Battling cybersecurity threats in the cloud

We recently gave an interview conducted by Stuart Crowley, Editor for W.Media on the topic of cybersecurity for cloud.

While in the midst of a COVID-19 pandemic, many businesses have been affected badly. To transform themselves or to simply survive this unfortunate event, many went online to sell their ware. However, many may not have cybersecurity top of their mind when rushing to move to the cloud. In the interview, I was asked how we view this and ways to address such risk.

Here’s the article from W.Media. Feel free to leave comments or simply send us an email to, with your view on cybersecurity and the cloud.

read more

CSA APAC Summit 2020: The Current & Future of Cloud Security Strategy

I am honoured to be invited as a panellist, as part of CSA APAC Summit 2020, to discuss on the topic of Cloud Security Strategy.

We discussed about topic ranging from the pandemic impact to cloud security to strategy on security an organization’s cloud infrastructure.

Here’s the official link to CSA APAC Summit 2020 for the video.

read more

Insyghts Security – Security Monitoring Service

We are excited to be working with W.Media on their Malaysia Cloud & Datacenter Digital Summit, and taking this opportunity to launch our much-awaited Security Monitoring Service with our partner Securonix.

The focus of our service is cloud and hybrid environments, for companies with significant investment in cloud services which may include infrastructure cloud, platform, or software service cloud. E.g such as AWS/Azure, O365, SAP cloud, etc.

What do you need to consider when selecting an MSSP and the supporting analytic platform that runs the security monitoring? Most SOC is equipped to provide monitoring and providing alerts from traditional infrastructure. While some may be able to take on data from selected cloud service, most are not able to. For modern and cloud-powered enterprises, you need an MSSP that is able to quickly ingest data from cloud services, provide accurate threat detection and strong integration to the automated remediation process. As enterprises are exposed to the cloud, any effect of threats and breaches will spread faster and cause more lasting reputational damages.

Some of the key criteria to consider includes;

  • Threat vs incident
  • Security analytics, not just event and incident management
  • Well define Threat Model
  • User and event behavioral analytics
  • Threats in cloud services
  • Detection against insider threats
  • Breach that manifest over a period
  • Speedy, automated response to threats

Reach out to us to find out more how we can help organizations keep a watchful eye on their data and assets, guarding against real threats.

Insyghts Security is an information security and cybersecurity service provider. Offering cybersecurity consultancy, security engineering, cybersecurity solutions, managed security operation, and security monitoring (SOC) services.

We cover the end-to-end information and cybersecurity risk and threat management, information security governance, helping organizations understand their risk and vulnerability of existing policies, systems, and processes, provide visibility into businesses’ threat incidents and events. Propose best practice security architecture design and solution that provide optimal protection, and service to manage detection and response to incident or breach. And a service team that provides constant monitoring and management of ongoing cybersecurity threats.

We work with strategic partners and their solution to provide solutions and services that address zero-trust computing environment, UEBA and insider threats, and maintenance of cybersecurity hygiene. For more information visit

Securonix is redefining SIEM for today’s hybrid cloud, data-driven enterprise. Built on big data architecture, Securonix delivers SIEM, UEBA, SOAR, Security Data Lake, NTA, and vertical-specific applications as a pure SaaS solution with unlimited scalability and no infrastructure cost. Securonix reduces noise, prioritizes high fidelity alerts, and detects and responds to advanced insider and cyber threats with behavioral analytics technology that pioneered the UEBA category. For more information visit

read more

Malaysia Cloud & Datacenter Digital Summit

Insyghts Security will be participating in the upcoming Malaysia Cloud & Datacenter Digital Summit. Do join us for an informational half day digital event. We will be launching our latest service officially as part of this digital event.

read more

Executive Cybersecurity Strategy

Balancing business needs and security obligations

In the course of our work helping and advising our customer, be it the organizations CEO or CIO, we are constantly met with a certain degree of push back from these leaders. Of course it is at no fault of theirs, that they usually prioritize business objectives rather than information security or cybersecurity best practice.

Insyghts Security is honored to collaborate with Keyaan Williams of CLASS-LLC in our vCISO service. One of our key initiative to bring about better discussion and education on information security, cybersecurity, and their relation with driving or be driven by business needs, is a series of CISO discussion webinar.

Our inaugural CISO webinar is targeted at C-Level executives on the topic of balancing an organization’s business needs with that of information security obligations.

Join us on the 28th of August 2020, 10am SGT for a discussion on this topic. /

read more

Zero Trust Access Management

PrivX® is the lean and modern privileged access management you are looking for!

Different from traditional PAM solutions, PrivX® adopts the latest Zero Trust just-in-time technology which is the best fit to secure agile R&D teams, MSPs, outsourcers and fast-growing companies.

With PrivX®, each connection will be validated in real-time with short-lived certificates that remove the need for passwords.

Our role base, on demand workflow makes sure your environment would only be opened to third parties with your authorization.

With the enterprise grade monitoring and auditing features, we assure you the all access and sessions are under your control!

Due to the pandemic, we understand that you will need more time to get to know us and the solution. Therefore, we now open PrivX for FREE trial for 90 DAYS up to 50 HOSTS! You could also get local support if you have any questions! Contact us NOW!

read more

Free Webinar – Why should you concern your PAM during this pandemic

Insyghts recently organized our first in a series of webinars to share views, thoughts, and solutions to better cybersecurity during this unprecedented time.

We invited our partner to share their view security of an organization’s critical resource when their privileged users and vendors are accessing them remotely.

Reach out to us if there are questions regarding the webinar at

read more

Maintaining cybersecurity hygiene in an isolated economy

Businesses are now in a lockdown or work from home mode. Even after opening from the lockdown, business is no longer as normal. This makes access to critical systems more challenging. Working remotely and from home exposes more risk in managing cybersecurity than in a controlled enterprise environment.

Typical cyber hygiene problems

Some of the typical attack or breach of data are result of simple things;

  • Malware infection or ransomware attack result of a phishing attack
  • Security breach due to outdated software, infra, and systems
  • Unchecked privileged user or internal user risk abuse
  • Cyber attack discovered too late from lack of visibility

Maintaining good cybersecurity hygiene

Cybersecurity hygiene and maintaining it relates to implementing best practices for IT systems, which include but not limited to;

  • Ensuring devices, systems, applications, etc are kept properly configured
  • They are kept up-to-date to prevent exploits and vulnerabilities
  • Ensure properly installed, functioning and updated anti-malware solution
  • Enforcing strong password and 2FA
  • Consistent monitoring for threats, vulnerability, and exploits

These look straight forward but they are the most often overlooked due to lack in resources or discipline to keep track.

Keeping track of your cybersecurity posture

To effectively manage and maintain the organization’s cybersecurity hygiene,

  • Know your maturity level, risk and risk acceptance level
  • Have strategy and controls measures to mitigate cybersecurity risk mapped out
  • Have a good information security management system to guide reduction of risk
  • Gain good visibility into the posture and threats within your organization

Your CISO or an outsource vCISO can help in determining your organization’s risk, areas to improve on, and propose controls for those areas, and a dedicated team or outsourced SecOps can help to track security operations and monitoring to maintain your operational cyber hygiene health.

For organizations with a larger infrastructure systems footprint, a comprehensive tool to keep track of compliance and health of systems, such as Cyber Observer will help C level and senior managers/directors keep track of risk, and compliance will help with keeping score of the company’s risk.

read more

Work From Home (WFH) for Privileged Users

Adoption of cloud technology and outsourcing of key IT services have become prevalent among small and mid-sized enterprises.

With the world in lockdown and economy in isolation, if your workers and vendors are not already providing you services and managing your data, applications, and systems from a remote location, they would be now.

This should be a cause of concern to many security-conscious businesses, CXOs, and security mangers as it exposes risk in areas that become difficult to control compared to a closed enterprise environment.

Challenges of a remote workforce and vendors;

  • Good anti-malware is just part of the puzzle and no longer enough
  • Can you really trust your privileged user and administration? 100%
  • VPN is not efficient and does not control access for users on a need to basis
  • Password and people are no longer reliable
  • Endpoint security outside the corporate firewall
  • Use of non-company machine
  • Use of company machine with insufficient restriction and cyber hygiene
  • Risk of third parties hijacking
  • Risk of staff accessing system they are not supposed to
  • etc

To address both internal threats and risk from vendors, even if no formal ISMS in place, having these key controls give the most value in securing your important data;

  • Adopt a security framework, hire a vCISO, establish your security policies
  • Train your users, give clear guidelines
  • Implement strong ISMS controls, esp. access control, and vendor mgt
  • Trust no one
  • Secure all access
  • Separation of duty among staff and vendors
  • Allow access to servers on a need to basis
  • Record all sessions for deterrence and forensic
  • Adopt MFA/2FA for all access and log on

Insyghts work with our partners to put together a solution stack that helps manages privileged users of your infrastructure, systems and data.

Users working on corporate or own computers from external locations should have strong Yubikey 2nd-factor authentication to both their endpoint, network, and application using a single hardware 2-factor authentication device.

Netfoundry SDWan and SASE will help secure and accelerate any remote access to corporate infrastructure or cloud

Control and record all remote session for privileged users and administrators to your infrastructure and servers using SSH PrivX

read more

Insyghts Security and CLASS-LLC Join Forces to Provide Cybersecurity Services in Asia

I am pleased to announce the strategic partnership with Keyaan Williams of CLASS-LLC.

This strategic partnership with CLASS-LLC will elevate the quality of the vCISO, ISMS development and SecOps services to deliver strong cybersecurity and information security leadership, strategy, process, and solutions to businesses in Asia.

read more