Author: Guy Gilam

VSOC Vulnerability Management Fundamentals

The risk of a connected vehicle being cyberattacked is the highest it has ever been, due to new systems’ public digital blueprint and entry points, and the growing sophistication of attackers. A VSOC (Vehicle SOC) is a key component in managing these risks, as it identifies vulnerabilities and takes action to dispose of them. Let’s […]

Building A Successful PSIRT from the Ground Up – Part 1: People

This is Part 1 of our blog series about building a Product Security Incident Response Team from the gournd up. The Colonial Pipeline cyber security breach in 2021 marked a watershed moment in IT security. Though this attack shut down the largest oil pipeline in the U.S. and resulted in a $4.4 million ransom payment, […]

Building A Successful PSIRT from the Ground Up – Part 2: Processes & Technology

This is Part 2 of our blog series about building a Product Security Incident Response Team from the gournd up. Continuing from where we left off in Part 1, in this post we will cover the enabling processes and technologies of a PSIRT.

6 Supply Chain Security Tips Following Biden’s Cybersecurity Executive Order

Biden’s presidential cybersecurity Executive Order (EO 14028) provides valuable guidelines for the federal government and its suppliers to reduce cybersecurity risk and improve the overall national security posture. Focusing on the modernization of strong security standards and their implementation, the EO was issued following a number of data breaches that had severe global consequences. These […]

Who’s On Your Team? Managing Medical Device Vulnerabilities

In 2020, 34% of all breaches involved the healthcare sector. Medical device manufacturers (MDMs) face constant pressure to accelerate digital innovation while struggling to keep their devices safe, secure, and compliant. A crucial part of making that happen is building and maintaining a solid vulnerability management program. We hear a lot about automation and software […]

Medical Device Vulnerability Remediation: What Comes First?

“An ounce of prevention is worth a pound of cure,” so the saying goes. Yet, prevention is never 100% guaranteed when it comes to cyberattacks and the rampant vulnerabilities that plague connected medical devices. As discussed at the beginning of this blog series, IoMT-focused cyberattacks have occurred in 82% of healthcare organizations. These attacks often […]

Is Your Medical Device Vulnerability Management in Critical Condition

The Internet of Things (IoT) has changed the world. Arguably the industry most profoundly impacted by IoT is Healthcare . Connected medical devices are critical to providing patient monitoring, care, and comfort. Yet, for all convenient and even life-saving uses, Internet of Medical Things (IoMT) can also be a security risk. IoMT security is crucial […]

VEX – Protecting the Software Supply Chain from Hidden Threats

The SolarWinds hack of 2020 allowed attackers to dig deep into many major businesses and government agencies. This high-profile attack called into question supply chain security, and the implicit trust enterprises place in suppliers of software and devices. This post explores the challenges of protecting the supply chain, and how the new Vulnerability Exploitability Exchange […]

New Supply Chain Threats – Name:Wreck TCP/IP Vulnerabilities Exposed

Newly discovered supply-chain vulnerabilities in common communication stacks can be exploited to take full remote control of connected devices, putting at risk millions of devices around the globe. Security researchers from Forescout and JSOF Research Labs have discovered nine vulnerabilities in four widely-used TCP/IP stacks affecting Domain Name Systems (DNS) implementations. Dubbed NAME:WRECK due to […]

Busting Code Analysis Myths – Binary Analysis vs. Source Code Analysis

Despite being around for years (maybe even decades), the practice of automated code reviews to identify security vulnerabilities and other flaws still leave product security professionals with many misconceptions. Source code analysis provides complete coverage, some say. Binary analysis is inaccurate, others cry.

Subscribe to our blog to stay updated