Daniel Hooper

As a team at watchTowr, we’ve said it repeatedly - by the time a vulnerability hits the news, it’s too late to respond. At that point, speed dial your cyber insurer. In-the-wild exploitation now moves faster than ever - faster than most teams can identify affected systems, validate exposure, or start patching. “I just saw the news - are we vulnerable?” is already a losing question. That’s why we evolved the watchTowr Platform into a Preemptive Exposure Management solution - powered by world-class vulnerability research from watchTowr Labs, real-time live attacker telemetry, and AI-driven automation to move faster than attackers. The watchTowr Platform validates whether you’re exposed in minutes, not days - giving security teams the chance to act before attackers do. Consistency is everything, and we’re proud that the watchTowr Platform consistently gives our clients the one thing they need most: time to respond.

126

3 Comments

“If your TPRM team is slowing down the business, you don’t have a risk management problem — you have a design problem" 🎙️ In our latest Cyber Risk Podcast, Lindsay Baker (TPRM Leader) simplifies TPRM's core challenges: Reconciliation, Chasing and Communication — and how AI can fundamentally transform that! 🚨 Link in comments! #TPRM #CyberRisk #ThirdPartyRisk #CyberSecurity #CISO #RiskManagement #CyberResilience #CyberRiskPodcast hashtag

40

2 Comments

Compliance Isn't a Burden—It's Your Secret Weapon Through years of observing businesses navigate compliance, one thing is clear: those who see it as a burden often miss its strategic potential. ISO 27001 compliance often feels like a heavy burden—an endless list of requirements. But what if compliance wasn't just about satisfying auditors? 💡 Imagine it as a tool to build trust, attract partners, and protect your business. By streamlining privileged access, securing critical data, and ensuring traceability, you go beyond compliance—you gain a competitive edge. Those who embrace this view will stay ahead of the curve. Is your business ready to unlock this advantage? #ISO27001 #CyberSecurity #CompetitiveAdvantage

24

2 Comments

As the buzz around DeepSeek continues to grow, this one-pager provides a concise and efficient overview of its key characteristics, associated risks ⚠️, and comparisons to o1. A quick and worthwhile 3-minute read! ⏱️

78

6 Comments

𝐖𝐡𝐨 𝐥𝐨𝐯𝐞𝐬 𝐚 𝐠𝐨𝐨𝐝 𝐚𝐮𝐝𝐢𝐭? 𝐒𝐚𝐟𝐞 𝐭𝐨 𝐬𝐚𝐲 - 𝐧𝐨 𝐨𝐧𝐞. I’ve led teams and companies through audits. They matter, but they’re often laborious and uncertain: ❓Will this auditor accept last time’s evidence? ❓Have “accepted practices” shifted again? ❓Are we judged on what’s in-scope- or what’s missing? ❓And if it takes a week or two to accommodate, does that just mean more tools and controls next time? 😩 We at Orchid Security have built a 7-step IAM audit playbook to cut the noise and deliver irrefutable, app-level evidence (not abstracts from docs, tools, or people): 1. Preparation - scope, frameworks, baselines, ownership 2. Application Inventory - managed + unmanaged, controls, gap analysis 3. Identity Lifecycle - J/M/L with timestamps & deprovisioning 4. Authentication Events - logins, failures, sessions 5. Access Governance - least privilege, SoD, elevation trails 6. Overlay Insights - orphan/local/dormant accounts, shadow apps, over-provisioning, high-risk patterns 7. Audit-Ready Outputs - unified identity audit logs, real-time dashboards, compliance-mapped exports If audits feel like firefights, this turns them into routine. Read more 👉 https://lnkd.in/dfwa2Bme #IAM #Audit #Compliance #GRC #IdentityInfrastructure #IdentityFirst #ISO27001 #PCI #NIS2 #FedRAMP #SOX #HIPAA #Security #OrchidSecurity

161

1 Comment

Threat Actors Don’t Care About Your Compliance Score In today’s cybersecurity landscape, organizations are navigating a complex web of compliance frameworks—NIST-CSF, CMMC, ISO 27001, PCI-DSS, HIPAA, NERC, and GDPR, to name a few. Each requires thorough documentation to validate governance practices, policies, and technical safeguards. Successfully passing these audits offers value: it helps organizations benchmark their security posture and align with industry expectations. But the key to success lies in maintaining clear, consistent documentation—not just checking boxes, but demonstrating genuine security maturity. However, passing an audit doesn’t mean you’re safe. Threat actors don’t care about your audit score or whether your last assessment earned gold stars—they’re looking for weak spots, misconfigurations, and overlooked vulnerabilities. And ironically, the process of preparing for audits can drain crucial resources—hundreds of man hours that could be spent on active defense, network monitoring, and incident response. In some cases, chasing compliance may divert attention from more pressing security needs. That’s why it’s important to strike a balance. If an audit is required—by regulators, partners, or customers—it must be done right. But organizations shouldn’t lose sight of the bigger picture. Real security depends on visibility, context, cyber hygiene, and threat intelligence. A framework may tell you what “good” looks like on paper, but the attackers don’t follow checklists—they exploit gaps. Staying ahead requires moving beyond compliance and investing in continuous, adaptive security strategies. #cybersecurity #GRC #audits #documentation #threatactors #vulnerabilities #threathunting #riskmanagent #compliance #NIST #CMMC #GDPR #ISO27001 #PCI

604

48 Comments

🚀🚀 #vet 1.9.8 released and it supports scanning GitHub Actions "code" The recent tj-actions/changed-files supply chain attack is the topic of the town. While it is a major incident, it appears the actual impact was somewhat limited. Coincidentally or otherwise. We want to protect our users against such attacks but we faced a key challenge. Our malicious code and package scanning infrastructure is built on the assumption that a package version, such as `pkg/npm:express@4.17.1` is immutable. If we scan this package once, we can trust its result in future because npm package registry will guarantee that a package version cannot be updated. This assumption was broken when it comes to scanning GitHub Actions code because GitHub tags are MUTABLE and thats what we saw in tj-actions/changed-files hack as well. To workaround this limitation, we handle GitHub Actions as a special case. We resolve the commit SHA of a given GitHub Action at the time of scanning before initiating a code analysis session. The implementation is generic enough to scan any GitHub repository. Try it out. Feedbacks and suggestions from the community is what drives our roadmap. Link in comment. 💻 Omkar Phansopkar Arunanshu Biswas Sudhanshu Dasgupta Kunal Singh 🎯 Sahil Bansal

64

2 Comments

Last week I wrote about the end of legacy PAM and the rise of modern identity control planes. Many of you reached out asking about the "Identity Firewall" concept I mentioned. Specifically: "Tim, why are you calling it a firewall? That's confusing." I get it. When most people hear "firewall," they think “network firewall.” Something that sits between networks and blocks bad packets. But here's the thing, that's exactly why the analogy works.  I’m using the term ‘firewall’ deliberately. Because just like the original firewalls transformed network security decades ago, the  identity firewall will redefine access and authorization in the cloud-native world. Over the past year, I've had countless discussions with Amol Kabe about this evolution. One conversation really crystallized it for him: "We've been conditioned to think 'firewall' means network security. But firewalls were always about enforcement at boundaries—the network perimeter just happened to be where we drew those boundaries. Now that identity is the perimeter, that's where enforcement needs to happen." Think about it this way: Network firewalls inspect every packet between network zones and decide: allow or deny based on policy. Identity Firewalls inspect every privileged action between identity zones and decide: allow or deny based on policy. The boundary just shifted. It used to be between networks. Now it's between identities, systems, and the actions they want to take. A CISO at a financial services company put it perfectly: "We have firewalls that inspect every bit of network traffic, but we grant broad database access and hope for the best. That's backwards." Here's what really clicked for me: we already accept that firewalls evolved. Network firewalls became next-gen firewalls, then ZTNA, then SASE. The concept of "enforcement at the trust boundary" stayed the same—the boundary moved. Identity is the new perimeter. The firewall needs to move there too.  Does Identity Firewall create some cognitive dissonance? Yeah,  and that’s by design. 'Firewall' sounds old-school. But what if the term we knew from network security is exactly what’s needed to fix access and authorization? A new control layer. For a new perimeter. Sometimes the best way to explain a new concept is to anchor it to something people already understand, then show them how it's evolved. The Identity Firewall isn't about network packets. It's about controlling privileged actions between users, machines, and the systems they access. Real-time policy enforcement where it matters most—not just who gets in, but what they can do once they're there. Still think it's confusing? I'd love to hear your thoughts.

181

34 Comments