Introduction After I saw the buzz about Kaseya on July 2nd, I decided it was time to start writing a blog post about targeting the supply chain. Software supply chain “attacks” aren’t new, however, they will become much more mainstream now that there has been extended media coverage of the SolarWinds incident. You may have noticed a similar [...]
Your first interaction with Obscurity Labs may come through an Incident Response engagement, a Web Application Test / Application Security Engagement, a Managed Detection and Response (MDR) contract, a Security Engineering / Consulting contract, or even a Software Supply Chain Security contract. Each of these services complements each other to form an overarching cybersecurity program. We work with our clients, preemptively if possible, to conduct risk assessments using the NIST Cybersecurity Framework. We typically use the CIS CSC and NIST SP 800-53 controls to help our customers achieve target profiles and mature at a rate commensurate with their organization’s culture, budget, and business objectives. These risk assessments can be performed as an independent consulting service or they can be tied directly into one of the aforementioned offerings.