In the News
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Office of the CISO
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Tools
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
PRESS RELEASE: Security Risk Advisors is a Proud Participant in the Microsoft Sentinel Partner Ecosystem
Security Risk Advisors joins the Microsoft Sentinel Partner Ecosystem, contributing innovative tools and expertise to enhance Sentinel’s AI-ready platform and empower organizations to detect, respond to, and mitigate threats effectively.
Beyond Compliance: Maximizing the Benefits of HIPAA Risk Assessments for Comprehensive Cybersecurity
Discover how HIPAA risk assessments can go beyond compliance to enhance cybersecurity resilience, support future initiatives, and drive cost savings for healthcare organizations. Learn more in this blog from Security Risk Advisors.
Enhancing Purple Team Testing with ALLCAPS: A Capability-Based Approach to Execution
Discover how the ALLCAPS framework enhances Purple Team exercises by focusing on capability-based detection development. Learn how to improve testing strategies and align detection logic with attack techniques for better security outcomes.
Introducing Tier 0: How AI Is Empowering the Agentive SOC
Discover how Tier 0, powered by SCALR AI, is transforming Security Operations Centers. By automating repetitive tasks and enriching alerts, Tier 0 enables analysts to focus on real threats, creating a smarter, more sustainable SOC. Learn more about this innovative approach.
PRESS RELEASE: Security Risk Advisors Recognized with Microsoft Verified Managed XDR Solution Status
Security Risk Advisors achieves Microsoft Verified Managed XDR Solution status, offering 24/7 SOC operations, proactive threat hunting, and rapid incident response—all integrated with Microsoft Security tools. Learn how SRA is modernizing security operations for its clients.
PRESS RELEASE: Blackbird.AI And Security Risk Advisors Partner To Protect Enterprises From The New Threat Vector Of Narrative Attacks
Strategic alliance brings narrative intelligence to global companies to combat misinformation, disinformation, and AI-generated deepfakes that cause financial, operational, and reputational harm.
PRESS RELEASE: Security Risk Advisors Introduces SCALR AI – A Platform for Rapid Agentive AI Enablement
Security Risks Advisors (SRA), a leading cybersecurity consulting firm, today announced the launch of SCALR AI, a customizable platform designed to enable non-technical people to build and integrate agentive AI capabilities directly into their operations.
PRESS RELEASE: VECTR Enterprise Now Available on Azure Marketplace
FOR IMMEDIATE RELEASE Philadelphia, PA - August 4, 2025 - Security Risk Advisors (SRA) is proud to announce that VECTR Enterprise, its premier adversary emulation and purple teaming platform, is now available on the Microsoft Azure Marketplace. This milestone marks a...
Sharpening Offensive Skills Through Purple Teams
Discover how purple teams bridge the gap between red and blue teams, offering red teamers real-time feedback, hands-on experience with defensive tools, and insights into enterprise environments. Learn how this collaborative approach sharpens offensive skills and enhances detection strategies.
SRA Earns Microsoft Identity and Access Management Specialization
Security Risk Advisors has earned the Microsoft Solution Partner Specialization for Identity and Access Management. This is a big step forward for our team and another example of how we are continuing to grow our alignment with Microsoft.
Save Budget and Improve Your Logging and Monitoring Capabilities
In budget-tightening times, a security data pipeline can greatly reduce your SIEM costs and increase log efficiency. SRA has implemented this new approach for many of our clients, helping them realize significant savings by reducing log size and volume ingested by...
What is OT?
There are many ways to think about Operational Technology (OT) aside from the official definition. I challenge you to define what “OT” is to your organization, and its alignment to your business.
The Road to Benchmarked MITRE ATT&CK Alignment: Threat Resilience Metrics
TL;DR You can describe the progress of your cybersecurity program in a single, threat-driven metric: the Threat Resilience Metric. This metric is born from prioritized MITRE ATT&CK alignment and can be benchmarked with your peers. Prelude: NIST CSF and...
Security Best Practices Amid Geopolitical Crisis
Stay vigilant in cybersecurity with best practices, not just tools, to counteract threat actors effectively.
Understanding and Preparing for the Shift to XDR
The CyberSOC model is changing, driven by cloud adoption and improvements in detection technologies on tools like Endpoint Detection and Response (EDR). Extended Detection and Response (XDR) is the realization of these changes, putting less pressure on the SIEM to...
Building a Security Strategy the Right Way
Given the wildly unexpected events of 2020 and their potential lasting impact that could change the way we work, CISOs should consider revisiting their existing strategies now or begin to plan new ones for 2021 and beyond. At Security Risk Advisors, we often field...
SolarWinds Breach: How do we stop this from happening again?
The SolarWinds breach is perhaps one of the worst, if not the worst public hacking events in history. Much has been written on what happened, and I’m not going to regurgitate those details. There is inestimable complexity ahead for CISOs to try and identify the extent...
Getting Specific with Ransomware Preparedness
Most industry ransomware guidance is focused on SMB protections for commodity malware that exploits low-hanging fruit via worming and trashing share drives and document folders. “Have good backups” is still good advice, but there is much more we can do and with more...
Understanding Nation-state Threat Actors with VECTR and MITRE ATT&CK
International political relationships...
PAM: High Impact, High Failure Rate
Privileged Account Management (PAM) is a critical function in a modern cyber security program. PAM programs have a high fail rate for a variety of reasons, including: Lack of understanding of key risks around privileged accounts Resistance from system administrators...
Project SHADOWSTAR: A Data Driven Approach to Network Block Enumeration (Part 1)
Discover SHADOWSTAR, a tool for fast, thorough network block enumeration, enhancing penetration testing and red teaming.
User Data Leaks via GIFs in Messaging Apps
An investigation into how Teams, Discord, and Signal handle Giphy integrations When everyone is working from home, a well-timed GIF sent to...
MSSpray: Wait, how many endpoints DON’T have MFA??
A Little Backstory As more companies move their infrastructure into the cloud, attackers are adapting their techniques to target these resources. One of the bigger changes is the shift to using Azure Active Directory (Azure AD) rather than an on-site solution. We’ll...
Automated Detection Rule Analysis with Dredd
Stay ahead in cybersecurity with Dredd: automate Sigma rule testing against Mordor datasets and IDS rules evaluation with PCAPs for robust defense.
Getting Shells with OpManager
TL;DR This post provides an example of how administrative access to a ManageEngine OpManager application allows [testers] to obtain command execution on underlying OS using the workflow function. Intro During external penetration tests, we often come across...
Direct Access Memories: Subverting FDE with DMA Attacks
Tl;dr: By expanding on research, we were able to successfully gain full administrative access on a sample of laptops from corporate environments with Full Disk Encryption enabled in less than 10 minutes. Background Full Disk Encryption (FDE) has traditionally...
Why Red? Why Purple? A NIST CSF View
Red and Purple Teaming serve distinct purposes, and we think NIST CSF backs us up on that. We outline why we believe in starting with Purple Teams to validate Protect...
AWS IAM Exploitation
In AWS, authorization is governed by the Identity and Access Management (IAM) service. Unfortunately, as most software configuration goes, there is ample opportunity for misconfigurations that result in security vulnerabilities. As it pertains to AWS IAM, this...
Purple Teams and Threat Resilience Metrics
This article covers how a Purple Team process done correctly can: Be documented and organized using the free VECTR.io platform (https://vectr.io) and align to MITRE ATT&CK Generate quantitative success defense metrics more meaningful than existing hygiene and...
A Closer Look at MITRE ATT&CK Evaluation Data
MITRE ATT&CK’s first endpoint security evaluations of APT-3 reveal key insights into vendor performance and detection capabilities.
Enhancing Cloud Security with Purple Team Strategies
Enhance your cloud security with Purple Teaming strategies. Learn how to validate security controls, track improvements, and detect threats in Azure, AWS, and on-prem environments using VECTR. Discover real-world test cases, resilience metrics, and best practices to strengthen your security posture.
My Journey to Becoming a Purple Teams MC
Discover the journey from penetration testing to leading Purple Teams. Learn how collaborative Purple Team exercises bridge the gap between offensive and defensive security, improve detection and response, and foster meaningful knowledge transfer.
Purple Team PSA: Disable Device Code Flow
Microsoft refers to device code flow as ‘high-risk’ and even “recommends blocking/restricting device code flow wherever possible”. Why? Because it might be leaving your organization vulnerable to one of the most persuasive and impactful social engineering attacks I’ve seen in my career – device code phishing.
Efficiently Managing Hundreds of Purple Teams
In 2024 Security Risk Advisors delivered over 170 Purple Teams to our clients. Supporting the technical execution of our Purple Teams we use strong project management techniques that not only make high-volume service delivery efficient but also quite manageable.
VECTR for DORA TLPT Documentation
DORA-TLPT (Threat-Led Penetration Testing) requirements go live in January 2025! With TLPT frameworks like TIBER-EU and UK-CBEST, these assessments involve structured, high-stakes Red Team exercises. VECTR™ enhances compliance efforts by supporting Intel and Red Team phases, documenting TTPs, and visualizing threat data in a structured way. Explore how VECTR™ can streamline TLPT engagements and strengthen your organization’s resilience.
Market Maker Public Release
As part of our purple teams program here at SRA, we develop many different threat simulation plans (“bundles”), such as our Threat Simulation Indexes. To support the creation of these bundles, we developed the “Market Maker” (“MM”) suite of tools. Market Maker is a Python library, collection of command-line scripts, and several extensions.
PRESS RELEASE: Security Risk Advisors Unveils 2024 Test Plans for Cyber Threat Resilience Benchmarks
Elevate cyber resilience with SRA’s 2024 Threat Indexes for sector-specific benchmarking and threat assessment.
The Road to Benchmarked MITRE ATT&CK Alignment: Threat Resilience Metrics
TL;DR You can describe the progress of your cybersecurity program in a single, threat-driven metric: the Threat Resilience Metric. This metric is born from prioritized MITRE ATT&CK alignment and can be benchmarked with your peers. Prelude: NIST CSF and...
Malware Analysis: A General Approach
TL; DR Malware analysis has many benefits to organizations and their defenders; however, most organizations do not have processes defined for performing these actions. This post will walk through the questions that malware analysis can answer along with defining an...
Understanding Nation-state Threat Actors with VECTR and MITRE ATT&CK
International political relationships...
Building Practical Resilience: The Table-Top Exercise (TTX) Execution Playbook
This playbook on facilitating an effective TTX can help lead you to success. Whether you run them yourselves on call or have an external organization like SRA to help facilitate, they should stoke conversations that lead to meaningful improvement, role clarity, and help make a real incident a little less painful.
One-Click Threat Hunting with Security Copilot
Do you ever feel like you suffer from prompt anxiety? It’s like social anxiety but instead you replace the social part with an AI chat bot. You feel that pressure of having to come up with the perfect prompt to make sure you get just the right response. The way I deal...
Reining in SaaS Sprawl: Implementing a Robust Governance Program
Hypothetical Scenario – One of your primary accounting team members is no longer employed by your organization. Do you know what financial software-as-a-service (SaaS) applications they were using? Do you know if that user accessed any SaaS applications using...
Privilege Escalation in AWS and GCP Machine Learning Instances
Companies interested in developing AI/ML enabled tools can make use of services like Google Cloud’s Vertex AI and Amazon’s SageMaker to quickly deploy GPU-powered compute instances, complete with Jupyter notebooks. Naturally, companies would not be comfortable giving...
Interpreting New Hospital Cybersecurity Requirements for New York State
Effective October 2nd, 2024, New York State released new Hospital Cybersecurity Requirements, in section 405.46. Learn how to configure your Azure and Sentinel ecosystem to support the log storage requirements outlined in section 405.46.
Using Purview and M365 to Mitigate Data Security Risks in Microsoft Teams Meeting Recordings
Recording Teams meetings is a convenient way to memorialize an important discussion. But without proper controls in place, recordings can capture sensitive information, consume valuable cloud storage space, and become a data loss vector. Make sure your organization has configured the right settings to mitigate these risks and learn how to use Purview to understand if the organization is already oversharing.
Introducing Epic Monitoring for SCALR XDR: Elevating Healthcare Security
Electronic Medical Records (EMR) solutions contain a healthcare organization’s most critical and sensitive patient data. However, these EMR systems are rarely monitored, and there is often no regular review of the system for security events. This puts the most important data source in your organization at risk and can potentially lead to data breaches, unauthorized access, and other security incidents that could compromise patient privacy and the integrity of the medical records. Healthcare companies using SCALR XDR as their CyberSOC can now including monitoring of their Epic EMR as part of their 24×7 monitoring service.
Unlocking Microsoft’s Audit Logs: A Comprehensive Guide to Enhanced Security and Risk Mitigation
Microsoft now offers premium audit logs to E3 license users, enhancing visibility and reducing risk exposure by providing critical security logs at no extra cost. Learn to navigate, retrieve, and apply these logs in real world applications.
An Overview of Deputies in AWS
In an AWS customer account, resources like virtual machines and databases are typically created by user principals tied to that customer, such as a developer role or IAM user. In some circumstances however, AWS itself will create/interact with resources in a...
Microsoft Purview: You Get Out What You Put In
Microsoft’s recently rebranded Purview suite of data governance, security, and compliance solutions offers more capabilities than ever before within a single product. But without a fundamental understanding of your data, getting value out of these tools remains a challenge. Defining your organization’s critical data and objectives for protecting it is a critical first step in maximizing the value of any Purview deployment.
CISO Guidance for AI Security
AI introduces both risks and opportunities for businesses, and organizations should be prepared to protect their AI technology at the same level they protect traditional “crown jewel” or other sensitive data. Senior leadership will look to CISOs for guidance both on how to protect AI and how to use it to enhance the security of their organizations. What follows is some guidance on how a CISO might proceed as AI technology evolves and is deployed.
HIPAA Safe Harbor: How H.R. 7898 Affects Healthcare Organizations
TL;DR New legislation (H.R. 7898) allows healthcare providers to reduce enforcement actions by using security best practices. Background: H.R. 7898 On January 5, 2021, H.R. 7898 was signed into law to incentivize healthcare organizations to implement leading...
PCI v4 and a ‘Customized’ Approach – PCI Community Meeting 2019 Insights
TL,DR; PCI v4 was previewed for the first-time during Day 1 of the PCI Community Meeting PCI v4 has significant changes and introduces a “Customized Approach” to achieve PCI compliance Organizations can continue to achieve PCI compliance through traditional audit...
PAM: High Impact, High Failure Rate
Privileged Account Management (PAM) is a critical function in a modern cyber security program. PAM programs have a high fail rate for a variety of reasons, including: Lack of understanding of key risks around privileged accounts Resistance from system administrators...
Why Red? Why Purple? A NIST CSF View
Red and Purple Teaming serve distinct purposes, and we think NIST CSF backs us up on that. We outline why we believe in starting with Purple Teams to validate Protect...
Updated Results from the MITRE ATT&CK Endpoint Detection and Response Evaluation
Explore MITRE’s EDR tool evaluations for APT3 threat detection, featuring top performers like Crowdstrike and new entrants FireEye and Cybereason. Detailed results at SRA
New Health Industry Cybersecurity Practices (HICP) Guidance Released: What You Need to Know
Explore HPH SCC’s new cybersecurity guidance for healthcare, offering a prescriptive approach to enhance industry-wide security practices.
Open Letter to the FDA
This blog post contains a copy of the questions and comments we’ve submitted to the FDA regarding their latest Medical Device Cyber Security Pre-Market Guidance draft (Link Here). In our previous blog post, we provided an overview of the draft. We believe that...
FDA Pre-Market Medical Device Draft Guidance Review
FDA’s draft guidance on medical device cybersecurity could revolutionize industry practices for manufacturers and healthcare providers.
Privacy: It’s More than GDPR
Discover the importance of a strategic approach to data privacy, transcending compliance to build consumer trust and gain a competitive edge.
Meeting the Standards – Persistent Challenges in PCI DSS
Stay ahead in cybersecurity with SRA’s expert guidance on PCI DSS updates, TLS protocol upgrades, and vendor compliance strategies
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
PRESS RELEASE: Free Workshop from Security Risk Advisors Empowers Organizations to Select Optimal OT Security Tools
Security Risk Advisors (SRA) announces the launch of their OT/XIoT Detection Selection Workshop, a complimentary offering designed to assist organizations in selecting the most suitable operational technology (OT) security tools for their unique environments.
PRESS RELEASE: Security Risk Advisors Hires Stephen Burke as Director of EMEA Relationships
Security Risk Advisors announced the appointment of Stephen Burke as the company’s new Director of EMEA Client Relationships.
PRESS RELEASE: Security Risk Advisors Hires Joe Cicero as Director of Strategic Alliances
ROCHESTER, NY – Security Risk Advisors (“SRA”), a leading provider of cybersecurity services and solutions, announced today the appointment of Joe Cicero as the company’s new Director of Strategic Alliances. Joe will be at the helm of developing strategic partnerships...
PRESS RELEASE: Security Risk Advisors and Finite State Announce Strategic Partnership to Drive Enhanced Cybersecurity for Connected Devices
Philadelphia, PA and Columbus, OH - [2/1/2024] - Security Risk Advisors (SRA), a leader in cybersecurity engineering, testing, operations, and strategy, and Finite State, an industry leader in software supply chain security, are pleased to announce a strategic...
PRESS RELEASE: Security Risk Advisors Unveils 2024 Test Plans for Cyber Threat Resilience Benchmarks
Elevate cyber resilience with SRA’s 2024 Threat Indexes for sector-specific benchmarking and threat assessment.
PRESS RELEASE: SCALR XDR by Security Risk Advisors Now Available on Azure Marketplace
Security Risk Advisors (SRA) is pleased to announce that its 24×7 security monitoring service, SCALR XDR, is now available in the Azure Marketplace.
PRESS RELEASE: Study Examines Economic Impact of SCALR XDR CyberSOC
Security Risk Advisors (SRA) announced today that a study conducted by Forrester Consulting on behalf of SRA in November 2023 has explored the potential return on investment (ROI) and security benefits for organizations deploying SCALR XDR CyberSOC.
PRESS RELEASE: Security Risk Advisors Granted with Cloud Security and Threat Protection Advanced Specializations by Microsoft
Security Risk Advisors is proud to announce that it has achieved both of the prestigious Microsoft Cloud Security and Threat Protection Advanced Specializations, an accolade that further affirms its standing as a leader in the cybersecurity industry.
PRESS RELEASE: Security Risk Advisors Has Been Authorized by the CVE Program as a CVE Numbering Authority (CNA)
June 13, 2023 – International cybersecurity consulting firm, Security Risk Advisors (SRA), has been authorized as a CVE Numbering Authority (CNA) by The CVE Program. As a CNA, Security Risk Advisors will be responsible for the regular assignment of CVE IDs to...
PRESS RELEASE: Security Risk Advisors Hires New Director of Client Relationships
Security Risk Advisors announced the hiring of new Director of Client Relations, Howard Garfield, who joins the leadership team after decades of industry experience.
Follow us on social media
Browse our Webinars
Access these virtual events on-demand and get valuable insight from our thought leaders and subject matter experts.
Get Curated Security News and Critical Vulnerability Reports
Our Threat Intelligence Gathering & Research (TIGR) team is focused on threat intelligence and curates a daily intelligence report, TIGR Threat Watch, with information collected from several industry intel sources. We also create and publish ad-hoc critical vulnerability notifications in case of critical and time-sensitive vulnerabilities or threats.