eBook Archives - NetSPI

The CISO’s Guide to Securing AI/ML Models

Amanda Squire — Mon, 04 Dec 2023 17:24:54 +0000

Artificial Intelligence (AI) has limitless potential for business applications — and conversely — the same potential for adversarial attacks.

As your team explores developing Machine Learning (ML) models of your own, NetSPI is here to guide security from ideation to implementation. We created this whitepaper to help the industry work toward a shared understanding of Adversarial Machine Learning (AML) so we all can enhance the collective security of ML models together.

Chapters in this whitepaper include:

Cybersecurity Questions to Ask Before Starting Your AI Development Journey
Artificial Intelligence (AI) versus Machine Learning (ML)
Key Terminology in AI Cybersecurity
A Primer on Adversarial Machine Learning
Embracing Trustworthy AI as a Guiding Principle
Challenges to Growing the AI Cybersecurity Knowledge Base
How AI Penetration Testing Secures AI/ML Systems

Get started with security your ML models by accessing our whitepaper today.

Author:

Kurtis Shelton
Senior AI Security Engineer

The post The CISO’s Guide to Securing AI/ML Models appeared first on NetSPI.

Attack Surface Management Case Studies

Amanda Squire — Wed, 11 Oct 2023 23:17:50 +0000

NetSPI’s Attack Surface Management (ASM) combines cutting-edge technology with the expertise of our offensive security professionals to proactively identify, inventory, and test assets and exposures.

See how our ASM operations team has helped clients use our ASM platform to optimize their offensive security strategy.

The following case studies show the value ASM brings to enhancing the security posture of organizations by continuously discovering and testing both known and unknown assets. You’ll discover how ASM helps companies with:

Always-on penetration testing
Third-party vendor discovery and validation
Manual triaging and prioritization to eliminate alert fatigue

Dig into these case studies by accessing the eBook, then head over to our webinars to watch a demo of ASM in action.

The post Attack Surface Management Case Studies appeared first on NetSPI.

Cool Pentesting Stories

Amanda Squire — Thu, 20 Jul 2023 17:24:52 +0000

The post Cool Pentesting Stories appeared first on NetSPI.

5 Blockchain Security Fundamentals Every C-Suite Needs to Know

Amanda Squire — Fri, 03 Mar 2023 20:46:49 +0000

Blockchain is making headlines because of its diverse use cases and the revenue opportunities it brings. Most companies have only scratched the surface of using blockchain, distributed ledger technology (DLT), with its full potential still being researched. With emerging technology comes new cybersecurity risks, making blockchain security a top priority for savvy leaders.

If you’re ready to explore the scalability and competitive advantages of blockchain, or if optimizing your organization’s blockchain use is on the horizon, then this eBook is for you.

In this overview of blockchain security, you’ll find:

A simplified explanation of blockchain technology
Helpful terminology to guide your understanding
How major companies are using distributed ledger technology (DLT) today
The importance of security planning for blockchain operationalization
NetSPI’s blockchain penetration testing methodology to proactively plan for secure deployments

The post 5 Blockchain Security Fundamentals Every C-Suite Needs to Know appeared first on NetSPI.

The Complete Guide to Healthcare Ransomware Attacks

Amanda Squire — Wed, 08 Feb 2023 19:23:28 +0000

Ransomware is top-of-mind for the healthcare industry today as attacks become more sophisticated. When infected with ransomware, healthcare organizations and networks lose access to their systems and/or data and the cybercriminals demand a ransom in exchange for restoring access.

The impact can be detrimental, leaving hospitals without access to electronic health records, waiting days for lab results, and having no choice but to cancel or reschedule appointments, among other disruptions.

One in four companies worldwide pay the ransom to regain access to their files and this number increases to 61% in healthcare – the highest percentage across all industries. However, paying up does not always pay off. The likelihood of getting all your data back after paying is slim, with only 2% of ransomware victims in the healthcare space reporting getting all their data back.

To stop ransomware attacks, collectively we need to cut off the cybercriminal’s source of income – that means not paying the ransom and understanding the alternative steps to take to prevent and respond to a ransomware attack.

In this complete guide to healthcare ransomware attacks, explore:

Why healthcare is a top target for ransomware attacks
Ransomware trends and families
How ransomware works
Checklists to prevent and detect a ransomware attack

The post The Complete Guide to Healthcare Ransomware Attacks appeared first on NetSPI.

Penetration Testing for Financial Institutions

Amanda Squire — Thu, 02 Jun 2022 15:49:18 +0000

Cybersecurity programs in the financial services industry are some of the most mature out there, but there remains room for improvement as threats increase in sophistication.

In this e-book, explore three offensive security activities for financial institution cybersecurity – attack surface management, penetration testing, and breach and attack simulation – and better understand how they help banks protect customer data and assets.

Download this e-book to learn offensive security best practices, and ultimately:

Improve your attack surface visibility
Find and remediate business-critical security gaps efficiently
Measure and enhance your detective controls

The post Penetration Testing for Financial Institutions appeared first on NetSPI.

Azure Cloud Penetration Testing Stories

Amanda Squire — Tue, 15 Nov 2022 22:16:50 +0000

NetSPI is home to many of the top cloud penetration testers in the world. In this ebook, you’ll find three stories from the NetSPI pentesting team, featuring their critical discoveries, unique approaches, and the impact they’ve made on the security of Microsoft Azure.

Chapters include:

App Registration Certificates Stored in Azure Active Directory – CredManifest CVE
Abusing Azure Hybrid Workers for Privilege Escalation
Azure Privilege Escalation via Cloud Shell

For additional cloud penetration testing research from NetSPI, visit our technical blog.

The post Azure Cloud Penetration Testing Stories appeared first on NetSPI.

4 Types of Vulnerabilities to Test for During Every Thick Client Application Pentest

Amanda Squire — Wed, 10 Nov 2021 00:47:04 +0000

Thick applications run critical infrastructure, ingest sensitive medical records, or even play the popular music of today. They also do this all from the comfort of a client computer. Despite their important roles, thick client apps are not exempt from security vulnerabilities.

In this guide, you’ll find examples of high-level items from NetSPI’s thick application checklist as well as an overview of the vulnerabilities that NetSPI consultants often encounter during thick application pentests. Download this thick application pentesting guide to explore how to test for vulnerabilities within the following four categories:

GUI Interface Controls
Network Traffic Analysis
Web Service Controls
Sensitive Information Disclosure, Password Management, and Cryptography

The post 4 Types of Vulnerabilities to Test for During Every Thick Client Application Pentest appeared first on NetSPI.

The Ultimate Guide to Ransomware Attacks

Amanda Squire — Thu, 17 Jun 2021 00:41:32 +0000

Ransomware, a type of malware, is top-of-mind for all organizations today as attacks become more sophisticated and its impact increasingly detrimental. When infected with ransomware, organizations lose access to their systems and/or data and the cybercriminals demand a ransom in exchange for restoring access.

One in four companies worldwide pay the ransom to regain access to their files. However, paying up does not always pay off. The likelihood of getting all your data back after paying is slim. In 2021, only 8% of companies that paid recovered all their encrypted files, according to SonicWall’s Cyber Threat Report. To stop ransomware attacks, collectively we need to cut off the cybercriminal’s source of income – that means not paying the ransom and understanding the alternative steps to take to prevent and respond to a ransomware attack.

In this ultimate guide to ransomware attacks, explore:

Ransomware trends, targets, and families
How does ransomware work
How to prevent and detect a ransomware attack

The post The Ultimate Guide to Ransomware Attacks appeared first on NetSPI.

How to Choose a Penetration Testing Company

Amanda Squire — Fri, 30 Apr 2021 12:00:17 +0000

When you need to choose the best penetration testing company for your organization, you face a security decision that could cost considerable budget, time, and resources. There are hundreds of pentesting providers, and each offers different levels of service, pentesting methodologies, and technologies.

What’s included?

This guide will help you, as a security or IT leader, make clear, informed decisions and get the most value from your penetration testing services.

Download this guide to learn:

Why organizations should choose a penetration testing service provider
Ten questions to ask a penetration testing company in a request for proposal (RFP) – and how to judge their responses
Best use cases for engaging a penetration testing service
Essential criteria to use when choosing a pentesting company

The post How to Choose a Penetration Testing Company appeared first on NetSPI.