Resources

A Blueprint for Stronger Defenses: MITRE D3FEND

A Blueprint for Stronger Defenses: MITRE D3FEND

Staying ahead of adversaries is a constant challenge due to the evolving tactics and techniques that they leverage to gain access and achieve their objectives. While frameworks like MITRE ATT&CK have become an industry standard for understanding and discussing adversary behaviors, it can be challenging for defenders to map their own defenses.

Read More
arrow
Tailoring Configurations and Last Mile

Tailoring Configurations and Last Mile

One of the key value propositions of Reach is that our platform not only increases your security posture by providing critical insights, but it also allows customer to take action and deploy configurations with automation.

Read More
arrow
What is Security Debt and What Should Your Organization Do About it?

What is Security Debt and What Should Your Organization Do About it?

This growing issue not only increases an organization’s exposure to potential cyberattacks but also wastes money and time spent by security analysts chasing down alerts that could have been stopped upstream. By understanding the implications of security debt and implementing strategies for security hardening, organizations of all sizes can minimize risk and maximize their return on investment.

Read More
arrow
The Definitive Guide to Security Misconfiguration

The Definitive Guide to Security Misconfiguration

The constant evolution of today's threat landscape has organizations counting on security controls to keep the bad actors out and safeguard their people, sensitive data, critical infrastructure, operations, and brand. However, even the most sophisticated security tools can present a risk to organizations when they are improperly configured. And unfortunately, even the best security teams can make mistakes. Whether it’s a firewall rule left too permissive, a mismanaged IAM rule, or an EDR process monitoring bypass, the implications can range from severe financial loss to risks with the customer base that can lead to significant and sometimes irreparable reputational damage.

Read More
arrow
The Complete Guide to Exposure Management

The Complete Guide to Exposure Management

In today’s rapidly evolving cybersecurity landscape, exposure management has become a critical practice for organizations looking to stay ahead of potential threats. Unlike traditional approaches that focus solely on vulnerabilities, exposure management examines the broader context of how and why specific issues could impact an organization and prioritizes actions based on risk. A key aspect of this practice is understanding the exposure of employees, contractors, and even executives as attackers often attempt to exploit human vulnerabilities as well as critical systems.

Read More
arrow
Security Hardening Explained: Why is it Critical for Your Security Program?

Security Hardening Explained: Why is it Critical for Your Security Program?

To achieve effective system hardening, a systematic approach is crucial. This involves identifying, auditing, managing, and mitigating cybersecurity vulnerabilities throughout your IT infrastructure. Additionally, it requires continuous monitoring and optimizing of security controls to address threats targeting and impacting your environment. This article explores the importance of system hardening.

Read More
arrow
A Guide to Automated Security Control Assessment (ASCA)

A Guide to Automated Security Control Assessment (ASCA)

To address this growing challenge, the concept of Automated Security Control Assessment (ASCA) was defined and named by Gartner, setting a new standard for how organizations evaluate and optimize their security controls. By automating these processes, ASCA empowers organizations to reduce exposure, enhance their defenses, and stay ahead of emerging threats.

Read More
arrow
Introducing Compliance View: Satisfy GRC Requirements with Security Product Configurations

Introducing Compliance View: Satisfy GRC Requirements with Security Product Configurations

We’re thrilled to introduce the new Compliance View within Reach! Built to support Governance, Risk and Compliance (GRC) teams, Reach customers can now drill in to see how the configurations in their enterprise security products tie back into prominent GRC frameworks, and how they can use these products to improve their maturity with a given framework.

Read More
arrow
Top 10 Security Misconfigurations to Watch For in 2024

Top 10 Security Misconfigurations to Watch For in 2024

Through collaboration among our teams, we've identified the top 10 misconfigurations that often slip through the cracks and significantly impact an organization's security.

Read More
arrow
Platformizing: Navigating Microsoft E3 vs. E5 Licenses for Security

Platformizing: Navigating Microsoft E3 vs. E5 Licenses for Security

Upgrading Microsoft enterprise licensing from E3 to E5 or P1 to P2? Whether your company is upgrading or considering the move, you may be facing questions about how to leverage this shift for your security team’s advantage.

Read More
arrow
Zero Trust on NYSE Taking Stock: A Conversation with Reach's CEO

Zero Trust on NYSE Taking Stock: A Conversation with Reach's CEO

Reach Security CEO & Co-Founder Garrett Hamilton sits down with Trinity Chavez of the NYSE to explore how Reach takes organizations from “architecture to action” with Zero Trust.

Read More
arrow
Reach Licensing View: Turning Visibility into Value

Reach Licensing View: Turning Visibility into Value

We're excited to announce the launch of Reach’s Licensing View, which was built to help customers better understand the value they are getting from the licensed features they are paying for in their security products.

Read More
arrow
 Roads, Not Roadblocks: Empowering User Experience with Secure Access

Roads, Not Roadblocks: Empowering User Experience with Secure Access

One of the most exciting parts of joining an early-stage company is the opportunity to do things differently. Shortly after I joined Reach, I learned that customers were using Reach to help streamline authentication processes for low-risk users, particularly those who log in from the same locations and devices each day. Rather than constantly prompting for multi-factor authentication, Reach enables security teams to identify and control exposure in place for users in familiar scenarios, reducing the friction for users, while maintaining security.

Read More
arrow
Strengthening Defenses Against Ransomware

Strengthening Defenses Against Ransomware

With Cybersecurity Awareness Month in full swing and the 2024 Grace Hopper Celebration behind us, I had the opportunity to present a choose-your-own-adventure tabletop session on ransomware. After reflecting on my discussions with attendees at GHC, ransomware emerged as a challenge and top priority for many.

Read More
arrow
Integration Architecture and Why Reach Took the Hard, But Best Route

Integration Architecture and Why Reach Took the Hard, But Best Route

In today’s fast-evolving cybersecurity landscape, integration architecture is not just a necessary feature, but the backbone of how security systems communicate and protect organizations. Reach has approached integrations from a unique perspective, opting to take the hard road of building a system that is not tied solely to best practices, but fundamentally designed to adapt, learn, and integrate with purpose-built AI. It’s a decision that reflects our commitment to innovation, a deep understanding of the cybersecurity market alongside the products within a customer’s ecosystem, and a belief that the best path is rarely the easiest one.

Read More
arrow
Going Above and Beyond Microsoft’s Impending MFA Requirement

Going Above and Beyond Microsoft’s Impending MFA Requirement

Beginning in October, Microsoft will mandate multi-factor authentication (MFA) for multiple Azure components, including the Entra admin portal. Given Microsoft’s research indicates that MFA can prevent over 99.2% of account compromise attempts, this is great news! For those utilizing Entra Conditional Access to govern how users authenticate to mission-critical applications, there are additional measures you can take within Entra to further reduce the risk of credential compromise. Let’s explore some strategies to elevate your Conditional Access implementation beyond MFA using the features you’re licensed for.

Read More
arrow
Reach Security mentioned in the 2024 Gartner® Innovation Insight: Automated Security Control Assessment

Reach Security mentioned in the 2024 Gartner® Innovation Insight: Automated Security Control Assessment

While Gartner is helping to shape this new market category, companies like Autodesk and Nutanix are already realizing the benefits of this approach through Reach’s platform. By focusing on continuous security control assessments that leverage both business and adversarial threat context, Reach helps organizations like Autodesk and Nutanix understand the specific risks they face. Reach automates configuration changes to align with these risks, while also ensuring that organizations maximize the value of their existing security tools.

Read More
arrow
Countering Phishing and Credential Theft with MITRE D3FEND: How Reach Keeps You Ahead of the Threats

Countering Phishing and Credential Theft with MITRE D3FEND: How Reach Keeps You Ahead of the Threats

Phishing and credential theft remain two of the top methods adversaries use to breach networks. To counter these effectively, it’s not enough to understand the attacks themselves—you also need a strong defensive strategy. That’s where a framework like MITRE D3FEND can make all the difference, providing a structured approach to securing your organization.

Read More
arrow
The Fast and the Furious – Configuration Drift

The Fast and the Furious – Configuration Drift

As organizations expand and evolve, the relationship between IT and security becomes equally as important as it is complex. The rapid pace of technology changes to drive revenue and streamline operations, coupled with an increasing number of sophisticated cyber threats, forces both IT and security teams to constantly adapt. This dynamic environment makes it challenging to maintain the integrity of security controls while ensuring operational efficiency and availability. For security teams, this challenge is especially evident when it comes to monitoring and maintaining established security controls from a configuration lens.

Read More
arrow
Cloudy with a Chance of Account Takeover

Cloudy with a Chance of Account Takeover

Integrating Reach with Okta is a game-changer for boosting your security in the event of credential compromise. With Reach’s advanced analytics and proactive recommendations, organizations can better defend against threats from attackers looking to spoof their location and gain access to sensitive infrastructure. This combo not only maximizes the value of Okta’s Adaptive features, but also adds an extra layer of security for a more comprehensive approach to your IAM deployment.

Read More
arrow
The Power of Automation with Reach

The Power of Automation with Reach

At Reach, we prioritize the safety and control of our users by leveraging a staged environment for automation. This approach not only safeguards the production environment but also ensures that changes are meticulously tested and approved before going live. Whether it’s implementing Conditional Access policies or deploying other critical updates, Reach’s staged automation empowers organizations to increase their cybersecurity posture with confidence, efficiency, and ease.

Read More
arrow
Bridging the Last Mile: Reach’s New ServiceNow Integration Enhances Cybersecurity Maturity

Bridging the Last Mile: Reach’s New ServiceNow Integration Enhances Cybersecurity Maturity

As we continue to navigate the complexities of cybersecurity, our focus remains on providing solutions that not only secure but also streamline operational processes. The new ServiceNow integration is a testament to our dedication to mastering the last mile, ensuring that our clients can achieve and maintain the highest levels of security maturity.

Read More
arrow
The Last Mile in Cybersecurity: Turning Assessments into Action

The Last Mile in Cybersecurity: Turning Assessments into Action

The last mile is a critical component of cybersecurity operations. By embracing a comprehensive approach that goes beyond mere reports to actionable and automated implementation, Reach ensures that your organization is not only secure but also agile and efficient. Stay tuned for our upcoming posts where we will delve deeper into specific use cases and solutions that exemplify our commitment to mastering the last mile in cybersecurity.

Read More
arrow
Security Tools Optimization Spotlight: Microsoft Entra ID Conditional Access

Security Tools Optimization Spotlight: Microsoft Entra ID Conditional Access

Conditional Access contains simple yet powerful sign-on attributes that can be tailored to your business with a risk-based approach. Whether you're undergoing security tool consolidation efforts or embarking on an IAM hardening project, consider starting with a series of tailored sign-on policies that address risk where most breaches start.

Read More
arrow
Why an identity-centric approach to Tools Rationalization is the place to start

Why an identity-centric approach to Tools Rationalization is the place to start

You may hear terms like "tools rationalization" or "maximizing tool effectiveness," but their meanings can vary. Are you following a vendor best practice checklist, mapping CVEs to specific configurations, or tracking workforce risk and ensuring your licensed capabilities address this risk? Whichever path you choose, understanding the value of each approach is crucial.

Read More
arrow