Watch video: Top 5 Cybersecurity vulnerabilities uncovered: OnX Penetration Testing Countdown of vulnerabilities discovered in pen testing Number 5: Absence of security headers for applications One frequent vulnerability found in web application pen testing is the absence of security headers. Headers like HTTP Strict Transport Security (HSTS) enforce secure connections, and other headers can help […]
This blog will outline the OnX suite of managed IT services and the advantages of working with a managed service provider (MSP). The advantages of OnX managed IT services OnX’s centralized controls consolidate your IT visibility into a single pane of glass and help prevent tool sprawl. Our experienced team provides IT solutions that help […]
All of this may seem overwhelming, but hopefully I can help make it more interesting and entertaining! First off, and no surprise, I am passionate about cybersecurity awareness, and I believe that everyone— from kids to colleagues and clients—needs to understand the constantly changing cybersecurity threats. Like others who focus on their jobs year-round, cybersecurity […]
These challenges are compounded by the AI revolution and the increasing adoption of Internet of Things (IoT) devices demanding fast, low-latency connectivity. The businesses with the highest success rates regularly beta and deploy cutting-edge technology with AI-driven features. Effective technology in the retail industry requires data optimization The retail sector amasses a broad spectrum of […]
Internal IT issues like inflexibility, lack of backup planning, outdated infrastructure, and weak data optimization may exacerbate risk. These are obstacles that make businesses less agile. Today’s supply chains require fast and flexible capabilities. Cloud technology offers a solution to these issues by keeping supply chains moving while machine learning and AI can generate another […]
According to an April 2024 Allied Market Research report, the UCaaS market is expected to reach US$118.8 billion by 2031. Allied Market Research April 2024 Report With an increasing number of employees opting for remote or hybrid work, it is logical that more businesses are turning to a cloud-based solution that unifies various communication channels, […]
What is zero trust? Zero trust is a security benchmark based on the idea that every connection is inherently suspicious until it has undergone authentication, limitation, and habitual verification. Combining zero-trust principles with the latest cybersecurity measures and toolkits is the best practice for safeguarding the IT environments of modern businesses. Zero-trust principles are successful […]
End the vicious circle of security fatigue with third-party-supported cybersecurity services. Managing the totality of an organization’s cybersecurity services makes cybersecurity fatigue a fact of life for today’s IT professionals. Remote and hybrid work has brought about greater reliance on cloud services. Consequently, safeguarding digital assets now comes with additional layers of complexity. An abundance […]
Watch now: The impact of AI on Cybersecurity: Top concerns for CISOs Advancing security: The power of AI and cybersecurity Artificial intelligence (AI) is transforming the field of cybersecurity and elevating standard security protocols with its advanced functionalities: Ryan Hamrick, CBTS security consulting services manager, underscores the transformative impact of AI on cybersecurity: “Artificial intelligence […]
Why defense in depth and next-gen firewalls matter Morgan Stanley’s September 2023 wealth management report AI and Cybersecurity: A New Era stated that “cybercriminals are using AI to carry out a variety of sophisticated attacks, from data poisoning to deepfakes.” So, what’s the solution? If bad actors are always one step ahead, is it even […]
On this episode of Inside the CISO’S Office, vCISO John Bruggeman converses with Allan Hackney and Jim Studer, each a current consultant and former CIO of several large corporations, including GE, Bank of America, and Univision. They discuss the landscape of legal risk and regulatory compliance surrounding cybersecurity, and how to effectively communicate these pressures […]
But where do you start with your security assessments? Which one should your organization invest in first? To answer that question, let us explore the purpose of each assessment in greater detail. The types of security assessments Penetration testing – Tests the effectiveness of your security controls with simulated cyberattacks that criminals would use. Vulnerability […]
To mitigate cyber risk, OnX keeps clients current with the next iteration of network security practices by offering cutting-edge secure cloud network solutions coupled with our team’s expertise. OnX typically advises clients to invest in two emerging secure networking solutions: secure access service edge (SASE) and secure service edge (SSE). Each solution has distinct features, […]
The cybersecurity battleground Cybersecurity continues to move forward, and the attack surface grows as it does. Taking control of the full scope of risks and threats will be daunting for the most experienced security staff. Deneen pointed out that for all the headway made in cybersecurity in aviation, security professionals still manage comprehensive systems, networks, […]
Protecting networks allows companies to defend against the effects of a data breach. It utilizes a variety of technologies, frameworks, tools, and more to protect all aspects of this developing technology, from public to multi-cloud environments. The need for network protection When compared to the cost of a data breach, companies are better served investing […]
Why is cloud security so important? One of the primary benefits of cloud technology is risk reduction. According to Gartner, user error will cause 99% of security breaches by 2025—but this doesn’t mean cloud security will be risk-free. Organizations will continue to face challenges in compliance, complex threat landscapes, and misconfigured systems. For instance, one […]
These systems are both diverse and essential for efficiently running the day-to-day retail operations—managing employees and stock-to-consumer marketing initiatives, monitoring security cameras, and tracking customers’ movement and time spent in the store. Retail technology has advanced as strides have been made to the underlying networks. But those improvements have come with an expanded attack surface. […]
John Bruggeman, Consulting CISO at OnX connects with virtual CISO Tom Siu of Inversion6 in this episode of Inside the CISO’S Office. We tackled how CISOs can support cyber risk management initiatives within their organizations and the adjustments required to stay ahead of ever-evolving cyber threats. We also covered rubrics for recognizing and ranking cyber […]
These obstacles call for new ways to approach security. Secure access service edge (SASE) and zero trust are two evolving security methodologies. SASE is made up of several technologies but is often packaged as a single platform. SASE typically includes SD-WAN, SSE, CASB, and secure VPN solutions. OnX Canada defines zero trust as a security […]
The OnX Canada security team routinely gets these questions from our clients regarding cybersecurity testing tools: On the surface, these two services seem similar. Even cybersecurity professionals can be confused by the nuances between the two tests. Both tests serve to enhance the overall security fabric of an organization. This post will explore the differences […]
Quantum computing seems like a technology that is off in the distant future, but the reality is, significant progress is being made and it is becoming a pressing concern for government agencies and major corporations alike. To avoid being left behind, companies must look closely at the kinds of encryption they have deployed and begin […]
Demand for the cloud is increasing steadily, with Gartner predicting that 85% of organizations will embrace a cloud-first strategy by 2025. To keep cloud networks safe, cloud security is constantly evolving as they work to keep pace with malicious network attacks. Key to this is the adoption of zero trust security by IT managers—the concept […]
Every business faces the challenge of ensuring data security and maintaining safe operations. This has become even more challenging with the rise of work-from-anywhere (WFA) arrangements, which increases security risks. Besides securing WFA computers, other infrastructure elements—including on-premises network devices and phone systems—must be regularly updated and scanned. To build a strong foundation for your […]
What is SASE and zero trust? Securing sensitive data becomes increasingly complicated as hybrid and fully remote environments become prevalent. Traditional security models fail in distributed IT environments, where every network-connected device represents a potential risk. Businesses can overcome the challenges of modern networking with flexible, scalable, and evolving security measures. Two critical approaches to […]
Security assessments and penetration testing are well-established tools for staving off risk. But even when an IT security team believes they have SecOps handled, a merger or acquisition (M&A) introduces unknown variables. M&As are often a monkey wrench thrown into IT security, introducing a foreign environment into the existing network—often on an aggressive timeline. Integrating […]
Zero trust is a strategic framework every company can strive to implement that will strengthen enterprise security systems. The basics of zero trust are foundational and vital to the continued defense of your digital estate. A crucial part of a successful cybersecurity strategy is determining where to place your organization’s focus. A good starting place […]
This episode of Inside the CISO’s Office explores some of the most significant developments in cybersecurity in 2023 to date, including the MGM Resorts breach, the MOVEit data breach, and the resulting updates to compliance rules from regulators. The 2023 cyber threat outlook The threat landscape continues to see an increase in ransomware activity week […]
Organizations that rely on legacy applications increasingly expose themselves to security threats. Legacy applications do not provide the security protections of cloud-first apps. In some sectors, risky legacy infrastructure holds back organizations from cloud migration. A joint report from Capita and Citrix found that over 50% of CIOs believe legacy apps hold back digital transformation […]
Deploying a zero trust security philosophy is crucial to minimizing the risk of a data breach. Government security teams worldwide recognize the increase in advanced persistent threats and are moving to zero trust principles—a trend that is already forcing the private sector to follow suit. In this post, we will review the key elements of […]
With the growth of the digital workplace, the need for streamlined collaboration and communication tools with integrated security has grown exponentially. Protect yourself against risk with the proper deployment and management of UCaaS tools. The current state of security in the digital workplace Hybrid and remote work are now permanent fixtures. Organizations that have returned […]
Application modernization is critical to surmounting the vulnerabilities of legacy applications and systems. But app modernization efforts introduce their own set of security obstacles. Application modernization is both a boon and a hurdle to network and information security. While application modernization dramatically improves security, properly implementing security in a cloud environment is one of the […]
Instead, ZTA takes a granular approach that boosts internal security to match external firewalls—maximizing security measures across the entire environment. Zero trust frameworks are transformational for the cybersecurity of enterprises across industries. How does it work? Much of the buzz surrounding ZTA is driven by pressures to secure software supply chains. Zero trust requires that […]
Secure access service edge (SASE) is vital for protecting modern organizations. OnX managed SASE uses best-in-class tools to maximize long-term protection. SASE vendors provide slightly different features for each product offering. An organization may manage four or more security platforms from separate vendors to ensure it has access to the best features to secure its […]
To keep up with emerging security threats and vulnerabilities, the modern enterprise must implement both proactive and reactive cybersecurity protocols. Simply having a firewall at the edge and running a virus scan on your desktops is no longer enough. A business must utilize all the tools at its disposal to keep user and company data […]
In this blog, we will discuss strategies to consider if you are denied coverage, common reasons an insurance provider might deny coverage, and several alternatives to cyber insurance. Common reasons insurance providers deny policies With insurance, it all comes down to risk. An insurance company will deny a policy if they deem the risk too […]
What is digital transformation? In most cases, digital transformation consists of three key elements: resilience, scalability, and time to market. The medium of change is primarily legacy applications that are re-written, re-platformed, or re-architected to perform better in a cloud-native environment. The newly transformed applications are mobile-ready, effectively moving data and security to edge devices. […]
Read more: Top 5 cybersecurity actions to take right now Departments outside of IT have ownership of data mentioned in the insurance questionnaire. For example, human resources stores sensitive employee data like salaries, social security numbers, and health insurance information. Finance ensures vendor data, payment records, bank information, and other assets are secured properly. If […]
Completing your insurance questionnaire will be much simpler if your organization already has a formal and documented cybersecurity program. Otherwise, you should prepare yourself to focus on improving your security controls before speaking with the agent. If your company does not currently have data security measures in place, odds are you may not qualify at […]
In response, many organizations are purchasing insurance to transfer risk and mitigate some of the cost of a cybersecurity attack. But what is cybersecurity insurance? What kind of coverage does it provide? This post will take a closer look at these questions. What is cybersecurity insurance? Cyber insurance provides compensation for companies when they have […]
What is supply chain optimization? Across industries, the demands of the modern market push supply chains to grow in complexity and scale. Yet, as crucial as supply chains are to everyday life, they are increasingly vulnerable to malware attacks. Hackers prey on supply chains to access the dozens, hundreds, or even thousands of companies connected […]
Just like applications and firmware, people need to be kept up to date to protect against the latest malware threats. Implementing cybersecurity awareness training is a cost-effective and increasingly necessary solution. More and more oversight bodies require information security training as a part of compliance regulations. Additionally, consumers are demanding intensified cybersecurity. According to Arcserve, […]
Bipartisan bills before Congress targeting Big Tech What is it? Two bills attempting to reduce the power of Internet monopolies are currently being debated in the United States Congress: S. 2992, the American Innovation and Choice Online Act, and S. 2710, the Open App Markets Act. Both bills are substantial and complex. One of the […]
This concept should be extended to all your applications as well. Software bills of materials (SBOM) promise many of the same benefits as physical BOMs. Much like their physical cousins, SBOMs list out each component of a piece of software. The process is more complex than it sounds at first because modern software is often […]
Information security focuses on three concepts, known colloquially as the CIA triad: Information privacy, on the other hand, involves: The overlap between the concepts of information privacy and information security comes from the protection of personal information, which is a crucial concern for both. The differences between information privacy and security are illustrated below. In […]
Those are fun because it means: The vendor has to hustle to understand the vulnerability and develop both workarounds and a patch. There’s a chance this vulnerability has been in use by attackers for a while, but none of our security controls were able to detect it. It’s like finding a spy cam in your […]
Using a ZTN, your company can employ the same process of collecting information to ensure protection against cyberattacks. It can be challenging to know where to begin when looking to improve your company’s cybersecurity mechanisms. OnX Canada’s security services can equip your organization with the support you need to identify and manage threats across your […]
The MITRE ATT&CK framework has expanded since then to document more TTPs used against macOS, Linux, mobile operating systems, network infrastructure devices, cloud systems, and other enterprise IT technologies. By cataloging the tactics that cyber criminals use to gain unauthorized access, the ATT&CK framework helps cybersecurity teams detect and defend against potential threats. Here’s how […]
It’s easy to feel intimidated by the CSF from the National Institute for Standards and Technology (NIST). With 23 categories and 108 subcategories detailing key aspects of cybersecurity, the framework might seem as impossible (and as unappetizing) as eating an elephant. It’s hard to know where to begin. But like any valuable and effective undertaking, […]
So what should you do if you have been impacted by this criminal attack? I’ve had similar considerations in my time as a security leader—here’s my take. First, if you have cybersecurity insurance, hopefully you have called your insurance provider and you are working with them to obtain the necessary resources to get back up […]
Equipped with a thorough understanding of these security frameworks and the support of a dedicated security partner like OnX Canada, organizations can strengthen their defenses against cyber threats. A robust IT security program can give your company the ability to assess ever-changing risks and take measures to establish security policies, conduct ongoing testing and training, […]
If that list seems daunting, feel free to enlist us to help! OnX’s security team can assist with objective solution selection and design, consulting, assessment, and managed security services.
We understand vulnerability remediation can be disruptive to your business. We’re working with F5 to ensure you can efficiently update your BIG-IP and BIG-IQ systems to the latest, most secure, and best-performing versions. There are resources available about the vulnerabilities and how to update or upgrade your BIG-IP and BIG-IQ systems on the F5 vulnerability response site: Security advisories […]
OnX Canada is simplifying data security environments for modern enterprises by leveraging the Red Hat Ansible Automation Platform. This technology allows for role-based access control, security, auditing, and delegation, utilizing both the REST API and the traditional command line interface (CLI). The platform gives users seamless access to an extensive lineup of functions, including security, […]
Empowering advanced enterprises with cutting-edge data security solutions is a vital part of the OnX identity, and it has been the OnX mission for more than 30 years. Security best practices are ingrained into everything OnX does daily. It’s also part of the OnX mission to meet clients where they are in their journey to […]
Legacy data protection issues faced in cloud architectures While there are a variety of data protection challenges facing organizations moving to cloud architectures, three common issues frequently arise: Complexity: The more software and third-party solutions, the more complexity you bring into your environment. This includes everything from new GUIs and scripts to cross-platform data incompatibility […]
If your organization is planning to attempt a cloud network migration, it pays to research these misconceptions and equip yourself with all the knowledge necessary to build a modern and effective cloud security program. Quality over quantity You may hear from time to time that the more cloud security tools your enterprise can bring to […]
A growing problem Phishing remains the method of choice for the vast majority of cyberattacks. Using sophisticated social targeting, disguised links and attachments, cyber criminals can do in seconds what could take hours or days for an advanced piece of software to do: circumvent a security platform and gain access to sensitive data or critical […]
Mapping of current network topology. Establishing a baseline of vulnerabilities. Application of all outstanding patches. Determining cadence of patch application. Review of ongoing critical patch escalation processes. In-depth quarterly reviews. Continuous, ongoing assessment and monitoring. Auditing and compliance analytics. When properly planned and executed, this process provides critical insight into the potential risks inherent in […]
Penetration testing explained In the 50s, fleets of aircraft were in use all over the world, but facing a dangerous problem: running into birds in midair. This led to technical advances in building new windshields and new engines, but engineers needed to ensure that their designs would satisfy their requirements. So how do you make […]
Known issues: what attackers are already looking for The time is ripe for attackers to analyze different videoconferencing solutions for vulnerabilities, analyze them, and exploit them to run their code, gain unauthorized access to corporate infrastructure, and conduct additional malicious activity. So what can you do? How do you do it? The good kind of […]
Think about all the times you’ve been on the go, reading emails while in line at the coffee shop, or checking your bank account while waiting at the doctor’s office. Unless you were logged into a private network that requires an encryption key, any data transmitted during your online session could be vulnerable to eavesdropping […]
Endpoint protection helps businesses keep critical systems, intellectual property, customer data, employees, and guests safe from ransomware, phishing, malware, and other zero-day cyber attacks. Why businesses need endpoint protection: Criminals are constantly developing new ways to attack networks, take advantage of employee trust, and steal data. Smaller businesses may think they’re not a target, but […]
Security plays an additional role in a crisis like COVID-19 in protecting an organization’s ability to respond effectively, which sometimes means accepting more risk. Security has to be laser-focused on ensuring a physical or cyber crisis does not impede the organization’s response efforts. It also needs to be a part of the ongoing risk decision-making […]
The security team has a particular responsibility in helping to answer these questions. The mission of a security team is to protect a business from risk. The risk of a pandemic eliminating supplies, services, and customers, as well as forcing employees to stay home, etc., probably was not on the radar of most businesses. It […]
According to IDC (Source – Worldwide CISO Influence Survey 2018), business leaders and CISOs view information security as vital to competitiveness of products and services while protecting the interests of their customers. Areas an Enterprise Cyber Risk Program should cover When an organization promises to deliver the value of digital business to customers, it’s often […]
A recent example was provided by an attacker penetrating an IoT-based HVAC system that ultimately provided the attacker a nearly unrestricted path all the way to the victim corporation’s Point of Sale systems. Table of Contents: How Network Access Control works How NAC solves IoT device vulnerabilities A common misconception about modern NAC solutions […]
Attackers are capitalizing on our fear Cybercriminals and malware authors always try to find the most effective way to trick users into making poor, risky choices. Fear is an extremely effective mechanism, so in the last weeks we’ve seen this happen with the pandemic. Phishing attacks that purport to carry news about quarantines and lockdowns, […]
Two items for home users and consumers: We will see more discovered vulnerabilities in, and attacks against, so-called “smart home” products, such as smart speakers, security systems, and cameras. Any time we see widespread deployment of technology that is, relatively speaking, in the early stages of maturity, we expect that attackers will pay attention and […]
Think like an attacker It’s always better to be proactive than reactive when it comes to dealing with cyberattacks. To stay one step ahead, many IT Security Specialists can try to take on the mindset of an attacker. If the attacker’s motive is financial gain, what systems would they attempt to exploit? What if the […]
Exploring offensive tools Learning the tools that hackers use to break into systems is essential for any IT Security technician. Not only does this knowledge help you learn what an attacker can and cannot do, but you will better be able to guard against threats and have the proper defenses in place to combat any […]
Real-world solution OnX Canada recently aided a client, a national grocery retailer, that serves all 10 Canadian provinces’ food shopping needs. The client acquired a similar large business and needed to realign its organization while still remaining competitive in the marketplace. It was also concerned about upgrading and integrating technology between the businesses and was […]
To achieve the Cisco Master of Security Certification, OnX team members had to show their exact understanding of individual Cisco security practices, as well as demonstrate a deep understanding of how those practices should function as a cohesive set of solutions. The OnX team also had to showcase current examples of successful projects in which […]
The Internet Security Threat Report (ISTR) published by Symantec in April of 2017, notes that the number of malware variants has risen to 357 million different strains. To put that in perspective, that’s roughly one malware strain per 21 people or roughly one strain for every person online. The real problem is one of scope; […]
This particular ransomware strain, although hitting numerous hospitals in the UK and many other organizations across the world had a kill switch. The ransomware would attempt to connect to a domain with a very long and complex name, if the domain was _not_ live, the ransomware proceeded to encrypt all files. If the domain _was_ […]
Intrusion Detection Is Not A Cure-All A ransomware attack in early 2016 dubbed “SamSam” was so severe — and, frankly, frightening — that the FBI sent out an alert to watch out for it. The problem was hackers discovered a huge security hole in a popular piece of open-source networking software and used it to […]
Understand the Key Web App Attack Vectors Start by familiarizing yourself with hackers’ favorite ways into apps, such as: SQL injections Cross-site scripting (XSS) Denial of service (DoS) attacks There are many more, of course, and new ones are being dreamed up every day. Make sure your security team stays abreast of all of these […]
So after completing your research, if you decide Splunk Enterprise Security is the right solution, then you must determine how to get Splunk up and running quickly with the limited time available from your IT staff? Enter the OnX Security Intelligence Appliance. OnX has developed the appliance in partnership with Splunk and Cisco to address […]
The risk to not responding to these demands is not an option, as our Lines of Business actively look to Cloud options to deliver lower costs and greater mobility.
The History of Object Storage Object storage was a redundant and scalable storage system that provided a generalized data container with an index and metadata layers for the objects. Objects stored in the system were accessed via the index, and information pertaining to these objects was contained in the metadata. Files of all types and sizes could be […]
The strategic relationships of the OnX Healthcare Practice are positioned to be responsive to current healthcare industry demands. Challenged by fiscal constraints, increased service demand, data requirements and consumer expectations, the Healthcare Practice remains focused on client solutions that will improve operational efficiency and clinical outcomes. In response, OnX forged a strategic partnership with MEDSEEK […]
These are things to think about before you get to the type of environment that has hundreds and hundreds of hosts, and thousands of guests, across multiple hypervisors. Are you even in the ballpark when it comes to best practices, measuring performance and security? As a specific example, let’s talk about security. Most shops spend […]
Personal preferences for Apple IOS, Google Android, and Microsoft Windows-based devices are driving consumer devices into the corporate networks and create device management and data security concerns. Home offices, the desire to have the newest devices on the market, tablets, netbooks, and smartphone preferences all cause a need for organizations to create a “BYOD policy”. […]