A Minor MITRE ATT&CK Rundown

MITRE ATT&K and the Pyramid of Pain: An Introduction

Before we delve into the MITRE ATT&CK framework, I’d like to give a little context to set the stage. Though wheels are turning, much of cybersecurity is still mired in “tradition.” That is to say, analysts are reading reports, journals, academic papers, news stories, etc. Relevant data is then transferred to a database or stored in their personal biological hard drive, their head. All of this data is then transferred to written reports that are then given to consumers.

Mac Patch Management 101

To reduce the risk of vulnerabilities, IT administrators must ensure the devices they manage, which sometimes includes Mac devices, have the latest updates installed, even if support for Mac is not their major competency. 

In: #patching

What is Vulnerability Prioritization?

In an ideal world, security teams would remediate all vulnerabilities as soon as they are discovered, eliminating both small and large risks. However, zero inboxing in the world of vulnerability management is a mere pipe dream. 

In: #security

What is Virtual Patching?

This article will give you an insight into virtual patching, what makes patching hard for businesses, the value of virtual patching and how to fix virtual patching issues. Let’s get started.

In: #patching

A Step in the Right Direction – Binding Operation Directive 22-01

On November 3rd, 2021, the Cybersecurity and Infrastructure Security Agency released Binding Operational Directive 22-01, a compulsory direction with the goal of systematizing and standardizing vulnerability remediation across federal agencies except for defined “national security systems” and “certain systems operated by the Department of Defense or Intelligence Community.”

In: #topia

What is Risk-Based Vulnerability Management?

Risk-based vulnerability management is the process of reducing vulnerabilities across the attack surface of an organization’s assets by prioritizing remediation based on the risks they pose. 

In: #patching

Vicarius Offers New Technology To Fix Log4j With No Vendor Involvement


Vicarius & Log4Shell: What You Need to Know

Has Vicarius Been Affected by Log4Shell?

Along with the rest of the cybersecurity community, we have been continuously monitoring for any evidence of Log4Shell exploit attempts in our digital environment. So far, we have found no evidence that TOPIA or any of our systems have been affected by CVE-2021-44228 or CVE-2021-45046. It is also our current understanding that we are not vulnerable to either CVEs according to data gathered from extensive testing.

In: #cve

Leave a Reply


    See all

    Strong Cyber Hygiene is only One Click Away

    Want to take TOPIA for a free ride? Schedule A Meeting with our 🐺team!

    Let us know what would like to see 😀