fbpx

Knowledge Center

Popular Blog Posts

Management Consulting

Blog Feed

RSS Blog Feed

Details
Category: Cybersecurity PRISM

The Accidental Architects of Our Digital DefensesThe Accidental Architects of Our Digital Defenses: A Tale of Curiosity, Pranks, and the Worm that Woke the Internet

 

Sometimes, our most innocent-looking small deeds can create unforeseen ripple effects that shape the future. Such was the case in the foundational days of cybersecurity. You will meet the unlikely pioneers whose innocent experiments that spiraled into unintended chaos and shaped the core concepts.

Before cybersecurity was a multi-billion dollar industry, it was a wild west where curious minds unleashed the first digital threats.

It is a constant, often invisible battleground against sophisticated threats. Yet, rewind a few decades, the internet was a newborn, trusting realm. Its guardians were few, and its vulnerabilities largely unknown.

 

When the Internet was in its innocent dawn. A handful of curious minds, some driven by academic pursuit, others by youthful mischief.... accidently laid the foundation for every firewall, antivirus program, and security protocol we now rely on.

 

Have you ever looked up answers to these interesting questions?

 

  • What is the history of computer viruses?
  • Who created the first computer virus?
  • Who were the earliest creators of computer viruses and worms?
  • Who are the pioneers of cybersecurity (even if accidental)?
  • How did early computer viruses spread?

Let me bring some interesting information of few accidental architects. I hope you will enjoy it…

 

1. The Whispering Ghost of ARPANET – Bob Thomas and the First Stirrings (1971)

Read more: The Accidental Architects of Our Digital Defenses

Details
Category: Cybersecurity PRISM

 

Recent major cyber-attack on the cloud

 

While planning this article on cloud security, a key question struck me: What is the most recent major cyber-attack on the cloud? My search led me to an alarming breach involving Oracle Cloud... A threat actor named rose87168 stolen 6 million records from Oracle Cloud’s SSO and LDAP.

It is a huge database which includes:

  • JKS files,
  • encrypted SSO passwords,
  • key files,
  • enterprise manager JPS keys.

 

Over 140,000 tenants have been affected by the breach. The threat actor name rose87168 is now urging companies to reach out and pay a specific “fee” in exchange for the removal of their stolen data.

He also created a page on X (formerly Twitter) and started following Oracle-related accounts (pages). As per rose87168, he also helped Oracle security team to fix the security issues. In return he wanted 20 million, but they ignored rose87168.  Here are some Twitter messages shared by the threat actor.  

I dug deeper and came across an interesting document. In connection with this data breach, a victim named 'Michael Toikach' has filed a lawsuit against Oracle Corporation. Here are some key highlights from the case.

Read more: Why is Hacker 'rose87168' asking $20M from Oracle? How to Build a Robust cloud Security Strategy!

Details
Category: Cybersecurity PRISM
Some journeys aren’t just personal—they’re poetic. Mine began in a humble village school, seated on the floor, learning the basics of language and numbers.
 

Details
Category: Cybersecurity PRISM

cloud-Is-It-Opportunity-For-YOUIn the year 2019 the whole world affected by Coronavirus. During that time COVID-19 pandemic accelerated the move to the cloud significantly. Many companies were forced to implement remote work policies to run their business. This could be possible with the help of cloud technology. In the last few years... companies are showing their interest in adopting the cloud for their business.

 Most organizations, particularly enterprises, have at least some of their workloads in the cloud. More businesses are embracing the cloud to keep up with the AI revolution. You will be surprised to know that more than 90% of organizations use the cloud. This market is expecting to reach one trillion dollars in the next 2-3 years.

 More enterprises are exploring multi-cloud solutions over a single cloud provider.

 Relying on a single cloud vendor can put their business in danger. Multicloud offers a range of opportunities to help organizations better serve their customers. 

In the previous post I have discussed about  Cybersecurity is an huge opportunity for IT professionals.

Here are some common use cases:

 

Disaster recovery

High priority task for the organization is to bring the business back in working condition after any sort of disaster.   To achieve it multi-cloud can be handy. Multicloud allows you to back up critical applications or data on different vendors' clouds. In the event of a disaster or single vendor outage, you can rely on your other providers.

 

Low latency globally

In the digital era your clients can be worldwide. In case of a global organization, multicloud can help them better serve customers. By giving access to servers in diverse locations. May be near to the clients and providing better connections with low latency.

 

Regional requirements

When implementing a multi-cloud strategy... organizations must follow regional regulations, data sovereignty laws, and infrastructure requirements. Each region or country has its own rules. Related to data privacy, security, latency, compliance, and availability. Failing to adhere to these regulations... can result in legal penalties, data breaches, and service disruptions.

So organizations choose cloud providers as per their requirements.

There can be other benefits like better security controls, and compelling cost savings.

 

The IT Shift You Can’t Ignore: 

Why 90% of Companies Choose Cloud!

 

Read more: The IT Shift You Can’t Ignore:  Why 90% of Companies Choose Cloud!

Details
Category: Cybersecurity PRISM

Wiz cloud security Part 1

 

Cybersecurity is an huge opportunity for IT professionals. Let me give you a proof of it. Alphabet (Google) has acquired over 200 companies till date. Please pay attention to it acquisition done in  March 2025.  With its largest acquisition being the buy of Wiz (a cloud security company [wiz.io]), for $32 billion.

In the list of 3 top expensive companies first and third are in cybersecurity business. Google paid  $32,000,000,000 ($32 billion) to WIZ Israel Company (Cloud Security) which is its highest buying cost ever.

Wiz acqusition cost

I will dig deeper in cloud security later.

  • First of all we will see some use case example of cloud.
  • Why are more than 90% organizations using cloud?
  • Little bit history of cloud computing.
  • What is cloud computing?

Okay so let's start with some use case scenarios of cloud:

 🛒 Scenario 1. The Local Grocery Store That Expanded Online

Read more: The Future of Cloud Computing -Part 1

Details
Category: Cybersecurity PRISM
Cybersecurity Analytics is marriage of two disparate fields:
 

Data Analytics and Cybersecurity

 
You may know that 'Data Analytics' is the process of examining DATASETS to draw conclusions about the information they contain. Valuable insights can be derived from uncovering and examining data patterns. Scientists categorize data as descriptive, diagnostic, predictive, or prescriptive to help them utilize data in many innovative ways. In general, Data Analytics can help companies better understand the purchasing habits of their customers, measure the efficacy of their advertising campaigns, discover new markets, and develop new products, and many things more.
 
Cybersecurity, on the other hand, is the practice of defending your organization's digital assets against malicious attacks. It employs various techniques, strategies, processes, and tools to diagnose, predict, and prevent unauthorized access of networks, systems, and devices.
 
Thus, you can safely say that Cybersecurity Analytics is concerned with the use of data analytics to achieve a cybersecurity objective. It is a powerful tool born of a deep understanding of data that can describe cybersecurity risks, diagnose vulnerabilities, predict future malicious behavior, and prescribe protective remedies.
 
Cybersecurity Analytics has evolved over the last few decades to become the basis for essential cybersecurity solutions and practices. It has provided a crucial understanding of bad actors, their techniques, and behaviors.
 
It is the application of BIG DATA ANALYTICS, rather than computer science or programming, that sets cyber analytics apart from traditional cybersecurity methodologies. To be sure, both disciplines examine the same exploits, vulnerabilities, threats, and attack methods. Still, for a cyber data scientist, these challenges are viewed through the lens of big data security analytics.
 
-
 

👉 What is cybersecurity analytics?

Read more: What is cybersecurity analytics? How Does Cybersecurity Analytics Contribute To Your Security?

Details
Category: Cybersecurity PRISM
U.S. Military when it was engaged in Vietnam war, some of their efforts were being led by a team, named as Purple Dragon. This team, Purple Dragon, noticed a phenomenon that their adversaries were seemingly able to anticipate their battle-strategies and tactics successfully. The question arose, HOW?
 
They were able to established that Vietnamese warriors were neither able to decrypt US Military communications, nor they had any intelligence assets inside US Military to collect intelligence from inside. Then how the Vietnamese warriors were able to anticipate moves of US Military. In the end, the Purple Dragon team arrived at one conclusion, i.e., US forces themselves were revealing vital information to the enemy 'inadvertently.'
 
I hope that you haven't missed the word 'inadvertently' here.
-
 

👉 What is Operational Security?

Read more: What is Operational Security? Why Opsec Is So Vitally Important?

Details
Category: Cybersecurity PRISM

What is Identity & Access Management (IAM)?

 
It is about your USERS (read, employees)...and their identities and the respective Access.
 
As you already know that when any user's credentials (user name, passwords) are compromised, it opens a new gate for hackers to enter into your company's network and attack your most valuable data and resources. Identity and Access Management (IAM) is one such tool which is used by most companies to ward off the attackers, and to protect their data and people.
 
In a very simplistic way, you can say that IAM is framework of some security policies, processes, and technologies which enable your organization to manage the 'digital identities' of your users and to control their access to critical corporate information. It works by assigning your users with 'specific roles' and ensuring they have the right level of access to corporate resources and networks, so that they can carry out their roles effectively. Thus, IAM improves the user experience and security at the same time.
 
The core ideas of IAM is to assign one 'digital identity' to each individual or a device. On the basis of this digital identity, it modifies, and monitors access levels and privileges through each user’s access life cycle.
 
An IAM platform is capable of verifying and authenticating individuals on the basis of their 'roles' and 'contextual information' such as geography, time of day, or (trusted) networks, etc. They can capture and record login events of all users. They allow you to assign access privileges to your users or to remove them. If any change in the privileges of any users happens, it can monitor those too.
 
As I just said above, IAM is a great tool to build 'Role-Based Access Control (RBAC), as defined by their job title, level of authority, and responsibility within your business. However, you may not be aware that these platforms are also capable of automatically de-provisioning the access-rights of any user, if he or she departs from your organization or their role changes within organization. Thus they prevent many security risks.
 
-
 

👉 What Are The Key Components Of An IAM Platform?

Read more: What is Identity & Access Management (IAM)? What Are The Key Components Of An IAM Platform?

Details
Category: Cybersecurity PRISM
The classical approach to network security was to isolate your internal network from the rest of the world, or say internet, using the firewall. Your firewall succeeded in preventing outsiders from coming in to your network, while still allowing your internal network users to connect to the external networks. For long many years, this approach worked for most organizations.
 
But this approach is not effective any longer, because now most users are bring in their own devices (BYOD) which are managed and used by users themselves, not by your network administrators. When network admins have no control over how these devices are used by users and how to deploy security measures on these devices, both the device and your network are not safe. There are countless of instances of successful 'Phishing' attacks by hackers when corporate users were lured or tricked into entering their user 'credentials,' which led to hackers gaining access to penetrate systems of organisations. Such phishing attacks are everyday phenomenon worldwide.
 
Since the classical network security approach heavily depended upon your hardware, primarily, your firewall, a new and far robust approach to security has emerged in the form of Software-defined Perimeters (SDPs).
 
-

👉 What is SDP?

Read more: What is Software-defined Perimeters (SDP)? How Does A SDP Work?

Details
Category: Cybersecurity PRISM
If you reflect upon the modern IT networks, you would immediately realize that they are quite complex. These are made up using various combinations of number of components, e.g., Routers, Switches, Firewalls, Servers and also include cloud-related resources such as Virtual Machines (VMs), Hypervisors, containers, etc. Most of these elements are simultaneously present in the network and interconnected too by various means.
 
The moment you would think of security such complex networks, you would impromptu realize that it is critical to monitor all these components carefully around the clock. From your perspective, each component of modern networks increases your attack-surface. But for every hacker and threat actor, this complexity of networks and the resulting challenge of 'visibility' create numerous opportunity to attack and exploit your network.
 
Not only this, if any of these devices fails, the performance of your network would be immediately hindered, so staying on top of the performance of each element of the network is critical to the smooth, uninterrupted production of your organization.
 
You have no choice but to know and monitor the traffic of your own network.
 
Your network traffic is the amount of data that is moving across your computer network at any given point in time. You all know that this traffic consists of data packets which are sent over your network, before they are re-assembled by receiving computer or device.
 
But you need to have a look at your network traffic from various lenses. Traffic affects quality of your network, because an unusually high amount of traffic can result in slow download speeds or spotty Voice over Internet Protocol (VoIP) connections. Traffic is also related to security because an unusually high amount of traffic could be the sign of an attack.
 
Before you get into details, you need to get acquainted with some conceptual framework here. There is your data-center...

Read more: What is Network Traffic? How to Secure Your Network Traffic? What are the Key Features of Network...

Details
Category: Cybersecurity PRISM
An endpoint is any device that connects to your corporate network from outside your firewall, e.g., Computers, Laptops, Tablets, Mobile devices, Servers, Printers, IoT devices, POS systems, Switches, ATM machines, Industrial machines, Medical devices and other devices that communicate with your corporate network.
 
They encompass any machine or connected device that could conceivably connect to your corporate network. And for hackers, these endpoints are particularly lucrative entry points to your business networks and systems. It is therefore vital for your organization to consider every device that is or could be connected to your network and ensure it is protected.
 
Every endpoint that connects to your corporate network is a vulnerability, providing a potential entry point for cyber criminals. Therefore, every device an employee uses to connect to any business system or resource carries the risk of becoming the chosen route for hacking into your organization. These devices can be exploited by malware that could leak or steal sensitive data from your business.
 
-
 

👉 What is Endpoint Security?

Read more: What is Endpoint Security? How Does Endpoint Security Work?

  1. What is SCADA (Supervisory Control And Data Acquisition)? How do SCADA systems work?
  2. What is LDAP? How does LDAP Authentication work? What Can You Do To Enhance LDAP Security?
  3. What is Remote Desktop Protocol? How Secure RDP is?
  4. What is LINK Aggregation? What is WAN Aggregation? How Does WAN Aggregation Work?
  5. What is Kerberos? How does KERBEROS Authentication work?
  6. What is ACL? How Do ACLs Work? What are the important components of ACLs?
  7. What is 802.1x authentication? What are key component of 802.1x Authentication? What is the security of 802.1x?
  8. What is FTP? What Are Various Types of FTP ? How to secure your FTP connections?
  9. What about Security of SD-WAN? 4-Major Security Concerns of SD-WAN
  10. What is Ethernet Switching? How Do Ethernet Switches Work?

Page 1 of 28