Every year, the federal Cybersecurity and Infrastructure Agency (CISA) conducts Risk and Vulnerability Assessments (RVAs) for the executive branch, high priority critical infrastructure operators and select state/local stakeholders.

In September, CISA released a publication of the aggregate findings from their FY23 engagements. Within the findings, CISA mapped the most successful tactic in 11 of the 14 MITRE categories to help inform public and private companies of how to prioritize security controls in their environment.

In this blog, we will walk through findings from each tactic and provide real-world recommendations for how to mitigate risk in your organization.

We were lucky enough to attend the CrowdStrike conference, Fal.con, this past week in Las Vegas. With CrowdStrike’s growing number of modules and products, there are too many updates to cover. However, in this blog we will try to distill some of the more notable takeaways and give our take on their impact to CrowdStrike customers.

In today’s hyper-connected world, data has become the lifeblood of organizations, driving decision-making, innovation, and operational efficiency. However, with the increasing value of data, the risks associated with its loss or theft have also surged. Among the most significant threats to data security is data exfiltration, a scenario where sensitive or confidential data is illicitly transferred out of an organization. This blog will explore the nature of data exfiltration and the methods attackers use to bypass traditional security controls to transfer sensitive data out of your infrastructure.