Cyber Warnings from Iran: Action to Take Today

Cyber Warnings from Iran: Action to Take Today

Recent tensions between the United States and Iran have resulted in a need to amplify your cybersecurity precautionary measures regarding cyber warnings from Iran.

Cyber Warnings from Iran

There are certain threat actor groups associated with or back by Iran that may be committed to carrying out a “proxy war” via cyber-attack. This would allow Iran to retaliate to perceived US aggression without incurring the same penalties as explicit military action.

cyber warnings from Iran ​These threat actors are fluent in the range of tools and attack methodologies available to them. These groups are interested in critical infrastructure and will use everything from commodity malware to highly evasive and destructive wipers and tools.

These cyber warnings from Iran are real. Organizations should take all the precautions necessary to prevent damage caused by cyber warfare.

Our partners at SentinelOne recently issued a statement with the following action to that you can take today.

At this time, we have no information indicating a specific, credible threat to U.S. organizations; however, given the current climate, it’s an apt time to fortify defenses. We encourage organizations to consider the following recommendations:

  1. Disable unnecessary ports and protocols. A review of your network security device logs should help you determine which ports and protocols are exposed but not needed. For those that are, monitor these for suspicious, ‘command & control’-like activity.
  2. Log and limit the use of PowerShell. If a user or account does not need PowerShell, disable it via the Group Policy Editor. For those that do, enable code signing of PowerShell scripts, log all PowerShell commands and turn on ‘Script Block Logging’. Learn more from Microsoft.
  3. Set policies to alert on new hosts joining the network. To reduce the possibility of ‘rogue’ devices on your network, increase visibility and have key security personnel notified when new hosts attempt to join the network.
  4. Backup now, and test your recovery process for business continuity. It is easy to let backup policies slide, or fail to prove that you can restore in practice. Also, ensure you have redundant backups, ideally using a combination of hot, warm and/or cold sites.
  5. Step up monitoring of network and email traffic. The most common vectors for intruders are unprotected devices on your network and targeted phishing emails. Follow best practices for restricting attachments via email and other mechanisms and review network signatures.
  6. Patch externally facing equipment. Attackers actively scan for and will exploit vulnerabilities, particularly those that allow for remote code execution or denial of service attacks.

Cybersecurity plays a mission-critical role in your organization and society-at-large. every second of every day. Together we will prevail over those who challenge our security and way of life.

Read More

Consider PREtect as a Precautionary Measure

Our highest level of security is PREtect Premium. This service includes our top four most cyber-resilient services including:

  • Managed SIEM with 24/7 Security Monitoring and Analysis
  • Managed Detection and Remediation (MDR)
  • Responsive Patch Management
  • Real-time Vulnerability Management

Learn more about PREtect here:


Andrew Hamilton

Andrew Hamilton


Andrew Hamilton is a member of the executive management team of Cybriant, a leader in the cybersecurity services industry. As CTO he is responsible for the technical vision and the delivery of services at Cybriant. Since its founding in 2015, Andrew has led the selection, evaluation, and adoption of all security technology and tools utilized by Cybriant in the delivery of its managed security services.


Related Posts
Ransomware Groups Boast About Their Malware

Ransomware groups are becoming more boastful and even advertising for affiliates, according to a recent article. Read more to see Read more

Recommendation for Best SIEM for Managed SOC
best siem for managed soc

What is the best SIEM for a Managed SOC? Security information and event management (SIEM) software, is software that grants Read more

New Phishing Records Being Set in 2021
phishing record 2021

A new report has released the latest phishing records and the industries that are being targeted the most. Read on Read more

FBI Reports Rise in PYSA Ransomware Attacks

In a bulletin posted in March of 2021 on its website, the Federal Bureau of Investigation warned of an Read more

Cybriant CTO: Analysis of a Phishing Email

Cybriant CTO: Analysis of a Phishing Email

I recently received an interesting phishing email that I shared with the rest of our company as part of our Internal Security Awareness program.  You might guess that as CTO of a security company I often receive phishing emails (and you’d be right), but this one caught my eye.  This phishing email was interesting for a few reasons:

  1. It made it past Microsoft’s ATP (Advanced Threat Protection) anti-phishing service in Office 365.
  2. It had a valid SPF record (no DKIM or DMARC).
  3. The phishing link had a clever URL encode redirect.

So, let’s take a look at the email:

There were several factors that tipped me off that things were amiss: 

  • I have never seen a similar voicemail email.
  • We don’t do business with any company named Alarmtech (looking at the email address).
  • We definitely DON’T do any business with any company named Alarmtech that has a Polish TLD (the “.pl” of “” domain in the email address).
  • The “local Wireless User” phone number was also odd.

So, I decided to take a look at the message’s full headers.

I was quite surprised to see that the email had a valid SPF record, and while it was unfortunate to see that a DKIM was not setup it is fairly common for less sophisticated admins to omit this type of email authentication.  This also explains part of why Office365 gave a phishing email a pass instead of convicting the email.

And, a quick check with MXToolbox confirmed that the SPF record was indeed valid.

Ok, at this point I was even more curious.  So, I copied the link for the “Play Record” button and utilized to de-obfuscate the link.  Bingo!  We’ve got something interesting!

Now, we have the de-obfuscated link (Office365 ATP uses a technology called Safe Links as an extra layer of protection).




If you notice, the URL begins with this is a clever way to have Google (in this case it’s the Mexico link for Google as it has a TLD – top level domain – of “.mx”) to redirect to the actual malicious website address, which is:



Yes, that is a valid FQDN and URL.  And, this is the other part of the reason why I believe that this phishing email made it past Office365’s ATP service.  It’s using a method called URL encoding.  URL encoding allows you to do things such as create spaces in a filename.  For example, the following two bullet point links would point to the exact same URL (Note:  I used a random domain name):

phishing email

The “%20” is the URL encoded value for a space “ “.  There are some genuine uses for URL encoding, and it is especially helpful when creating scripts or working with APIs.  For example, when dealing with APIs in our SOC (Security Operations Center) this is often how we have to get around restrictions such as using an “@” in a username.  Instead of it’d be:

So, let’s de-obfuscate the link using



There we have the REAL link.  Next, we’ll explode this link in Joe Sandbox to see it’s behavior.  Click on the following link to see the full Joe Sandbox analysis, and see what our SOC would discover if they were performing this for a customer.  I’ll give you a hint, it turns out it’s malicious:


When I first exploded the URL decoded link Joe Sandbox didn’t find anything interesting.  And so, the second time I utilized the link that was a referrer link.  When using the referring link Joe Sandbox determined that the final destination URL was indeed malicious.  In short, the bad actor built a check into their website to ensure that the full link was being used (confirmed by seeing referring the user to the phishing website).  Pretty spiffy thinking on their part! 

Andrew Hamilton

Andrew Hamilton


Andrew Hamilton is a member of the executive management team of Cybriant, a leader in the cybersecurity services industry. As CTO he is responsible for the technical vision and the delivery of services at Cybriant. Since its founding in 2015, Andrew has led the selection, evaluation, and adoption of all security technology and tools utilized by Cybriant in the delivery of its managed security services.

Learn more about Cybriant’s Continuous Threat Detection & Remediation Services:

Related Posts
Biggest Bank Fraud Cases in History

Take a look at some of the most serious cases of bank fraud in recent history. Hackers, insider threats, and Read more

Top-Clicked Phishing Email Subject Lines of Q4 2018
phishing email subject lines

Wondering what the top phishing email subject lines from Q4 of 2018? KnowBe4 reports on this every quarter. Take a Read more

FBI Warning: Hackers don’t stop for the Holidays

The FBI has released a warning about a fraudulent email scam, just in time for the holidays. According to the Read more

Is your Business at Risk from an Advanced Persistent Threat?
advanced persistent threat

The Advanced Persistent Threat is the super-villain of the hacking world and needs to be prepared for accordingly. The APT Read more

Capital One Data Breach: Importance of Cybersecurity Basics

Capital One Data Breach: Importance of Cybersecurity Basics

By now you’ve heard of the Capital One Data Breach that happened on July 29, 2019, where a hacker gained access to 100 million Capital One credit card applications and accounts. Read more about the thoughts from Cybriant’s Chief Technology Officer, Andrew Hamilton.

capital one data breach

My first reaction when I saw that Capital One data breach has been the same as many of you: someone misconfigured something and a former employee had knowledge of that misconfiguration. 

What we most commonly see as a security company when organizations move to the cloud is the expectation that the cloud provider (AWS, Azure, Google) will automatically understand and take into account any security threat vector which may be particular to an organization. 

Unfortunately, they can’t work in that manner because requirements and environments will always differ from one organization to the next.  What may be a potential threat vector to Capital One could be required functionality to another organization. 

And so, the cloud providers afford their customers a high degree of flexibility, but they state in their Terms of Service (and recommendations) that the customer is responsible for securing their own tenant. 

Similarly, when we monitor a customer’s environment one of the first things we check for is whether we see customer endpoint devices utilizing external DNS servers instead of the official internal company DNS servers. 

Malware absolutely loves to exfiltrate data via DNS because most of the time UDP/TCP 53 is wide open to the Internet.  And while there are certainly ways to exfiltrate data via valid CNAME and TXT records (which require additional techniques to monitor/block such as RPZ records) those are computationally less efficient than simply blasting data via a commonly trusted port DNS port and bypassing HTTPS SSL inspection. 

There was an excellent article at InfoSecurity Magazine yesterday on the top 5 penetration test discoveries (link: 

All five are boil down to good Systems Administration hygiene. They aren’t as “sexy” as buying a Palo Alto and bragging about it to friends, but instead are things that are often left by the wayside (requiring complex passwords, simple patch management, etc).

What can be even more puzzling is when we see organizations who want a VERY expensive penetration test, and yet they haven’t even begun resolving the issues found from their vulnerability scanner.  Unfortunately, this is the norm that we see across industries and company sizes.

To avoid a Capital Bank data breach at your organization, read to the end to see our recommendations.

Capital One Data Breach Facts

On July 29th, 2019 Capital One Financial Corporation, a US-based bank holding company specializing in banking, credit cards, loans and savings, today released a statement1 regarding the detection of a breach resulting in unauthorized access to personal data pertaining to over 100 million Canadian and US credit card applicants and customers.

  • The breach is believed to be one of the largest in the history of the banking industry;
  • According to the statement, Capital One does not believe the compromised data has been used fraudulently;
  • Capital One became aware of the breach following a responsible disclosure email alerting them to potentially leaked data on a GitHub account associated with the alleged threat actor (TA);
  • The breach reportedly exploited a configuration vulnerability in Capital One’s infrastructure, including at least one known firewall misconfiguration, permitting access to customer data stored on Amazon Web Services’ (AWS) cloud;
  • US Law Enforcement arrested an alleged TA, ‘Paige Adele Thompson’, a former Amazon Inc. employed S3 Systems Engineer2, also known as ‘Erratic’, in Seattle, WA (US) on suspicion of ‘Computer Fraud and Abuse’ as filed3 in a criminal complaint with the US District Court for the Western District of Washington at Seattle;
  • The hack is expected to cost the company up to $150 million in the near term, including paying for credit monitoring for affected customers.

Scope of breach

  • Personal data of more than 100 million US and 6 million Canadian customers (consumers and small businesses) including approximately: o 140,000 US Social Security numbers
    • 1 million Canadian Social Insurance Numbers (SIN);
    • 80,000 US bank account details;
    • Names, addresses, phone numbers & dates of birth;
    • Self-reported income;
    • Credit scores, limits, balances & payment history.
  • Stolen information pertained to credit card applications from 2005 through to 2019.

Capital One Data Breach Timeline

  • 12 March – 17 July 2019 – Period in which unauthorized access to Capital One’s infrastructure likely occurred;
  • 22 March 2019 – Capital One access logs confirm unauthorized access to AWS from a compromised account;
  • 21 April 2019 – Timestamp associated with leaked data hosted on GitHub in addition to unauthorized activity recorded by Capital One logs;
  • 26 June 2019 – Posts on a Slack channel associated with, and using an alias of, the TA include screenshots and directory listings of files belonging to Capital One and other potential victims;
  • 17 July 2019 – Responsible disclosure email received by Capital One, alerting them to ‘leaked s3 data’ hosted on a GitHub Gist account believed associated with the threat actor;
  • 18 July 2019 – Direct messages posted by the TA suggest that they were prepared to distribute the stolen data;
  • 29 July 2019 – US FBI agents arrested the TA and Capital One release a public statement about the breach (also establishing a dedicated data breach webpage4 with an FAQ for potentially affected customers).

Cybriant Recommendations:

  • Organizations using cloud-based services, such as Amazon S3, should ensure that assets are correctly configured to prevent inadvertent or unauthorized access to sensitive data. Cloud providers will provide documentation detailing identity and access policy configurations that can restrict access, be that by user, file, bucket or organization.
  • Patch Management is a vital service that is often overlooked or taken for granted. Cybriant offers a Responsive Patch Management service that will take the guesswork out of the administrivia of this task and maintain a healthy network.
  • Vulnerability scans may catch the majority of issues, but these need to be done continuously. If you are only scanning once a year or quarter, that leaves a long period of time for hackers to use those vulnerabilities for malicious purposes. The alerts that come from the scans need to be remedied. Our Risk-Based Vulnerability Management service will aid your team to identify vulnerabilities to protect your network.
  • Logging any incidents in your network is the best way to protect against advanced persistent threats, including insider threats. Our Managed SIEM with 24×7 Security Monitoring service is not only a potential compliance requirement but will address and resolve most complex cyber risk issues.



Introducing PREtect: Tiered Cyber Risk Management Service

Related Posts
How to Prevent Data Breaches in Healthcare
how to prevent data breaches

Data breaches in healthcare are rampant in today's cyber threat landscape. Is it possible to prevent them. Security must become Read more

2019 Data Breach Report
data breach report

The 2019 Data Breach Report is available now and you'll be surprised at the numbers so far this year. Unfortunately, Read more

Is your Business at Risk from an Advanced Persistent Threat?
advanced persistent threat

The Advanced Persistent Threat is the super-villain of the hacking world and needs to be prepared for accordingly. The APT Read more

How to Prepare for IPv6 DDoS attack
ipv6 ddos

Every device on the Internet is assigned a unique IP address for identification and location definition. With the rapid growth Read more

Your SIEM needs a Hedgehog!

At Cybriant, we are big fans of Jim Collins’s book, Good to Great. This is a classic book for business leaders that describes how Mr. Collins and his team researched 1,435 established companies to find common traits of those businesses that made a leap from average to great results. The principles that are discussed in the book include lessons on eggs, flywheels, hedgehogs, and other essentials of business.

Let’s talk Hedgehogs

In his famous essay “The Hedgehog and the Fox,” Isaiah Berlin divided the world into hedgehogs and foxes, based upon an ancient Greek parable: “The fox knows many things, but the hedgehog knows one big thing.” Mr. Collins asks in his book, ” Are you a hedgehog or a fox?”

Cybriant understands that when it comes to managed SIEM, we are hedgehogs. According to the book Good to Great, a hedgehog concept is a simple, crystalline concept that flows from deep understanding about the intersection of three circles: 1) what you are deeply passionate about, 2) what you can be the best in the world at, and 3) what best drives your resource engine.

We are hedgehogs because we are deeply passionate about understanding SIEMs – how they work, how to get the proper data out of them, and what to do with that data. We are the best in the world at this because we have the top talent on staff, of course! What drives our resource engine is SIEM, SIEM, SIEM. SIEM implementations, training, monitoring, and so much more. We live and breath SIEM.

So, why do you need a Hedgehog for your SIEM?

One of our partners, AlienVault, was included in the recent Gartner Magic Quadrant for SIEM. This is awesome news! If you already use AlienVault, you know that you are working with the best. But, not every company has the resources to make it (or whichever SIEM you chose) work properly for them.

According to Gartner, there are four “cautions” when it comes to AlienVault.  Here’s how a hedgehog, like Cybriant, can help assist with those potential weaknesses when it comes to your SIEM:

Caution #1: USM provides NetFlow capture, basic statistics, and context for assets, but cannot generate alerts from NetFlow.

With the recent 5.4.x AlienVault release the ability to generate alerts from NetFlow has been addressed, but we would always recommend using the right tool for the job.

AlienVault is a phenomenal correlation engine that can take a lot of data from disparate sources and discover threats from seemingly innocuous information.  It does this by taking data from Active Directory, antivirus engines, firewalls, intrusion detection, and/or anything that can produce a log message for analysis.  Each of these sources is simply a single slice of the pie just like NetFlow.  Additionally, there are technologies that specialize in analyzing nothing but NetFlow to discover behavioral events and how they may be a threat.  AlienVault will take those kinds of specialized tools and create a holistic threat analysis so that you get the whole pie and not just a single slice.

Caution #2: Integration of unsupported data sources is cumbersome compared with competing products. Alternatively, users can request AlienVault develop a plug-in to enable the integration.

The fact of the matter is that there is no data analysis engine that can parse and integrate every technology on the market without some sort of expertise, understanding of the data, and ability to create an integration.

Cybriant Engineers regularly write plugins and integrations for the AlienVault platform.  For simple products that are “unsupported” by AlienVault, it may take an hour to write a plugin.  For very complex products with hundreds (or more) of rule variations on messages in logs, it will take longer.  Through literally thousands of implementations, the Cybriant team has yet to find a product that cannot be integrated (or have a plugin created) as long as it outputs data.

Caution #3: Although identity activity can be linked with assets, USM provides only basic enrichment of event data with user context; and identity and access management (IAM) integration is limited to Active Directory and LDAP.

There are many tools that can integrate with AlienVault to provide enriched user data, and out of the box, AlienVault has some built-in IAM capabilities.  Additionally, the USM Anywhere product has advanced user enrichment functionality with lAM and IDM software.  However, when we encounter cases where a user had a problem with their SIEM we typically discover that one of a couple of things has occurred:

  • The necessary data isn’t being fed into the SIEM (either by lack of logging verbosity or other configurations issues).
  • The Security Analyst (or is more often the case:  Overworked Systems Administrator) performing the analysis doesn’t have the experience necessary to do a data deep dive.

Think of it this way, if you have a musical instrument and don’t correctly tune it then it will sound terrible.  Similarly, if the data isn’t correct being sent to the SIEM and the system isn’t tuned to excel at processing the data then a Security Analyst will get poor results.  Additionally, like a musical instrument, you could have the best-made instrument in the world, but if the musician doesn’t know how to play it then it will sound terrible.  With a SIEM, if the Analyst (Administrator/etc.) doesn’t have the experience and dedicated training required to be successful then the results will be poor.

At Cybriant our SIEM Analysts have a deep understanding of both how the SIEM should be configured and how to discover threats using the SIEM.  These are two distinctly different skills.  Additionally, our SIEM Analysts have direct and instant access to the rest of our team members who specialize in different fields (such as Implementations, Malware Analysis, Forensic Analysis, etc.).  This means that instead of a single Security Analyst who is hunting down alarms, Cybriant has an entire Security Task Force who is actively monitoring your infrastructure.

Caution #4: AlienVault’s workflow capabilities do not include integrations with external ticketing systems or role-based workflow assignments. 

The traditional AlienVault USM does not have integrations with external ticketing systems, and so the Cybriant Security Operations Center solves this issue by having rigorous Processes and Procedures in place.  Without Processes and Procedures, workflows and integrations are typically handled in a hodgepodge manner instead of a hedgehog manner.

Additionally, with USM Anywhere USM, AlienVault now has integrations with external ticketing systems.  And so Cybriant can simply utilize our already existing great Processes and Procedures along with the automation to keep costs low for our customers.

Learn more about Cybriant and let us know if you need a hedgehog for your SIEM!


Have you heard about PREtect?

Related Posts
How Does a SIEM Work?
how does a siem work

How does a SIEM work? You probably know that many organizations utilize a SIEM for compliance and security monitoring reasons. Read more

WAIT! Ask These Questions Before Purchasing a SIEM
purchasing a siem

Are you considering purchasing a SIEM? Here are the top questions to ask to help you the make the best Read more

Cyber Security Solutions Every Organization Needs
cyber security solutions

Is your organization using these cyber security solutions? These are the basic tools and services that many companies are using Read more

Cybriant CEO responds to AlienVault acquisition
alienvault acquisition

AlienVault recently announced that they have agreed to be acquired by AT&T. See what Cybriant CEO, Jeff Uhlich, has to Read more

Why You Must Perform A Security Assessment

Why You Must Perform A Security Assessment

Recently, we discussed why it is important to have a SIEM (Security Information and Event Management) system, and why it is crucial for skilled Administrators to actively use and monitor it. For a quick refresher, here is the article in Wired that sums up the presentation by Rob Joyce, Chief of NSA’s Tailored Access Operations, that inspired this series.This week’s post will cover why it’s important for your organization to perform a Security Assessment to analyze your organization’s operational risks.

One of the biggest issues facing organizations today is that security is an invisible attribute.  IT administrators will setup devices or services, configure the security parameters and rarely if ever, consider security settings again.  Organizations routinely write policies for user access and infrastructure and never update them.  Systems are tested and vulnerabilities discovered but left unresolved. This is the “Set it and Forget it” Syndrome and almost every organization suffers from it.  As Rob Joyce points out, Nation State Hackers and Advanced Persistent Threats (APT’s) are relying on these issues, and unfortunately, we are making their jobs easy by not assessing our systems and processes regularly.

Everyone has blind spots which cause them to overlook important issues.  Infrastructures constantly change which introduces new vulnerabilities while new methods of attack are discovered or invented daily.  And, often what was secure yesterday is likely not secure today. Periodic assessments can help your organization identify these blind spots so your teams can design an effective security program.  Assessments can help determine the best methods to prevent a breach, as well as protect assets and corporate reputations.

>>>>Why You Must Have a SIEM<<<<<

Why perform a periodic Security Assessment?

Organizations are increasingly bound by governmental regulations which dictate what security measures must be in place and how they are to be audited.  PCI, FISMA, Sarbanes-Oxley, HIPAA, NERC and GSA among others all dictate how to secure different types of data and the systems that manage them.  These regulations also require regular security posture assessments.

Read more: Is a SIEM required for PCI Compliance? 

While regulations are often the driving factor, they aren’t the only reason why an organization should perform (or better yet, have a third party perform) periodic assessments of their infrastructure.  A Security Assessment is the equivalent of an organization’s State of the Union.  It is a report that looks at every aspect of security and details the severity and potential impact of risks to the company.  Furthermore, it produces the fundamental information required to create a roadmap to a successfully secure business.  To navigate to any destination you must first know where you are.

What should be assessed?

To begin, most organizations only focus on IT data systems or penetration tests during Security Assessments, and this is where things go wrong very quickly.  Yes, it is important that the firewall blocks bad guys and workstations are kept secure, but what about phone systems or printers?  Will your users recognize and report a phishing email attempt?  What is the process for when an employee exits your organization? Did anyone remember to disable their key card to the building?  A thorough Security Assessment will go beyond the typical IT systems assessment.  Here is a list of security domains that should be considered during a Security Assessment:

  • Access control
  • Information Governance and Risk Management
  • Infrastructure Architecture and Design
  • Cryptography
  • Operations Security
  • Network and Telecommunications Security
  • Disaster Recovery and Business Continuity plans
  • Governmental Regulations
  • Incident Management Policies and Procedures
  • Physical Security
  • IT Security Training Programs
  • Network Boundaries

What about after the Security Assessment?

It is shocking to think that most companies will pay for a third party to audit their systems, processes, facilities, and personnel; then, do nothing to resolve the discovered issues.  This is exactly what Rob Joyce points out in his video.  A high percentage of companies will fail to close gaps discovered during security audits.  A vulnerability of any size is important no matter where it exists.  All an APT really needs is a toehold.  Once one is presented no matter how small, attackers will use it to gain access to your company’s data.

Once you have received your assessment results, it is imperative to either fix discovered issues or create compensating controls to avoid these issues from being leveraged.  As Rob Joyce points out in his video, most companies and organizations fail to act even after issues have been discovered, documented, and reported.  Joyce also says not to assume any crack in your defenses is too small or insignificant to be exploited.  These toe-holds are exactly what Advanced Persistent Threats are looking for in your environment.

Companies put a lot of effort into securing revenue streams, banking information, and payroll information by default. These areas, they feel, are important to protect.  Most companies have a provision in the employee handbooks that instruct employees not to discuss salary information with fellow employees.  We don’t often find this level of care and communication when it comes to IT security.  Accountants frequently audit the bank and company for fraudulent activities.  It’s time that companies added IT security to this list of very important, very well understood activities.  Yearly assessments should be the norm and the findings should be well communicated within the company.  IT security cannot be the sole responsibility of a few guys in the back of the building.  Every employee has to be involved because every employee is a target.

The journey to a secure organization begins with the first step.  Your first step should be a Security Assessment to know where to place your foot, and how to find the path ahead. Start here >>>>

by Byron DeLoach

Learn More

Related Posts
How a Cyber Risk Assessment can Prevent Data Breaches
cyber risk assessment

At Cybriant, we recommend every new client begin with a cyber risk assessment so your organization will have a full Read more

7 Reasons You Need a Penetration Test in 2019
penetration test

Penetration tests are an important piece of the cybersecurity puzzle. We like to begin with the end in mind and understand Read more

6 Considerations for Your Next Security Assessment Vendor
security assessment vendor

Information security assessments are a necessity in today’s cyber insecure world. Be sure to consider these 6 things when you Read more

Types of Network Security Threats and How to Combat Them
types of network security threats

If you’re interested in the types of network security threats and how to combat them, you’re in the right spot. Read more