Background Our company mission is to “Secure the Planet”. This means that we aim to provide education and solutions that any company in the world can use to reduce cyber risk. Our flagship product, Velocity, is a web application (SaaS product) which companies can use to evaluate their own cybersecurity posture as well as to […]
Introduction Not all vulnerability scans are created equal. The configuration of a vulnerability scan makes an enormous impact on your results. Authenticated vulnerability scans will provide much greater insight into an organization’s security posture than unauthenticated scans. What are Vulnerability Scans? Vulnerability scans are an automated process for searching devices for vulnerabilities. Vulnerability scanners are […]
Introduction Velocity helped a large hospital system quadruple the speed of vendor risk assessments, increase accuracy of reviews, create a continuous assessment process, and track internal risk using the Center for Internet Security (CIS), NIST Cybersecurity Framework (CSF), and the HIPAA Security Rule. Background The hospital was struggling to manually review hundreds of vendor (business […]
Background Technology has dramatically changed almost all aspects of human life, giving us amazing communication ability, a healthcare revolution, financial opportunities, and safe energy, all growing at exponential rates. These benefits become risks if the technology is not made secure. At Stern Security, our mission is to secure the planet, business by business, industry by […]
If the SolarWinds hack taught us anything, it’s that the security of a company’s infrastructure is dependent on the resilience of their vendors. A breached vendor is a trojan horse that bypasses normal defenses and accesses the trusted areas of the network. Threat actors have cunningly discovered that a trusted vendor is often the easier […]
A Vulnerability Scan is NOT a Penetration Test. Unfortunately, when we perform vendor reviews or risk analyses, we often see that organizations get these two terms mixed. As cybersecurity professionals, we need to step up and educate others about the differences so companies get the accurate services they need (and paid for) and they achieve […]
Weak passwords are often the cause of data breaches. Love or hate them, everyone is using passwords today. Ensuring individuals are using strong passwords in important to securing an organization. Whether you’re performing a penetration test or a password audit, tools can help you add value and efficiency for your report. At Stern Security, we […]
Vendor Risk Management Accuracy is all that Matters! Many organizations utilize spreadsheets to measure their internal security posture and vendor risk. We get it – spreadsheets are simple, convenient, and it comes with the office suite that you have on your computer. Unfortunately, it does not scale and gets out of hand quickly. Let’s look […]
Background How can an attacker capture usernames and passwords on a local network by simply waiting for the computers to willingly give them up? LLMNR and NBT-NS poisoning! Link-Local Multicast Name Resolution (LLMNR) and Netbios Name Service (NBT-NS) are two components of Microsoft Windows machines. LLLMNR was introduced in Windows Vista and is the successor […]