Blogs

Reduce your cyber risk. Improve your security posture. Increase your readiness.

SimSpace blog - SimSpace Cyber Risk Management Platform

April 28, 2022

HFS Hot Vendor Fireside Chat with SimSpace

As organizations race to embrace the cloud and empower remote workers, IT and security teams are caught between enabling business while also ensuring the highest level of security. It’s a difficult balance, for sure. The attack surfaces are ever sprawling, and looser deployment paradigms can often expose more vulnerabilities to an organization's networks and data. 

READ MORE

April 7, 2022

The Five Essential Elements of Impactful Red vs. Blue Exercises

Experience is vital when preparing to battle cybersecurity threats, but is it possible to gain experience and avoid the pain that usually comes with it? In a word, yes. Red vs. Blue events (RvBs) enable cybersecurity individuals and teams to practice responding to actual attacks in a safe and isolated simulated network. These events provide highly impactful learning experiences where SOC leads and team members can apply their cybersecurity skills, enhance trust and collaboration between teams, while testing and refining incident response processes. With RvB training, organizations can improve their defenses without the pain of actual data loss or downtime. 

READ MORE

March 31, 2022

Pushing Zero Trust Solutions Into Production

Whether or not you’ve been following our blog series, by now you’ve probably heard of the Zero Trust Architecture (ZTA). And while most security practitioners have already embraced the notion of continuous user and device validation, Executive Order 14028 made ZTA a mandate for the federal government’s civilian agencies and their IT vendors.

READ MORE

March 25, 2022

How to Validate your Zero Trust Implementation

It’s well established that cybersecurity is more than an IT concern. From supply-chain availability to consumer data privacy, cyber events can have a profound and lasting impact on business continuity and brand value. Even non-tech-savvy business leaders understand how closely linked organizational and personal success are to cybersecurity outcomes, this is why Zero Trust Architecture (ZTA) has become a hot topic for us to explore. 

READ MORE

March 22, 2022

Responding to the White House's Russian Cyber Threat Advisory

Less than 24 hours ago, the White House issued a warning that companies within the United States should take steps to protect themselves from potential Russian cyber attacks. As stated by the President, it would be “part of Russia’s playbook” to leverage cyber warfare in response to the unprecedented economic sanctions imposed by the United States and its allies around the world.

READ MORE

March 17, 2022

Building Confidence in Your Zero Trust Strategy

In May 2021, executive order (EO) 14028 sent shock waves through the cybersecurity community as the formerly abstract concept of Zero Trust suddenly became a mandate for federal agencies. On January 26, 2022, the Office of Management and Budget (OMB) signaled its alignment with the EO by releasing plans to implement a Zero Trust Architecture (ZTA). With nearly every industry being business-adjacent to the federal workspace, many executives find themselves Googling “Zero Trust” and its related buzzwords. These moves are a shrill warning that the familiar security practices of creating fortressed cyber perimeters are no longer sufficient.  

READ MORE

March 8, 2022

SimSpace Stands with Ukraine

A cold, wet winter abounds as a small, poorly equipped band of untrained patriots outmaneuvers and foils the presumed onslaught of an overwhelming, superior military force. This asymmetrical fight for freedom and independence seems hopeless and impractical to the analytic eye. 

READ MORE

February 25, 2022

Five Must Haves for Security Stack Confidence

With remote work and the ever-present threat of zero-day exploits and social engineering, it’s not getting any easier for security professionals to protect their expansive digital footprints from threat actors. Even with dozens of security tools at their disposal, many CISOs and SecOps teams have doubts about their ability to defend against cyberattacks. 

READ MORE

February 16, 2022

How to Build Confidence in Your Cybersecurity Program

This year will be the biggest test to date for security organizations. With a rapidly changing threat landscape, sprawling attack surfaces with remote workforces, and exponential growth in ransomware attacks, organizations of every size are revisiting their security priorities to ensure business continuity. 

READ MORE

February 3, 2022

Building Cyber Efficiency with the LEAP Framework

Cybersecurity professionals track a ton of information. From the numerous tools they manage to the various frameworks commonly used, the amount of information and data collected helps guide their efforts towards cyber maturity. But all these inputs and responsibilities can easily be overwhelming. 

READ MORE

January 27, 2022

Seven Critical Steps to Defending Against PwnKit

On January 25th, 2022, the Qualys Research Team publicly disclosed a memory corruption vulnerability in polkit (pkexec), a component included in every major Linux distribution. The exploit, known as PwnKit, is now tracked as CVE-2021-4034.

READ MORE

January 26, 2022

Cybersecurity Predictions for 2022, Part Deux

Yes, 2021 was the kind of year that we thought we needed another predictions blog (check out the first one if you missed it; Nine Cybersecurity Predictions for 2022). Of course, the start of a new year is often about what’s coming next, but don’t forget to reflect on and be proud of what your organization accomplished in the last year. 

READ MORE