In the News
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Office of the CISO
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Tools
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Microsoft Ignite 2025: The 6 Security Announcements Shaping 2026
Microsoft Ignite 2025 introduced six pivotal security updates, including AI governance tools, passwordless authentication, and autonomous threat response. Discover how these innovations can transform your security operations in 2026.
PRESS RELEASE: SRA Appoints Suzanne Hall as CISO in Residence to Advance Global Cybersecurity Strategy and Capabilities
Security Risk Advisors welcomes Suzanne Hall as CISO in Residence to advance global cybersecurity strategies and deliver business-aligned solutions for clients.
Clean Up Your DNS Records Before We Get Ants (or Hacked)
Dangling DNS records can lead to subdomain takeovers and other security risks. Learn how to maintain good DNS hygiene and protect your organization from malicious actors in our latest blog by Joel Wadley.
PRESS RELEASE: CrowPilot by Security Risk Advisors now generally available in Microsoft Security Copilot
Security Risk Advisors announces the general availability of CrowPilot in the Microsoft Security Store, an AI agent that integrates Microsoft Security Copilot with CrowdStrike Falcon EDR, empowering SOC teams to streamline operations and achieve faster, smarter threat responses.
As ClickFix Continues to Surge: Filefix Emerges as a Similarly Dangerous Social Engineering Tactic
FileFix, an evolution of the ClickFix social engineering tactic, is rapidly gaining traction. Learn how it works, its impact on organizations, and the steps your security team can take to detect and mitigate this growing threat.
Pruning Garden Paths in AWS with Neph
Explore Neph, Security Risk Advisors’ free, graph-based tool for AWS security analysis. Learn how it maps attack paths, handles IAM complexities, and supports iterative analysis to enhance cloud security workflows.
Automating Purple Team Execution with Mythic and Apollo
Discover how to automate purple team exercises with Mythic C2, Apollo, and Jupyter notebooks. Learn about attack automation, integrations, and tools to streamline your security operations in our latest blog.
PRESS RELEASE: Recognize Announces Investment in Security Risk Advisors
Recognize announces a strategic investment in Security Risk Advisors, a leading cybersecurity services firm specializing in advisory, managed security, and proprietary software solutions. This partnership aims to accelerate growth and innovation in the face of evolving cyber threats.
PRESS RELEASE: Security Risk Advisors is a Proud Participant in the Microsoft Sentinel Partner Ecosystem
Security Risk Advisors joins the Microsoft Sentinel Partner Ecosystem, contributing innovative tools and expertise to enhance Sentinel’s AI-ready platform and empower organizations to detect, respond to, and mitigate threats effectively.
Beyond Compliance: Maximizing the Benefits of HIPAA Risk Assessments for Comprehensive Cybersecurity
Discover how HIPAA risk assessments can go beyond compliance to enhance cybersecurity resilience, support future initiatives, and drive cost savings for healthcare organizations. Learn more in this blog from Security Risk Advisors.
Continuous Security Testing Programs
Continuous testing should be multi-threaded, not just red teaming or using one tool.
Save Budget and Improve Your Logging and Monitoring Capabilities
In budget-tightening times, a security data pipeline can greatly reduce your SIEM costs and increase log efficiency. SRA has implemented this new approach for many of our clients, helping them realize significant savings by reducing log size and volume ingested by...
What is OT?
There are many ways to think about Operational Technology (OT) aside from the official definition. I challenge you to define what “OT” is to your organization, and its alignment to your business.
The Road to Benchmarked MITRE ATT&CK Alignment: Threat Resilience Metrics
TL;DR You can describe the progress of your cybersecurity program in a single, threat-driven metric: the Threat Resilience Metric. This metric is born from prioritized MITRE ATT&CK alignment and can be benchmarked with your peers. Prelude: NIST CSF and...
Security Best Practices Amid Geopolitical Crisis
Stay vigilant in cybersecurity with best practices, not just tools, to counteract threat actors effectively.
Understanding and Preparing for the Shift to XDR
The CyberSOC model is changing, driven by cloud adoption and improvements in detection technologies on tools like Endpoint Detection and Response (EDR). Extended Detection and Response (XDR) is the realization of these changes, putting less pressure on the SIEM to...
Building a Security Strategy the Right Way
Given the wildly unexpected events of 2020 and their potential lasting impact that could change the way we work, CISOs should consider revisiting their existing strategies now or begin to plan new ones for 2021 and beyond. At Security Risk Advisors, we often field...
SolarWinds Breach: How do we stop this from happening again?
The SolarWinds breach is perhaps one of the worst, if not the worst public hacking events in history. Much has been written on what happened, and I’m not going to regurgitate those details. There is inestimable complexity ahead for CISOs to try and identify the extent...
Getting Specific with Ransomware Preparedness
Most industry ransomware guidance is focused on SMB protections for commodity malware that exploits low-hanging fruit via worming and trashing share drives and document folders. “Have good backups” is still good advice, but there is much more we can do and with more...
Understanding Nation-state Threat Actors with VECTR and MITRE ATT&CK
International political relationships...
Project SHADOWSTAR: A Data Driven Approach to Network Block Enumeration (Part 1)
Discover SHADOWSTAR, a tool for fast, thorough network block enumeration, enhancing penetration testing and red teaming.
User Data Leaks via GIFs in Messaging Apps
An investigation into how Teams, Discord, and Signal handle Giphy integrations When everyone is working from home, a well-timed GIF sent to...
MSSpray: Wait, how many endpoints DON’T have MFA??
A Little Backstory As more companies move their infrastructure into the cloud, attackers are adapting their techniques to target these resources. One of the bigger changes is the shift to using Azure Active Directory (Azure AD) rather than an on-site solution. We’ll...
Automated Detection Rule Analysis with Dredd
Stay ahead in cybersecurity with Dredd: automate Sigma rule testing against Mordor datasets and IDS rules evaluation with PCAPs for robust defense.
Getting Shells with OpManager
TL;DR This post provides an example of how administrative access to a ManageEngine OpManager application allows [testers] to obtain command execution on underlying OS using the workflow function. Intro During external penetration tests, we often come across...
Direct Access Memories: Subverting FDE with DMA Attacks
Tl;dr: By expanding on research, we were able to successfully gain full administrative access on a sample of laptops from corporate environments with Full Disk Encryption enabled in less than 10 minutes. Background Full Disk Encryption (FDE) has traditionally...
Why Red? Why Purple? A NIST CSF View
Red and Purple Teaming serve distinct purposes, and we think NIST CSF backs us up on that. We outline why we believe in starting with Purple Teams to validate Protect...
AWS IAM Exploitation
In AWS, authorization is governed by the Identity and Access Management (IAM) service. Unfortunately, as most software configuration goes, there is ample opportunity for misconfigurations that result in security vulnerabilities. As it pertains to AWS IAM, this...
Purple Teams and Threat Resilience Metrics
This article covers how a Purple Team process done correctly can: Be documented and organized using the free VECTR.io platform (https://vectr.io) and align to MITRE ATT&CK Generate quantitative success defense metrics more meaningful than existing hygiene and...
A Closer Look at MITRE ATT&CK Evaluation Data
MITRE ATT&CK’s first endpoint security evaluations of APT-3 reveal key insights into vendor performance and detection capabilities.
Beware of ClickFix: A Growing Social Engineering Threat
ClickFix is a rapidly evolving social engineering technique that began gaining momentum in mid-2024. By camouflaging malware delivery within fake CAPTCHA verification screens or error messages, threat actors successfully lure end users into pressing Windows+R, pasting malicious code, and executing it, often without raising immediate suspicion. This advisory examines how ClickFix operates, documents active campaigns, and provides detection strategies and mitigation recommendations.
Developing Purple Team Attack Plans from Threat Intelligence
Learn how purple teams can turn threat intelligence into actionable attack plans. This guide covers scoping, TTP analysis, and building intel-based purple team exercises.
Enhancing Cloud Security with Purple Team Strategies
Enhance your cloud security with Purple Teaming strategies. Learn how to validate security controls, track improvements, and detect threats in Azure, AWS, and on-prem environments using VECTR. Discover real-world test cases, resilience metrics, and best practices to strengthen your security posture.
My Journey to Becoming a Purple Teams MC
Discover the journey from penetration testing to leading Purple Teams. Learn how collaborative Purple Team exercises bridge the gap between offensive and defensive security, improve detection and response, and foster meaningful knowledge transfer.
Purple Team PSA: Disable Device Code Flow
Microsoft refers to device code flow as ‘high-risk’ and even “recommends blocking/restricting device code flow wherever possible”. Why? Because it might be leaving your organization vulnerable to one of the most persuasive and impactful social engineering attacks I’ve seen in my career – device code phishing.
Efficiently Managing Hundreds of Purple Teams
In 2024 Security Risk Advisors delivered over 170 Purple Teams to our clients. Supporting the technical execution of our Purple Teams we use strong project management techniques that not only make high-volume service delivery efficient but also quite manageable.
VECTR for DORA TLPT Documentation
DORA-TLPT (Threat-Led Penetration Testing) requirements go live in January 2025! With TLPT frameworks like TIBER-EU and UK-CBEST, these assessments involve structured, high-stakes Red Team exercises. VECTR™ enhances compliance efforts by supporting Intel and Red Team phases, documenting TTPs, and visualizing threat data in a structured way. Explore how VECTR™ can streamline TLPT engagements and strengthen your organization’s resilience.
Market Maker Public Release
As part of our purple teams program here at SRA, we develop many different threat simulation plans (“bundles”), such as our Threat Simulation Indexes. To support the creation of these bundles, we developed the “Market Maker” (“MM”) suite of tools. Market Maker is a Python library, collection of command-line scripts, and several extensions.
PRESS RELEASE: Security Risk Advisors Unveils 2024 Test Plans for Cyber Threat Resilience Benchmarks
Elevate cyber resilience with SRA’s 2024 Threat Indexes for sector-specific benchmarking and threat assessment.
The Road to Benchmarked MITRE ATT&CK Alignment: Threat Resilience Metrics
TL;DR You can describe the progress of your cybersecurity program in a single, threat-driven metric: the Threat Resilience Metric. This metric is born from prioritized MITRE ATT&CK alignment and can be benchmarked with your peers. Prelude: NIST CSF and...
Security Risk Advisors Earns Microsoft Solutions Partner Designation for Infrastructure (Azure)
We are excited to share that Security Risk Advisors (SRA) has achieved the Microsoft Solutions Partner designation for Infrastructure (Azure)! This recognition reflects our proven expertise in accelerating clients' migration of critical infrastructure workloads to...
Building Practical Resilience: The Table-Top Exercise (TTX) Execution Playbook
This playbook on facilitating an effective TTX can help lead you to success. Whether you run them yourselves on call or have an external organization like SRA to help facilitate, they should stoke conversations that lead to meaningful improvement, role clarity, and help make a real incident a little less painful.
One-Click Threat Hunting with Security Copilot
Do you ever feel like you suffer from prompt anxiety? It’s like social anxiety but instead you replace the social part with an AI chat bot. You feel that pressure of having to come up with the perfect prompt to make sure you get just the right response. The way I deal...
Reining in SaaS Sprawl: Implementing a Robust Governance Program
Hypothetical Scenario – One of your primary accounting team members is no longer employed by your organization. Do you know what financial software-as-a-service (SaaS) applications they were using? Do you know if that user accessed any SaaS applications using...
Privilege Escalation in AWS and GCP Machine Learning Instances
Companies interested in developing AI/ML enabled tools can make use of services like Google Cloud’s Vertex AI and Amazon’s SageMaker to quickly deploy GPU-powered compute instances, complete with Jupyter notebooks. Naturally, companies would not be comfortable giving...
Interpreting New Hospital Cybersecurity Requirements for New York State
Effective October 2nd, 2024, New York State released new Hospital Cybersecurity Requirements, in section 405.46. Learn how to configure your Azure and Sentinel ecosystem to support the log storage requirements outlined in section 405.46.
Using Purview and M365 to Mitigate Data Security Risks in Microsoft Teams Meeting Recordings
Recording Teams meetings is a convenient way to memorialize an important discussion. But without proper controls in place, recordings can capture sensitive information, consume valuable cloud storage space, and become a data loss vector. Make sure your organization has configured the right settings to mitigate these risks and learn how to use Purview to understand if the organization is already oversharing.
Introducing Epic Monitoring for SCALR XDR: Elevating Healthcare Security
Electronic Medical Records (EMR) solutions contain a healthcare organization’s most critical and sensitive patient data. However, these EMR systems are rarely monitored, and there is often no regular review of the system for security events. This puts the most important data source in your organization at risk and can potentially lead to data breaches, unauthorized access, and other security incidents that could compromise patient privacy and the integrity of the medical records. Healthcare companies using SCALR XDR as their CyberSOC can now including monitoring of their Epic EMR as part of their 24×7 monitoring service.
Unlocking Microsoft’s Audit Logs: A Comprehensive Guide to Enhanced Security and Risk Mitigation
Microsoft now offers premium audit logs to E3 license users, enhancing visibility and reducing risk exposure by providing critical security logs at no extra cost. Learn to navigate, retrieve, and apply these logs in real world applications.
An Overview of Deputies in AWS
In an AWS customer account, resources like virtual machines and databases are typically created by user principals tied to that customer, such as a developer role or IAM user. In some circumstances however, AWS itself will create/interact with resources in a...
Using Purview and M365 to Mitigate Data Security Risks in Microsoft Teams Meeting Recordings
Recording Teams meetings is a convenient way to memorialize an important discussion. But without proper controls in place, recordings can capture sensitive information, consume valuable cloud storage space, and become a data loss vector. Make sure your organization has configured the right settings to mitigate these risks and learn how to use Purview to understand if the organization is already oversharing.
Understanding and Applying Vector Databases to Supercharge your SOC with AI & Copilot for Security
Discover how Azure AI Search integration enhances threat intelligence with vector databases in Copilot for Security.
Building a Copilot for Security Custom NetFlow Plugin
We’ve built a custom Copilot for Security plugin that would take advantage of network flow data and use the power of Copilot for Security to extract the exact time and IP address of a host involved in a security incident, then go retrieve, summarize, and analyze the netflow data within 30 minutes on either side of the first noted malicious event to determine if there was potential for lateral movement or other key indicators of attack. This can give insight to understand if an attacker may have attempted to move laterally on your network, and if so where, and using which protocols.
A Quick Look at Microsoft’s Inventory of AI Solutions
Dive into AI Cybersecurity Development with SRA’s insights on Microsoft AI tools and securing AI in cyber tech.
CISO Guidance for AI Security
AI introduces both risks and opportunities for businesses, and organizations should be prepared to protect their AI technology at the same level they protect traditional “crown jewel” or other sensitive data. Senior leadership will look to CISOs for guidance both on how to protect AI and how to use it to enhance the security of their organizations. What follows is some guidance on how a CISO might proceed as AI technology evolves and is deployed.
HIPAA Safe Harbor: How H.R. 7898 Affects Healthcare Organizations
TL;DR New legislation (H.R. 7898) allows healthcare providers to reduce enforcement actions by using security best practices. Background: H.R. 7898 On January 5, 2021, H.R. 7898 was signed into law to incentivize healthcare organizations to implement leading...
PCI v4 and a ‘Customized’ Approach – PCI Community Meeting 2019 Insights
TL,DR; PCI v4 was previewed for the first-time during Day 1 of the PCI Community Meeting PCI v4 has significant changes and introduces a “Customized Approach” to achieve PCI compliance Organizations can continue to achieve PCI compliance through traditional audit...
PAM: High Impact, High Failure Rate
Privileged Account Management (PAM) is a critical function in a modern cyber security program. PAM programs have a high fail rate for a variety of reasons, including: Lack of understanding of key risks around privileged accounts Resistance from system administrators...
Why Red? Why Purple? A NIST CSF View
Red and Purple Teaming serve distinct purposes, and we think NIST CSF backs us up on that. We outline why we believe in starting with Purple Teams to validate Protect...
Updated Results from the MITRE ATT&CK Endpoint Detection and Response Evaluation
Explore MITRE’s EDR tool evaluations for APT3 threat detection, featuring top performers like Crowdstrike and new entrants FireEye and Cybereason. Detailed results at SRA
New Health Industry Cybersecurity Practices (HICP) Guidance Released: What You Need to Know
Explore HPH SCC’s new cybersecurity guidance for healthcare, offering a prescriptive approach to enhance industry-wide security practices.
Open Letter to the FDA
This blog post contains a copy of the questions and comments we’ve submitted to the FDA regarding their latest Medical Device Cyber Security Pre-Market Guidance draft (Link Here). In our previous blog post, we provided an overview of the draft. We believe that...
FDA Pre-Market Medical Device Draft Guidance Review
FDA’s draft guidance on medical device cybersecurity could revolutionize industry practices for manufacturers and healthcare providers.
Privacy: It’s More than GDPR
Discover the importance of a strategic approach to data privacy, transcending compliance to build consumer trust and gain a competitive edge.
Meeting the Standards – Persistent Challenges in PCI DSS
Stay ahead in cybersecurity with SRA’s expert guidance on PCI DSS updates, TLS protocol upgrades, and vendor compliance strategies
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
PRESS RELEASE: Free Workshop from Security Risk Advisors Empowers Organizations to Select Optimal OT Security Tools
Security Risk Advisors (SRA) announces the launch of their OT/XIoT Detection Selection Workshop, a complimentary offering designed to assist organizations in selecting the most suitable operational technology (OT) security tools for their unique environments.
PRESS RELEASE: Security Risk Advisors Hires Stephen Burke as Director of EMEA Relationships
Security Risk Advisors announced the appointment of Stephen Burke as the company’s new Director of EMEA Client Relationships.
PRESS RELEASE: Security Risk Advisors Hires Joe Cicero as Director of Strategic Alliances
ROCHESTER, NY – Security Risk Advisors (“SRA”), a leading provider of cybersecurity services and solutions, announced today the appointment of Joe Cicero as the company’s new Director of Strategic Alliances. Joe will be at the helm of developing strategic partnerships...
PRESS RELEASE: Security Risk Advisors and Finite State Announce Strategic Partnership to Drive Enhanced Cybersecurity for Connected Devices
Philadelphia, PA and Columbus, OH - [2/1/2024] - Security Risk Advisors (SRA), a leader in cybersecurity engineering, testing, operations, and strategy, and Finite State, an industry leader in software supply chain security, are pleased to announce a strategic...
PRESS RELEASE: Security Risk Advisors Unveils 2024 Test Plans for Cyber Threat Resilience Benchmarks
Elevate cyber resilience with SRA’s 2024 Threat Indexes for sector-specific benchmarking and threat assessment.
PRESS RELEASE: SCALR XDR by Security Risk Advisors Now Available on Azure Marketplace
Security Risk Advisors (SRA) is pleased to announce that its 24×7 security monitoring service, SCALR XDR, is now available in the Azure Marketplace.
PRESS RELEASE: Study Examines Economic Impact of SCALR XDR CyberSOC
Security Risk Advisors (SRA) announced today that a study conducted by Forrester Consulting on behalf of SRA in November 2023 has explored the potential return on investment (ROI) and security benefits for organizations deploying SCALR XDR CyberSOC.
PRESS RELEASE: Security Risk Advisors Granted with Cloud Security and Threat Protection Advanced Specializations by Microsoft
Security Risk Advisors is proud to announce that it has achieved both of the prestigious Microsoft Cloud Security and Threat Protection Advanced Specializations, an accolade that further affirms its standing as a leader in the cybersecurity industry.
PRESS RELEASE: Security Risk Advisors Has Been Authorized by the CVE Program as a CVE Numbering Authority (CNA)
June 13, 2023 – International cybersecurity consulting firm, Security Risk Advisors (SRA), has been authorized as a CVE Numbering Authority (CNA) by The CVE Program. As a CNA, Security Risk Advisors will be responsible for the regular assignment of CVE IDs to...
PRESS RELEASE: Security Risk Advisors Hires New Director of Client Relationships
Security Risk Advisors announced the hiring of new Director of Client Relations, Howard Garfield, who joins the leadership team after decades of industry experience.
Follow us on social media
Browse our Webinars
Access these virtual events on-demand and get valuable insight from our thought leaders and subject matter experts.
Get Curated Security News and Critical Vulnerability Reports
Our Threat Intelligence Gathering & Research (TIGR) team is focused on threat intelligence and curates a daily intelligence report, TIGR Threat Watch, with information collected from several industry intel sources. We also create and publish ad-hoc critical vulnerability notifications in case of critical and time-sensitive vulnerabilities or threats.