‘WannaCry’ attack highlights ransomware

An unprecedented cyber-attack took the world by storm over the weekend, affecting more than 200,000 systems in 150 countries by targeting unsupported and unpatched versions of Microsoft Windows operating systems. The attack, known as WannaCry, came in the form of a ransomware virus, which takes control of a computer and locks files. To unlock your […]

Archetype SC to Attend Cyber Security Summit in Dallas

Two Archetype SC security engineers are set to attend the Cyber Security Summit in Dallas sponsored by Proofpoint. The one-day conference connects those responsible for protecting their companies’ critical infrastructures with solution providers and security experts, and features a security briefing with the FBI on current and emerging threats, a roundtable discussion on how cybersecurity is […]

Securing Your Windows Infrastructure – Encryption and Active Directory

Welcome to the latest installment of “Securing Your Windows Infrastructure”. Today’s topic is encryption – specifically encryption as it pertains to Active Directory. As with other applications, data managed by AD can be encrypted in storage and in transit. Let’s take a quick look at where encryption is, and can be, used by AD. Replication […]

Classic Lines

Classic Lines

There’s an old Western TV program in syndication, titled something like “The Cisco Kid.”  It’s a great show about two Mexican “Robin Hood” style figures, who rode around the southwest, righting wrongs.  One part of the show sticks with me is when Cisco and Pancho joke with each other.  Pancho points to Cisco and says, […]

The Cost of a Security Breach

Every day, week, or month that passes we in the security community watch company after company get breeched by hackers or make the news with some other large scale security incident. If you work in the enterprise environment, more than likely you work for a company that either has had a large scale security incident […]

Could the password become a thing of the past?

For some time, major companies have been moving away from a single password as a method of authentication and moving towards multifactor authentication or secure methods such as biometrics or behavioral techniques. The issue companies are attempting to address is password strength and integrity. Enforcing password etiquette and policy across numerous users is not easy, […]

Next Generation of Payment Cards

You likely have heard about the new shift in the credit card industry from magnetic strip to EMV chip cards. These cards have a small chip in them that facilitates communication to the payment card company in place of the magnetic strip technology that has been the industry standard for 25+ years. Historically, the motivating […]

Risky Business

Deloitte and RSA presented a collection of seven articles on risk, covering topics ranging from general business risk to IT specific risks.  As I read the articles, the definition of risk that I learned way back in a risk management class kept coming to mind.  Definition: a risk is a potential future event that has […]

Too Much Access

In my experience as a security engineer, I have noticed that employees are often given significantly more access than needed. This is particularly true at large, enterprise level organizations. At enterprise clients I have worked with, I was responsible for granting this access once a request was approved. All too often I receive requests that […]