Blog

The Open Web Application Security Project (OWASP) has published the 10 most critical web application risks, 2017 edition, which points injection attacks as the greater security risk once again, as in the 2013 and 2010 editions.

Tomando en consideración las amenazas y los riesgos detallados anteriormente queda de manifiesto la necesidad de desarrollar acciones o modelos de protección para mitigar las vulnerabilidades que surgen del tratamiento de los datos de los usuarios así como prácticas de seguridad en la funcionalidad y el despliegue de tecnologías IoT.

The protection of critical and strategic infrastructures in our country is a task that must be tackled by all the agents involved in a public-private cooperation framework.

The IDS, IPS and SIEM are equipment originally designed for IT environments but whose adaptation to TO environments has been forced in recent years due to a proliferation of attacks on industrial environments.

After having analysed the "why" behind the cybersecurity capacities evaluation model in the first entry dedicated to the C4V model and after having explained how to carry out an appropriate management of risks in the value chain in the second edition, this third edition is dedicated to explaining how to carry out an evaluation of ourselves.

The industry is increasingly calling for experts in security, and the business world is not capable of meeting that demand due to the lack of trained professionals. This is not a problem that solely affects Spain; it also affects the whole of Europe and the U.S.A. But, what is it that is asked of industrial security experts?

Wireless technologies are becoming more and more prominent everywhere, and also in industrial environments, driven by all other environments where the use of wireless communication technologies is widespread.

The Simple Network Management Protocol or SNMP, used in most industrial devices, went from an information exchange protocol related to device configuration to an actual configuration control protocol. Manufacturers add far too many functionalities for SNMP in their devices. These functionalities are often unknown by operators so they do not pay much attention to the hardening of this protocol.

The architecture of our industrial control systems is not as static as it was some years ago. The adapting of new standards, or simply trying to improve the security of our industrial networks, creates the need to introduce one or various firewalls within our network. Thinking about having to change a network's architecture, the IP of our devices, tests, etc. when introducing a new firewall often leads to the bad decision to not install it. But, do we know about transparent firewalls and how they can be installed with almost no impact in our network? These solutions have advanced a lot in the industry and may be a true plus to our security.