Best Practices for Assessing Cyber Vulnerabilities

Managed detection and response (MDR) solutions identify active threats across an organization and then respond to eliminate, investigate, or contain them. MDR has increased in visibility and importance as organizations realize that no level of investment will provide 100% protection against threats and as the scale and complexit

Penetration testers can only assess the attack surface they can see. Attack Surface Detector is a set of open source tools that can identify web application attack surface through static code analysis, making the data easy to leverage in dynamic testing. Penetration testers can also highlight differences in attack surface between two different versions of an application.

When usernames and passwords are compromised in a data breach, the consequences extend far beyond the victim organization due to rampant password reuse. For this reason, NIST recently recommended that organizations check users’ credentials against a set of known compromised passwords. However, by patroning dark web forums and paying for spilled credentials, enterprises indirectly support the criminal ecosystem. Furthermore, attackers often don’t publicly post stolen data until months or years after the breach, if at all. Is there a better way to follow NIST guidelines and protect users from account takeover? Join Justin Richer, co-author of NIST Digital Identity Guidelines 800-63B, and Gautam Agarwal, Shape's Senior Director of Product Management, for a lively discussion on NIST’s password recommendations and how best to prevent account takeover fraud at your organization.

When it comes to larger or more complex organizations, managing cyber security risks requires a more intensive approach than implementing basic security protection. Embedding risk-based security controls, managing the security of supply chains, and carrying out regular audits are some of the many measures an organization may need to take to manage and reduce risk.