.algosec.com . Gartner disclaimer GARTNER is a registered trademark and service mark, and PEER INSIGHTS is a trademark and service mark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

Multi-cloud environments create complex IT architectures that are hard to secure. Although cloud computing creates numerous advantages... Cloud Security 3 Proven Tips to Finding the Right CSPM Solution Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 11/24/22 Published Multi-cloud environments create complex IT architectures that are hard to secure. Although cloud computing creates numerous advantages for companies, it also increases the risk of data breaches. Did you know that you can mitigate these risks with a CSPM? Rony Moshkovitch, Prevasio’s co-founder, discusses why modern organizations need to opt for a CSPM solution when migrating to the cloud and also offers three powerful tips to finding and implementing the right one. Cloud Security Can Get Messy if You Let it A cloud-based IT infrastructure can lower your IT costs, boost your agility, flexibility, and scalability, and enhance business resilience. These great advantages notwithstanding, the cloud also has one serious drawback: it is not easy to secure. When you move from an on-premise infrastructure to the cloud, the size of your digital footprint expands. This can attract hackers on the prowl who are looking for the first opportunity to compromise your assets or steal your data. Cloud security solutions include multiple elements that must be managed and protected, such as microservices, containers, and serverless functions. These elements increase cloud complexity, reduce visibility into the cloud estate, and make it harder to secure. For all these reasons, security issues arise in the cloud, increasing the risk of breaches that may result in financial losses, legal liabilities, or reputational damage. To protect the complex and fluid cloud environment, sophisticated automation is essential. Enter cloud security posture management. How to Identify and Implement the Right CSPM Solution 1) It must offer a flat learning curve to accelerate time to value: The CSPM solution can be easy to implement, adopt, and use. It should not burden your security team. Rather, it should simplify cloud security by providing non-intrusive, agentless scans of all cloud accounts, services, and assets. It should also provide actionable information in a single-pane-of-glass view that clearly reveals what needs to be remediated in order to strengthen your cloud security posture. In addition, the solution should generate reports that are easy to understand and share. 2) It must support non-intrusive, agentless, static and dynamic analyses: Some CSPM solutions only support static scans, leaving dynamic scans to other intrusive solutions. The problem with the latter is that they require agents to be deployed, managed, and updated for every scan, increasing the organization’s technical debt and forcing security teams to spend expensive (and scarce) resources on solution management. The best way to minimize the debt and the management burden on security teams is to choose a CSPM that can scan for threats in an agentless manner. It should also perform agentless dynamic analyses on all container applications and images that can reveal valuable information about exposed network ports and other risks. 3) It must be reasonably priced: CSPM is important but it shouldn’t burn a hole in your pocket. The solution should fit your security budget and match your organization’s size, cloud environment complexity, and cloud asset usage. Also, look for a vendor that provides a transparent license model and dynamic security features instead of just dynamic, expensive billing (that could reduce your ability to control your cloud costs). Conclusion and next steps The global CSPM market is set to double from $4.2 billion in 2022 to $8.6 billion by 2027. Already, many CSPM vendors and solutions are available. In order to select the best solution for your organization, make sure to consider the three tips discussed here. Need more tailored advice about the security needs of your enterprise cloud? Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

A Comprehensive Cloud Security Checklist for Your Cloud Environment There’s a lot to consider when securing your cloud environment.... Cloud Security Cloud Security Checklist: Key Steps and Best Practices Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 7/21/23 Published A Comprehensive Cloud Security Checklist for Your Cloud Environment There’s a lot to consider when securing your cloud environment. Threats range from malware to malicious attacks, and everything in between. With so many threats, a checklist of cloud security best practices will save you time. First we’ll get a grounding in the top cloud security risks and some key considerations. The Top 5 Security Risks in Cloud Computing Understanding the risks involved in cloud computing is a key first step. The top 5 security risks in cloud computing are: 1. Limited visibility Less visibility means less control. Less control could lead to unauthorized practices going unnoticed. 2. Malware Malware is malicious software, including viruses, ransomware, spyware, and others. 3. Data breaches Breaches can lead to financial losses due to regulatory fines and compensation. They may also cause reputational damage. 4. Data loss The consequences of data loss can be severe, especially it includes customer information. 5. Inadequate cloud security controls If cloud security measures aren’t comprehensive, they can leave you vulnerable to cyberattacks. Key Cloud Security Checklist Considerations 1. Managing User Access and Privileges Properly managing user access and privileges is a critical aspect of cloud infrastructure. Strong access controls mean only the right people can access sensitive data. 2. Preventing Unauthorized Access Implementing stringent security measures, such as firewalls, helps fortify your environment. 3. Encrypting Cloud-Based Data Assets Encryption ensures that data is unreadable to unauthorized parties. 4. Ensuring Compliance Compliance with industry regulations and data protection standards is crucial. 5. Preventing Data Loss Regularly backing up your data helps reduce the impact of unforeseen incidents. 6. Monitoring for Attacks Security monitoring tools can proactively identify suspicious activities, and respond quickly. Cloud Security Checklist Understand cloud security risks Establish a shared responsibility agreement with your cloud services provider (CSP) Establish cloud data protection policies Set identity and access management rules Set data-sharing restrictions Encrypt sensitive data Employ a comprehensive data backup and recovery plan Use malware protection Create an update and patching schedule Regularly assess cloud security Set up security monitoring and logging Adjust cloud security policies as new issues emerge Let’s take a look at these in more detail. Full Cloud Security Checklist 1. Understand Cloud Security Risks 1a. Identify Sensitive Information First, identify all your sensitive information. This data could range from customer information to patents, designs, and trade secrets. 1b. Understand Data Access and Sharing Use access control measures, like role-based access control (RBAC), to manage data access. You should also understand and control how data is shared. One idea is to use data loss prevention (DLP) tools to prevent unauthorized data transfers. 1c. Explore Shadow IT Shadow IT refers to using IT tools and services without your company’s approval. While these tools can be more productive or convenient, they can pose security risks. 2. Establish a Shared Responsibility Agreement with Your Cloud Service Provider (CSP) Understanding the shared responsibility model in cloud security is essential. There are various models – IaaS, PaaS, or SaaS. Common CSPs include Microsoft Azure and AWS. 2a. Establish Visibility and Control It’s important to establish strong visibility into your operations and endpoints. This includes understanding user activities, resource usage, and security events. Using security tools gives you a centralized view of your secure cloud environment. You can even enable real-time monitoring and prompt responses to suspicious activities. Cloud Access Security Brokers (CASBs) or cloud-native security tools can be useful here. 2b. Ensure Compliance Compliance with relevant laws and regulations is fundamental. This could range from data protection laws to industry-specific regulations. 2c. Incident Management Despite your best efforts, security incidents can still occur. Having an incident response plan is a key element in managing the impact of any security events. This plan should tell team members how to respond to an incident. 3. Establish Cloud Data Protection Policies Create clear policies around data protection in the cloud . These should cover areas such as data classification, encryption, and access control. These policies should align with your organizational objectives and comply with relevant regulations. 3a. Data Classification You should categorize data based on its sensitivity and potential impact if breached. Typical classifications include public, internal, confidential, and restricted data. 3b. Data Encryption Encryption protects your data in the cloud and on-premises. It involves converting your data so it can only be read by those who possess the decryption key. Your policy should mandate the use of strong encryption for sensitive data. 3c. Access Control Each user should only have the access necessary to perform their job function and no more. Policies should include password policies and changes of workloads. 4. Set Identity and Access Management Rules 4a. User Identity Management Identity and Access Management tools ensure only the right people access your data. Using IAM rules is critical to controlling who has access to your cloud resources. These rules should be regularly updated. 4b. 2-Factor and Multi-Factor Authentication Two-factor authentication (2FA) and multi-factor authentication (MFA) are useful tools. You reduce the risk by implementing 2FA or MFA, even if a password is compromised. 5. Set Data Sharing Restrictions 5a. Define Data Sharing Policies Define clear data-sharing permissions. These policies should align with the principles of least privilege and need-to-know basis. 5b. Implement Data Loss Prevention (DLP) Measures Data Loss Prevention (DLP) tools can help enforce data-sharing policies. These tools monitor and control data movements in your cloud environment. 5c. Audit and Review Data Sharing Activities Regularly review and audit your data-sharing activities to ensure compliance. Audits help identify any inappropriate data sharing and provide insights for improvement. 6. Encrypt Sensitive Data Data encryption plays a pivotal role in safeguarding your sensitive information. It involves converting your data into a coded form that can only be read after it’s been decrypted. 6a. Protect Data at Rest This involves transforming data into a scrambled form while it’s in storage. It ensures that even if your storage is compromised, the data remains unintelligible. 6b. Data Encryption in Transit This ensures that your sensitive data remains secure while it’s being moved. This could be across the internet, over a network, or between components in a system. 6c. Key Management Managing your encryption keys is just as important as encrypting the data itself. Keys should be stored securely and rotated regularly. Additionally, consider using hardware security modules (HSMs) for key storage. 6d. Choose Strong Encryption Algorithms The strength of your encryption depends significantly on the algorithms you use. Choose well-established encryption algorithms. Advanced Encryption Standard (AES) or RSA are solid algorithms. 7. Employ a Comprehensive Data Backup and Recovery Plan 7a. Establish a Regular Backup Schedule Install a regular backup schedule that fits your organization’s needs . The frequency of backups may depend on how often your data changes. 7b. Choose Suitable Backup Methods You can choose from backup methods such as snapshots, replication, or traditional backups. Each method has its own benefits and limitations. 7c. Implement a Data Recovery Strategy In addition to backing up your data, you need a solid strategy for restoring that data if a loss occurs. This includes determining recovery objectives. 7d. Test Your Backup and Recovery Plan Regular testing is crucial to ensuring your backup and recovery plan works. Test different scenarios, such as recovering a single file or a whole system. 7e. Secure Your Backups Backups can become cybercriminals’ targets, so they also need to be secured. This includes using encryption to protect backup data and implementing access controls. 8. Use Malware Protection Implementing robust malware protection measures is pivotal in data security. It’s important to maintain up-to-date malware protection and routinely scan your systems. 8a. Deploy Antimalware Software Deploy antimalware software across your cloud environment. This software can detect, quarantine, and eliminate malware threats. Ensure the software you select can protect against a wide range of malware. 8b. Regularly Update Malware Definitions Anti-malware relies on malware definitions. However, cybercriminals continuously create new malware variants, so these definitions become outdated quickly. Ensure your software is set to automatically update. 8c. Conduct Regular Malware Scans Schedule regular malware scans to identify and mitigate threats promptly. This includes full system scans and real-time scanning. 8d. Implement a Malware Response Plan Develop a comprehensive malware response plan to ensure you can address any threats. Train your staff on this plan to respond efficiently during a malware attack. 8e. Monitor for Anomalous Activity Continuously monitor your systems for any anomalous activity. Early detection can significantly reduce the potential damage caused by malware. 9. Create an Update and Patching Schedule 9a. Develop a Regular Patching Schedule Develop a consistent schedule for applying patches and updates to your cloud applications. For high-risk vulnerabilities, consider implementing patches as soon as they become available. 9b. Maintain an Inventory of Software and Systems You need an accurate inventory of all software and systems to manage updates and patches. This inventory should include the system version, last update, and any known vulnerabilities. 9c. Automation Where Possible Automating the patching process can help ensure that updates are applied consistently. Many cloud service providers offer tools or services that can automate patch management. 9d. Test Patches Before Deployment Test updates in a controlled environment to ensure work as intended. This is especially important for patches to critical systems. 9e. Stay Informed About New Vulnerabilities and Patches Keep abreast of new vulnerabilities and patches related to your software and systems. Being aware of the latest threats and solutions can help you respond faster. 9f. Update Security Tools and Configurations Don’t forget to update your cloud security tools and configurations regularly. As your cloud environment evolves, your security needs may change. 10. Regularly Assess Cloud Security 10a. Set up cloud security assessments and audits Establish a consistent schedule for conducting cybersecurity assessments and security audits. Audits are necessary to confirm that your security responsibilities align with your policies. These should examine configurations, security controls, data protection and incident response plans. 10b. Conduct Penetration Testing Penetration testing is a proactive approach to identifying vulnerabilities in your cloud environment. These are designed to uncover potential weaknesses before malicious actors do. 10c. Perform Risk Assessments These assessments should cover a variety of technical, procedural, and human risks. Use risk assessment results to prioritize your security efforts. 10d. Address Assessment Findings After conducting an assessment or audit, review the findings and take appropriate action. It’s essential to communicate any changes effectively to all relevant personnel. 10f. Maintain Documentation Keep thorough documentation of each assessment or audit. Include the scope, process, findings, and actions taken in response. 11. Set Up Security Monitoring and Logging 11a. Intrusion Detection Establish intrusion detection systems (IDS) to monitor your cloud environment. IDSs operate by recognizing patterns or anomalies that could indicate unauthorized intrusions. 11b. Network Firewall Firewalls are key components of network security. They serve as a barrier between secure internal network traffic and external networks. 11c. Security Logging Implement extensive security logging across your cloud environment. Logs record the events that occur within your systems. 11d. Automate Security Alerts Consider automating security alerts based on triggering events or anomalies in your logs. Automated alerts can ensure that your security team responds promptly. 11e. Implement Information Security and Event Management (SIEM) System A Security Information and Event Management (SIEM) system can your cloud data. It can help identify patterns, security breaches, and generate alerts. It will give a holistic view of your security posture. 11f. Regular Review and Maintenance Regularly review your monitoring and logging practices to ensure they remain effective. as your cloud environment and the threat landscape evolve. 12. Adjust Cloud Security Policies as New Issues Emerge 12a. Regular Policy Reviews Establish a schedule for regular review of your cloud security policies. Regular inspections allow for timely updates to keep your policies effective and relevant. 12b. Reactive Policy Adjustments In response to emerging threats or incidents, it may be necessary to adjust on an as-needed basis. Reactive adjustments can help you respond to changes in the risk environment. 12c. Proactive Policy Adjustments Proactive policy adjustments involve anticipating future changes and modifying your policies accordingly. 12d. Stakeholder Engagement Engage relevant stakeholders in the policy review and adjustment process. This can include IT staff, security personnel, management, and even end-users. Different perspectives can provide valuable insights. 12e. Training and Communication It’s essential to communicate changes whenever you adjust your cloud security policies. Provide training if necessary to ensure everyone understands the updated policies. 12f. Documentation and Compliance Document any policy adjustments and ensure they are in line with regulatory requirements. Updated documentation can serve as a reference for future reviews and adjustments. Use a Cloud Security Checklist to Protect Your Data Today Cloud security is a process, and using a checklist can help manage risks. Companies like Prevasio specialize in managing cloud security risks and misconfigurations, providing protection and ensuring compliance. Secure your cloud environment today and keep your data protected against threats. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Over nearly two decades, AlgoSec has undergone a remarkable evolution in both technology and offerings. Initially founded with the... Application Connectivity Management Evolving network security: AlgoSec’s technological journey and its critical role in application connectivity Nitin Rajput 2 min read Nitin Rajput Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 12/13/23 Published Over nearly two decades, AlgoSec has undergone a remarkable evolution in both technology and offerings. Initially founded with the mission of simplifying network security device management, the company has consistently adapted to the changing landscape of cybersecurity. Proactive Network Security In its early years, AlgoSec focused on providing a comprehensive view of network security configurations, emphasizing compliance, risk assessment, and optimization. Recognizing the limitations of a reactive approach, AlgoSec pivoted to develop a workflow-based ticketing system, enabling proactive assessment of traffic changes against risk and compliance. Cloud-Native Security As organizations transitioned to hybrid and cloud environments, AlgoSec expanded its capabilities to include cloud-native security controls. Today, AlgoSec seamlessly manages public cloud platforms such as Cisco ACI, NSX, AWS, GCP, and Azure, ensuring a unified security posture across diverse infrastructures. Application Connectivity Discovery A recent breakthrough for AlgoSec is its focus on helping customers navigate the challenges of migrating applications to public or private clouds. The emphasis lies in discovering and mapping application flows within the network infrastructure, addressing the crucial need for maintaining control and communication channels. This discovery process is facilitated by AlgoSec’s built-in solution or by importing data from third-party micro-segmentation solutions like Cisco Secure Workloads, Guardicore, or Illumio. Importance of Application Connectivity Why is discovering and mapping application connectivity crucial? Applications are the lifeblood of organizations, driving business functions and, from a technical standpoint, influencing decisions related to firewall rule decommissioning, cloud migration, micro-segmentation, and zero-trust frameworks. Compliance requirements further emphasize the necessity of maintaining a clear understanding of application connectivity flows. Enforcing Micro-Segmentation with AlgoSec Micro-segmentation, a vital network security approach, aims to secure workloads independently by creating security zones per machine. AlgoSec plays a pivotal role in enforcing micro-segmentation by providing a detailed understanding of application connectivity flows. Through its discovery modules, AlgoSec ingests data and translates it into access controls, simplifying the management of north-south and east-west traffic within SDN-based micro-segmentation solutions. Secure Application Connectivity Migration In the complex landscape of public cloud and application migration, AlgoSec emerges as a solution to ensure success. Recognizing the challenges organizations face, AlgoSec’s AutoDiscovery capabilities enable a smooth migration process. By automatically generating security policy change requests, AlgoSec simplifies a traditionally complex and risky process, ensuring business services remain uninterrupted while meeting compliance requirements. In conclusion, AlgoSec’s technological journey reflects a commitment to adaptability and innovation, addressing the ever-changing demands of network security. From its origins in network device management to its pivotal role in cloud security and application connectivity, AlgoSec continues to be a key player in shaping the future of cybersecurity. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Ensure your network security is up to par with a comprehensive firewall audit checklist. Review and optimize security policy rules to prevent vulnerabilities. Firewall audit checklist for security policy rules review ---- ------- Schedule a Demo Select a size ----- Get the latest insights from the experts Choose a better way to manage your network

Learn how to create a practical container security framework that protects Kubernetes environments throughout their entire lifecycle, from CI/CD security to secrets management, with AlgoSec. Containerization technologies Select a size Which network Can AlgoSec be used for continuous compliance monitoring? Yes, AlgoSec supports continuous compliance monitoring. As organizations adapt their security policies to meet emerging threats and address new vulnerabilities, they must constantly verify these changes against the compliance frameworks they subscribe to. AlgoSec can generate risk assessment reports and conduct internal audits on-demand, allowing compliance officers to monitor compliance performance in real-time. Security professionals can also use AlgoSec to preview and simulate proposed changes to the organization’s security policies. This gives compliance officers a valuable degree of lead-time before planned changes impact regulatory guidelines and allows for continuous real-time monitoring. Container security across the Kubernetes lifecycle The modern attack surface: Containerization, Kubernetes security, and container vulnerabilities Shift left: CI/CD security, secure base images, and container image scanning Container security, orchestration security, and container hardening in Kubernetes How AlgoSec helps Runtime protection and container vulnerabilities for containerized workloads How AlgoSec helps End-to-end container security with AlgoSec’s Prevasio Next steps: Secrets management and container security checklist Get the latest insights from the experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

For your organization to implement robust security policies, it must have clear information on the security risks it is exposed to. An... Uncategorized How to Perform a Network Security Risk Assessment in 6 Steps Tsippi Dach 2 min read Tsippi Dach Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 1/18/24 Published For your organization to implement robust security policies, it must have clear information on the security risks it is exposed to. An effective IT security plan must take the organization’s unique set of systems and technologies into account. This helps security professionals decide where to deploy limited resources for improving security processes. Cybersecurity risk assessments provide clear, actionable data about the quality and success of the organization’s current security measures. They offer insight into the potential impact of security threats across the entire organization, giving security leaders the information they need to manage risk more effectively. Conducting a comprehensive cyber risk assessment can help you improve your organization’s security posture, address security-related production bottlenecks in business operations, and make sure security team budgets are wisely spent. This kind of assessment is also a vital step in the compliance process . Organizations must undergo information security risk assessments in order to meet regulatory requirements set by different authorities and frameworks, including: The Health Insurance Portability and Accountability Act (HIPAA), The International Organization for Standardization (ISO) The National Institute of Standards and Technology (NIST) Cybersecurity Framework The Payment Card Industry Data Security Standard (PCI DSS) General Data Protection Regulation (GDPR) What is a Security Risk Assessment? Your organization’s security risk assessment is a formal document that identifies, evaluates, and prioritizes cyber threats according to their potential impact on business operations. Categorizing threats this way allows cybersecurity leaders to manage the risk level associated with them in a proactive, strategic way. The assessment provides valuable data about vulnerabilities in business systems and the likelihood of cyber attacks against those systems. It also provides context into mitigation strategies for identified risks, which helps security leaders make informed decisions during the risk management process. For example, a security risk assessment may find that the organization needs to be more reliant on its firewalls and access control solutions . If a threat actor uses phishing or social engineering to bypass these defenses (or take control of them entirely), the entire organization could suffer a catastrophic data breach. In this case, the assessment may recommend investing in penetration testing and advanced incident response capabilities. Organizations that neglect to invest in network security risk assessments won’t know their weaknesses until after they are actively exploited. By the time hackers launch a ransomware attack, it’s too late to consider whether your antivirus systems are properly configured against malware. Who Should Perform Your Organization’s Cyber Risk Assessment? A dedicated internal team should take ownership over the risk assessment process . The process will require technical personnel with a deep understanding of the organization’s IT infrastructure. Executive stakeholders should also be involved because they understand how information flows in the context of the organization’s business logic, and can provide broad insight into its risk management strategy . Small businesses may not have the resources necessary to conduct a comprehensive risk analysis internally. While a variety of assessment tools and solutions are available on the market, partnering with a reputable managed security service provider is the best way to ensure an accurate outcome. Adhering to a consistent methodology is vital, and experienced vulnerability assessment professionals ensure the best results. How to Conduct a Network Security Risk Assessment 1. Develop a comprehensive asset map The first step is accurately mapping out your organization’s network assets. If you don’t have a clear idea of exactly what systems, tools, and applications the organization uses, you won’t be able to manage the risks associated with them. Keep in mind that human user accounts should be counted as assets as well. The Verizon 2023 Data Breach Investigation Report shows that the human element is involved in more than a quarter of all data breaches. The better you understand your organization’s human users and their privilege profiles, the more effectively you can protect them from potential threats and secure critical assets effectively. Ideally, all of your organization’s users should be assigned and managed through a centralized system. For Windows-based networks, Active Directory is usually the solution that comes to mind. Your organization may have a different system in place if it uses a different operating system. Also, don’t forget about information assets like trade secrets and intellectual property. Cybercriminals may target these assets in order to extort the organization. Your asset map should show you exactly where these critical assets are stored, and provide context into which users have permission to access them. Log and track every single asset in a central database that you can quickly access and easily update. Assign security value to each asset as you go and categorize them by access level . Here’s an example of how you might want to structure that categorization: Public data. This is data you’ve intentionally made available to the public. It includes web page content, marketing brochures, and any other information of no consequence in a data breach scenario. Confidential data. This data is not publicly available. If the organization shares it with third parties, it is only under a non-disclosure agreement. Sensitive technical or financial information may end up in this category. Internal use only. This term refers to data that is not allowed outside the company, even under non-disclosure terms. It might include employee pay structures, long-term strategy documents, or product research data. Intellectual property. Any trade secrets, issued patents, or copyrighted assets are intellectual property. The value of the organization depends in some way on this information remaining confidential. Compliance restricted data. This category includes any data that is protected by regulatory or legal obligations. For a HIPAA-compliant organization, that would include patient data, medical histories, and protected personal information. This database will be one of the most important security assessment tools you use throughout the next seven steps. 2. Identify security threats and vulnerabilities Once you have a comprehensive asset inventory, you can begin identifying risks and vulnerabilities for each asset. There are many different types of tests and risk assessment tools you can use for this step. Automating the process whenever possible is highly recommended, since it may otherwise become a lengthy and time-consuming manual task. Vulnerability scanning tools can automatically assess your network and applications for vulnerabilities associated with known threats. The scan’s results will tell you exactly what kinds of threats your information systems are susceptible to, and provide some information about how you can remediate them. Be aware that these scans can only determine your vulnerability to known threats. They won’t detect insider threats , zero-day vulnerabilities and some scanners may overlook security tool misconfigurations that attackers can take advantage of. You may also wish to conduct a security gap analysis. This will provide you with comprehensive information about how your current security program compares to an established standard like CMMC or PCI DSS. This won’t help protect against zero-day threats, but it can uncover information security management problems and misconfigurations that would otherwise go unnoticed. To take this step to the next level, you can conduct penetration testing against the systems and assets your organization uses. This will validate vulnerability scan and gap analysis data while potentially uncovering unknown vulnerabilities in the process. Pentesting replicates real attacks on your systems, providing deep insight into just how feasible those attacks may be from a threat actor’s perspective. When assessing the different risks your organization faces, try to answer the following questions: What is the most likely business outcome associated with this risk? Will the impact of this risk include permanent damage, like destroyed data? Would your organization be subject to fines for compliance violations associated with this risk? Could your organization face additional legal liabilities if someone exploited this risk? 3. Prioritize risks according to severity and likelihood Once you’ve conducted vulnerability scans and assessed the different risks that could impact your organization, you will be left with a long list of potential threats. This list will include more risks and hazards than you could possibly address all at once. The next step is to go through the list and prioritize each risk according to its potential impact and how likely it is to happen. If you implemented penetration testing in the previous step, you should have precise data on how likely certain attacks are to take place. Your team will tell you how many steps they took to compromise confidential data, which authentication systems they had to bypass, and what other security functionalities they disabled. Every additional step reduces the likelihood of a cybercriminal carrying out the attack successfully. If you do not implement penetration testing, you will have to conduct an audit to assess the likelihood of attackers exploiting your organization’s vulnerabilities. Industry-wide threat intelligence data can give you an idea of how frequent certain types of attacks are. During this step, you’ll have to balance the likelihood of exploitation with the severity of the potential impact for each risk. This will require research into the remediation costs associated with many cyberattacks. Remediation costs should include business impact – such as downtime, legal liabilities, and reputational damage – as well as the cost of paying employees to carry out remediation tasks. Assigning internal IT employees to remediation tasks implies the opportunity cost of diverting them from their usual responsibilities. The more completely you assess these costs, the more accurate your assessment will be. 4. Develop security controls in response to risks Now that you have a comprehensive overview of the risks your organization is exposed to, you can begin developing security controls to address them. These controls should provide visibility and functionality to your security processes, allowing you to prevent attackers from exploiting your information systems and detect them when they make an attempt. There are three main types of security control available to the typical organization: Physical controls prevent unauthorized access to sensitive locations and hardware assets. Security cameras, door locks, and live guards all contribute to physical security. These controls prevent external attacks from taking place on premises. Administrative controls are policies, practices, and workflows that secure business assets and provide visibility into workplace processes. These are vital for protecting against credential-based attacks and malicious insiders. Technical controls include purpose-built security tools like hardware firewalls, encrypted data storage solutions, and antivirus software. Depending on their configuration, these controls can address almost any type of threat. These categories have further sub-categories that describe how the control interacts with the threat it is protecting against. Most controls protect against more than one type of risk, and many controls will protect against different risks in different ways. Here are some of the functions of different controls that you should keep in mind: Detection-based controls trigger alerts when they discover unauthorized activity happening on the network. Intrusion detection systems (IDS) and security information and event management (SIEM) platforms are examples of detection-based solutions. When you configure one of these systems to detect a known risk, you are implementing a detection-based technical control. Prevention-based controls block unauthorized activity from taking place altogether. Authentication protocols and firewall rules are common examples of prevention-based security controls. When you update your organization’s password policy, you are implementing a prevention-based administrative control. Correction and compensation-based controls focus on remediating the effects of cyberattacks once they occur. Disaster recovery systems and business continuity solutions are examples. When you copy a backup database to an on-premises server, you are establishing physical compensation-based controls that will help you recover from potential threats. 5. Document the results and create a remediation plan Once you’ve assessed your organization’s exposure to different risks and developed security controls to address those risks, you are ready to condense them into a cohesive remediation plan . You will use the data you’ve gathered so far to justify the recommendations you make, so it’s a good idea to present that data visually. Consider creating a risk matrix to show how individual risks compare to one another based on their severity and likelihood. High-impact risks that have a high likelihood of occurring should draw more time and attention than risks that are either low-impact, unlikely, or both. Your remediation plan will document the steps that security teams will need to take when responding to each incident you describe. If multiple options exist for a particular vulnerability, you may add a cost/benefit analysis of multiple approaches. This should provide you with an accurate way to quantify the cost of certain cyberattacks and provide a comparative cost for implementing controls against that type of attack. Comparing the cost of remediation with the cost of implementing controls should show some obvious options for cybersecurity investment. It’s easy to make the case for securing against high-severity, high-likelihood attacks with high remediation costs and low control costs. Implementing security patches is an example of this kind of security control that costs very little but provides a great deal of value in this context. Depending on your organization’s security risk profile, you may uncover other opportunities to improve security quickly. You will probably also find opportunities that are more difficult or expensive to carry out. You will have to pitch these opportunities to stakeholders and make the case for their approval. 6. Implement recommendations and evaluate the effectiveness of your assessment Once you have approval to implement your recommendations, it’s time for action. Your security team can now assign each item in the remediation plan to the team member responsible and oversee their completion. Be sure to allow a realistic time frame for each step in the process to be completed – especially if your team is not actively executing every task on its own. You should also include steps for monitoring the effectiveness of their efforts and documenting the changes they make to your security posture. This will provide you with key performance metrics that you can compare with future network security assessments moving forward, and help you demonstrate the value of your remediation efforts overall. Once you have implemented the recommendations, you can monitor and optimize the performance of your information systems to ensure your security posture adapts to new threats as they emerge. Risk assessments are not static processes, and you should be prepared to conduct internal audits and simulate the impact of configuration changes on your current deployment. You may wish to repeat your risk evaluation and gap analysis step to find out how much your organization’s security posture has changed. You can use automated tools like AlgoSec to conduct configuration simulations and optimize the way your network responds to new and emerging threats. Investing time and energy into these tasks now will lessen the burden of your next network security risk assessment and make it easier for you to gain approval for the recommendations you make in the future. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

In the previous parts of our blog ( part I and part II ), we have described the most important parts of the Sunburst backdoor... Cloud Security Sunburst Backdoor, Part III: DGA & Security Software Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 12/22/20 Published In the previous parts of our blog ( part I and part II ), we have described the most important parts of the Sunburst backdoor functionality and its Domain Generation Algorithm (DGA). This time, let’s have a deeper look into the passive DNS requests reported by Open-Source Context and Zetalytics . The valid DNS requests generated by the malware fall into 2 groups: DNS requests that encode a local domain name DNS requests that encode data The first type of DNS requests allows splitting long domain names into separate requests. These requests are generated by the malware’s functions GetPreviousString() and GetCurrentString() . In general, the format of a DNS request that encodes a domain name may look like: USER_ID.NUM.COMPUTER_DOMAIN[.]appsync-api.us-west-2[.]avsvmcloud[.]com where: USER_ID is an 8-byte user ID that uniquely identifies a compromised host, encoded as a 15-character string NUM is a number of a domain name – either 0 or 1, encoded as a character COMPUTER_DOMAIN is an encoded local computer domain Let’s try decoding the following 3 DNS requests: olc62cocacn7u2q22v02eu.appsync-api.us-west-2.avsvmcloud.com r1qshoj05ji05ac6eoip02jovt6i2v0c.appsync-api.us-west-2.avsvmcloud.com lt5ai41qh5d53qoti3mkmc0.appsync-api.us-west-2.avsvmcloud.com String 1 Let’s start from the 1st string in the list: olc62cocacn7u2q22v02eu.appsync-api.us-west-2.avsvmcloud.com. In this string, the first 15-character string is an encoded USER_ID : “olc62cocacn7u2q” . Once it is base-64 decoded, as explained in the previous post, it becomes a 9-byte byte array: 86 7f 2f be f9 fb a3 ae c4 The first byte in this byte array is a XOR key: 0x86 . Once applied to the 8 bytes that follow it, we get the 8-byte user ID – let’s take a note and write it down, we will need it later: f9 a9 38 7f 7d 25 28 42 Next, let’s take the NUM part of the encoded domain: it’s a character “2” located at the position #15 (starting from 0) of the encrypted domain. In order to decode the NUM number, we have to take the first character of the encrypted domain, take the reminder of its division by 36 , and subtract the NUM ‘s position in the string “0123456789abcdefghijklmnopqrstuvwxyz” : num = domain[0] % 36 – “0123456789abcdefghijklmnopqrstuvwxyz”.IndexOf(domain.Substring(15, 1)); The result is 1 . That means the decrypted domain will be the 2nd part of a full domain name. The first part must have its NUM decoded as 0. The COMPUTER_DOMAIN part of the encrypted domain is “2v02eu” . Once decoded, using the previously explained method, the decoded computer domain name becomes “on.ca” . String 2 Let’s decode the second passive DNS request from our list: r1qshoj05ji05ac6eoip02jovt6i2v0c.appsync-api.us-west-2.avsvmcloud.com Just as before, the decoded 8-byte user ID becomes: f9 a9 38 7f 7d 25 28 42 The NUM part of the encoded domain, located at the position #15 (starting from 0), is a character “6” . Let’s decode it, by taking the first character ( “r” = 114 ), take the reminder of its division by 36 ( 114 % 36 = 6 ), and subtracting the position of the character “6” in the “0123456789abcdefghijklmnopqrstuvwxyz” , which is 6 . The result is 0 . That means the decrypted domain will be the 1st part of the full domain name. The COMPUTER_DOMAIN part of the encrypted domain is “eoip02jovt6i2v0c” . Once decoded, it becomes “city.kingston.” Next, we need to match 2 decrypted domains by the user ID, which is f9 a9 38 7f 7d 25 28 42 in both cases, and concatenate the first and the second parts of the domain. The result will be “city.kingston.on.ca” . String 3 Here comes the most interesting part. Lets try to decrypt the string #3 from our list of passive DNS requests: lt5ai41qh5d53qoti3mkmc0.appsync-api.us-west-2.avsvmcloud.com The decoded user ID is not relevant, as the decoded NUM part is a number -29 . It’s neither 0 nor 1 , so what kind of domain name that is? If we ignore the NUM part and decode the domain name, using the old method, we will get “thx8xb” , which does not look like a valid domain name. Cases like that are not the noise, and are not some artificially encrypted artifacts that showed up among the DNS requests. This is a different type of DNS requests. Instead of encoding local domain names, these types of requests contain data. They are generated by the malware’s function GetNextStringEx() . The encryption method is different as well. Let’s decrypt this request. First, we can decode the encrypted domain, using the same base-64 method, as before . The string will be decoded into 14 bytes: 7c a5 4d 64 9b 21 c1 74 a6 59 e4 5c 7c 7f Let’s decode these bytes, starting from the 2nd byte, and using the first byte as a XOR key. We will get: 7c d9 31 18 e7 5d bd 08 da 25 98 20 00 03 In this array, the bytes marked in yellow are an 8-byte User ID, encoded with a XOR key that is selected from 2 bytes marked in red. Let’s decode User ID: for ( int i = 0 ; i < 8 ; i++) { bytes[i + 1 ] ^= bytes[ 11 - i % 2 ]; } The decoded byte array becomes: 7c f9 a9 38 7f 7d 25 28 42 25 98 20 00 03 The User ID part in marked in yellow. Does it look familiar? Indeed, it’s the same User ID we’ve seen before, when we decoded “city.kingston.on.ca” . The next 3 bytes marked in red are: 25 98 20 . 2 0x59820 The first number 2 stands for the size of data that follows – this data is 00 03 (selected in green). The number 0x59820 , or 366,624 in decimal, is a timestamp. It’s a number of 4-second periods of time since 1 January 2010. To obtain the real time stamp, we need to multiple it by 15 to get minutes, then add those minutes to 1 January 2010: var date = ( new DateTime( 2010 , 1 , 1 , 0 , 0 , 0 , DateTimeKind.Utc)).AddMinutes(timestamp * 15 ); For the number 0x59820 , the time stamp becomes 16 July 2020 12:00:00 AM – that’s the day when the DNS request was made. The remaining 2 bytes, 00 03 , encrypt the state of 8 security products, to indicate whether each one of them is running or whether it is stopped. The 8 security products are: Windows Live OneCare / Windows Defender Windows Defender Advanced Threat Protection Microsoft Defender for Identity Carbon Black CrowdStrike FireEye ESET F-Secure 2 states for 8 products require 2 * 8 = 16 bits = 2 bytes. The 2 bytes 00 03 in binary form are: 00 00 00 00 00 00 00 11 Here, the least-significant bits 11 identify that the first product in the list, Windows Live OneCare / Windows Defender, is reported as ‘running’ ( 1 ) and as ‘stopped’ ( 1 ). Now we know that apart from the local domain, the trojanised SolarWinds software running on the same compromised host on “city.kingston.on.ca” domain has also reported the status of the Windows Defender software. What Does it Mean? As explained in the first part of our description, the malware is capable of stopping the services of security products, be manipulating registry service keys under Administrator account. It’s likely that the attackers are using DNS queries as a C2 channel to first understand what security products are present. Next, the same channel is used to instruct the malware to stop/deactivate these services, before the 2nd stage payload, TearDrop Backdoor, is deployed. Armed with this knowledge, let’s decode other passive DNS requests, printing the cases when the compromised host reports a running security software. NOTES: As a private case, if the data size field is 0 or 1 , the timestamp field is not followed with any data. Such type of DNS request is generated by the malware’s function GetNextString() . It is called ‘a ping’ in the listing below. If the first part of the domain name is missing, the recovered domain name is pre-pended with ‘*’ . The malware takes the time difference in minutes, then divides it by 30 and then converts the result from double type to int type; as a result of such conversion, the time stamps are truncated to the earliest half hour. 2D82B037C060515C SFBALLET Data: Windows Live OneCare / Windows Defender [running] 11/07/2020 12:00:00 AM Pings: 12/07/2020 12:30:00 AM 70DEE5C062CFEE53 ccscurriculum.c Data: ESET [running] 17/04/2020 4:00:00 PM Pings: 20/04/2020 5:00:00 PM AB902A323B541775 mountsinai.hospital Pings: 4/07/2020 12:30:00 AM 9ACC3A3067DC7FD5 *ripta.com Data: ESET [running] 12/09/2020 6:30:00 AM Pings: 13/09/2020 7:30:00 AM 14/09/2020 9:00:00 AM CB34C4EBCB12AF88 DPCITY.I7a Data: ESET [running] 26/06/2020 5:00:00 PM Pings: 27/06/2020 6:30:00 PM 28/06/2020 7:30:00 PM 29/06/2020 8:30:00 PM 29/06/2020 8:30:00 PM E5FAFE265E86088E *scroot.com Data: CrowdStrike [running] 25/07/2020 2:00:00 PM Pings: 26/07/2020 2:30:00 PM 26/07/2020 2:30:00 PM 27/07/2020 3:00:00 PM 27/07/2020 3:00:00 PM 426030B2ED480DED *kcpl.com Data: Windows Live OneCare / Windows Defender [running] 8/07/2020 12:00:00 AM Carbon Black [running] 8/07/2020 12:00:00 AM Full list of decoded pDNS requests can be found here . An example of a working implementation is available at this repo. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Tal Dayan, security expert for AlgoSec, discusses the secret to passing audits seamlessly and how to introduce automated compliance... Auditing and Compliance Compliance Made Easy: How to improve your risk posture with automated audits Tal Dayan 2 min read Tal Dayan Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 4/29/21 Published Tal Dayan, security expert for AlgoSec, discusses the secret to passing audits seamlessly and how to introduce automated compliance Compliance standards come in many different shapes and sizes. Some organizations set their own internal policies, while others are subject to regimented global frameworks such as PCI DSS , which protects customers’ card payment details; SOX to safeguard financial information or HIPAA , which protects patients’ healthcare data. Regardless of which industry you operate in, regular auditing is key to ensuring your business retains its risk posture whilst also remaining compliant. The problem is that running manual risk and security audits can be a long, drawn-out, and tedious affair. A 2020 report from Coalfire and Omdia  found that for the majority of organizations, growing compliance obligations are now consuming 40% or more of IT security budgets and threaten to become an unsustainable cost.  The report suggests two reasons for this growing compliance burden.  First, compliance standards are changing from point-in-time reviews to continuous, outcome-based requirements. Second, the ongoing cyber-skills shortage is stretching organizations’ abilities to keep up with compliance requirements. This means businesses tend to leave them until the last moment, leading to a rushed audit that isn’t as thorough as it could be, putting your business at increased risk of a penalty fine or, worse, a data breach that could jeopardize the entire organization. The auditing process itself consists of a set of requirements that must be created for organizations to measure themselves against. Each rule must be manually analyzed and simulated before it can be implemented and used in the real world. As if that wasn’t time-consuming enough, every single edit to a rule must also be logged meticulously. That is why automation plays a key role in the auditing process. By striking the right balance between automated and manual processes, your business can achieve continuous compliance and produce audit reports seamlessly. Here is a six-step strategy that can set your business on the path to sustainable and successful ongoing auditing preservation: Step 1: Gather information This step will be the most arduous but once completed it will become much easier to sustain. This is when you’ll need to gather things like security policies, firewall access logs, documents from previous audits and firewall vendor information – effectively everything you’d normally factor into a manual security audit. Step 2: Define a clear change management process A good change management process is essential to ensure traceability and accountability when it comes to firewall changes. This process should confirm that every change is properly authorized and logged as and when it occurs, providing a picture of historical changes and approvals. Step 3: Audit physical & OS security With the pandemic causing a surge in the number of remote workers and devices used, businesses must take extra care to certify that every endpoint is secured and up-to-date with relevant security patches. Crucially, firewall and management services should also be physically protected, with only designated personnel permitted to access them. Step 4: Clean up & organize rule base As with every process, the tidier it is, the more efficient it is. Document rules and naming conventions should be enforced to ensure the rule base is as organized as possible, with identical rules consolidated to keep things concise. Step 5: Assess & remediate risk Now it’s time to assess each rule and identify those that are particularly risky and prioritize them by severity. Are there any that violate corporate security policies? Do some have “ANY” and a permissive action? Make a list of these rules and analyze them to prepare plans for remediation and compliance. Step 6: Continuity & optimization Now it’s time to simply hone the first five steps and make these processes as regular and streamlined as possible. By following the above steps and building out your own process, you can make day-to-day compliance and auditing much more manageable. Not only will you improve your compliance score, you’ll also be able to maintain a sustainable level of compliance without the usual disruption and hard labor caused by cumbersome and expensive manual processes. To find out more about auditing automation and how you can master compliance, watch my recent webinar and visit our firewall auditing and compliance page. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Learn how NCR improved network security and agility through automation and optimization with Algosec's solutions. Webinars A Customer Story: The NCR journey to effective and agile network security Managing security in a multi-billion-dollar enterprise poses many challenges, as well as opportunities. Go inside an S&P 500 company and hear how they manage their network security. Join Scott Theriault, Global Manager, Network Perimeter Security at NCR Corporation as he shares his real-world experience managing security in a global organization with Yitzy Tannenbaum, Product Marketing Manager at AlgoSec. Get insights on: Key factors managing network security in complex organizations The benefits of network policy optimization Importance of maintaining and demonstrating compliance Change management and automation in large, complex networks Driving alignment of cloud and on-premises security December 17, 2020 Yitzy Tannenbaum Product Marketing Manager Scott Theriault Global Manager, Network Perimeter Security at NCR Corporation Relevant resources AlgoSec Case Study: BT Watch Video Discovery Case Study Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Silos hurt security NetworkSecurity is the responsibility of both NetOps SecOps In this panel with Cisco, Conscia AlgoSec security experts, we’ll share how to bring the teams together Webinars Bridging NetOps and SecOps: An Experts’ Panel Silos hurt security. Your network and its security are not managed by just one team. It is the responsibility of both NetOps and SecOps, but these teams don’t always play well together. In this security experts’ panel, Doug Hurd from Cisco, Henrik Skovfoged from Conscia, Oren Amiram and Tsippi Dach from AlgoSec will share how you can bring NetOps and SecOps teams together with Cisco ACI, Cisco Secure Workload (formerly Cisco Tetration) and AlgoSec. Discover how NetOps and SecOps teams can: Bridge the NetOps/SecOps divide, improve communication, and break down the silos between network and security. Align network, security, and business application owners Improve the entire network security with Cisco Secure Workload and firewall management Automate tasks and gain network traffic visibility of networks and security controls for threat detection, analysis and response across Cisco ACI and the entire hybrid and multi-vendor network. March 16, 2021 Alex Hilton Chief Executive at Cloud Industry Forum (CIF) Tsippi Dach Director of marketing communications Relevant resources Cisco & AlgoSec achieving application-driven security across your hybrid network Keep Reading DevSecOps: Putting the Sec into the DevOps Keep Reading Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue