March 2021


Five worthy reads: The unexpected costs following a cyberattack

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about the worst data breaches that happened recently, their impact, and the cost of data breaches for companies. The COVID-19 pandemic has not only had an impact on the mental and physical health of employees, but on the digital health of organizations around the world.


Role of Encryption in GDPR Compliance

Encryption has been a hot topic of discussion during the implementation phase of most data privacy laws. In the age where organizations are dealing with large volumes of data each day, the protection of this sensitive data is critical. The data, which is seen as a business-critical asset for organizations, should be protected against malicious hackers looking for opportunities to steal the data.


5 Online Shopping Security Tips to Protect Your Data

Protecting yourself when paying online is very important. It’s a scary thought, but fraudsters have lots of ways to sneak in and steal credentials, bypass security and make victims of online shoppers. As we have discussed previously on this blog, criminals don’t just rely on traditional “hacks” to exploit technology. Increasingly, bad actors are using sophisticated bots to exploit business logic in order to breach security and carry out attacks.


Redscan research suggests cyber security improvements in the NHS despite COVID pressures

The scale of the challenge facing the healthcare sector, even before COVID-19, was significant. In 2020, it became even more pressing with constant reports of critical infrastructure being targeted by cybercriminals. To understand the unique challenges within the NHS, we submitted a Freedom of Information (FOI) request to every trust in the UK.* The results, when compared with those in relation to a previous request in 2018, suggest improvements in cyber security across the NHS. Key Findings


How To Conduct A Website Security Check

By one estimate, more than 30,000 websites get hacked every day. Viruses, malware, spam, and DDoS attacks constantly threaten your organization’s valuable information. Customers trust you to maintain website security; so how can you make sure your site is as secure as possible? Follow this website security checklist to make sure you have all your bases covered when it comes to securing your business site.


Defining Zero Trust Data Protection

The biggest fundamental shift in the era of digital transformation is that data is no longer on a CPU that the enterprise owns. Security teams focused on cloud must invest in the right technology to achieve more complete data protection, and we all need to ensure Zero Trust principles are applied everywhere data needs protection. At Netskope, we describe this as Zero Trust Data Protection. In its simplest form, Zero Trust means: Don’t trust the things you do not need to trust.


Six Essential "Must Haves" for Your IoT Deployment

Too many vendor-based IoT blogs and articles go like this: These basic tenets are obvious and generally well understood by anybody in the orbit of IT. Missing here, however, is what are the essential elements that are needed to get your Internet of Things (IoT) project off the ground. What should you be looking for or careful not to miss?


Medical device security in a pandemic world

The pandemic has put a lot of things on hold over the last year, but medical device security shouldn’t be one of them. The millions of medical devices that help keep people healthy—and in many cases keep them alive—have drawn mixed reviews from security experts since the internet happened. Even more so in the past year since the pandemic happened. There is just about unanimous agreement that the benefits of those devices outweigh the risks.

Create Users Within Veracode Security Labs or by Using Your Company SSO

In this video, you will learn how to create Security Labs users from within the Security Labs interface. Veracode Security Labs provides interactive training labs that give developers practical security knowledge. Security Labs teaches security and application security (AppSec) skills through hands-on experience. The lab-based approach to developer enablement can improve the time it takes to resolve findings and help developers avoid introducing flaws into the code.

How Does Insider Threat Detection Work & Why is it Crucial?

Attaining a strong cyber security posture is a multi-layered process and includes various essential components. Among those, insider threat detection holds unignorable importance. Therefore, it is crucial to obtain a deeper understanding of what insider threat detection is. Basically, an insider threat is a security risk that’s originated within the boundaries of the organization itself. Unlike outside attacks, insider threats are mainly caused by employees.

Episode 12 | Employee Training in a Virtual Environment

The pandemic has resulted in changing infrastructure for providing training to employees in this work from home limitation of large gatherings environment. This episode will feature a special guest to discuss how we partner to bring the highest level of security training to our clients – in a high-tech manner that we believe is best in class and exceedingly useful in today's environment.

Application security automation for GitHub repositories with Snyk

Snyk provides a wide array of integrations and a pretty comprehensive API to enable you to deploy Snyk across the SDLC and monitor all the code your organization is developing. Of course – this is not always simple. At scale, ensuring Snyk is monitoring all your repositories becomes more challenging. As you grow, more code is added in the shape of new repositories. Not only that, existing repositories keep on changing.


Top In-Demand Cybersecurity Skills in the Upcoming Years

Hey there, We recently ran a series of webinars* on how different-sized cybersecurity teams modernized their security operations and embedded polling questions within the webinars to gather some feedback. A set of possible answers was selected based on the ENISA NIS Investments report. In this blog post I’d like to share the results of the polls and the conclusions we can draw from them.


Splunk SOAR Playbooks: Conducting an Azure New User Census

In January and February of 2021, the threat actor called Hafnium used a number of post-exploitation tools after gaining access to Exchange servers through a zero-day exploit. One of their persistence methods was creating new user accounts in the domain, giving them the ability to log back into the network using normal authentication rather than use a web shell or continue to re-exploit the vulnerability (which has since been patched).


Azure security 101: Security essentials, logs, authentication, and more

“Where necessity speaks, it demands”. This old saying seems particularly apt right now with the pandemic forcing organizations to completely change the way they think about their IT networks. That rapid shift to remote work has resulted in a massive demand for cloud-based services.

Sysdig Adds Unified Threat Detection Across Containers and Cloud to Combat Lateral Movement Attacks

Sysdig introduces continuous CSPM to the Sysdig Secure DevOps Platform, multi-cloud threat detection for AWS and GCP, and a new free-forever cloud security tier. With 70% of cyberattack breaches utilizing lateral movement, Sysdig uniquely detects and responds to threats across cloud and containers.

What educational institutions need to do to protect themselves from cyber threats

Educational institutions are reaping the many benefits and new possibilities offered by online learning, but these new methods of educational instruction come with serious cyber security concerns. These institutions are also a prime focus for hackers because they often host a lot of sensitive data about teachers and students. Furthermore, schools and universities are an easy target because not every teacher or professor is technologically savvy.


Survey: 99% of Security Pros Struggling to Secure Their IoT & IIoT Devices

Organizations are increasingly introducing new Internet of Things (IoT) devices into their environments. According to Statista, the aggregate number of IoT devices deployed by organizations globally increased from 7.74 billion in 2019 to around 8.74 billion a year later. The market and consumer data firm reported that the next few years will see growth in all types of IoT devices, including Industrial Internet of Things (IIoT) offerings like smart monitors.

outpost 24

SAST, DAST, SCA: What's best for application security testing?

With a 43% rise in data breaches tied to web application vulnerabilities according to Verizon, enterprise security teams are looking more closely at how security controls can be integrated to DevOps without impacting productivity. But with so many automated security testing tools (SAST, DAST, SCA) on the market, it’s important to understand the difference and when to use them to ensure robust Application Security.


What is a Compliance Risk Assessment?

As global regulations for data privacy and cybersecurity continue to proliferate, the pressure for organizations to manage compliance risk grows. To meet the demand for greater compliance risk management and value for corporate stakeholders, compliance professionals must be sure they have a thorough understanding of their compliance obligations and potential vulnerabilities.

How SOAR Helps Service Providers Meet MSSP Challenges: A Conversation With Forrester Research

Joseph Blankenship and Chase Cunningham of Forrester Research joined Siemplify for a four-part video series. In the fourth and final part, the pair discusses the role of SOAR for service providers, how they can evaluate their own success, and what selection criteria should look like for end-users shopping for an MSSP – especially in the era of more demanding customers and the death of the “black-box” MSSP model.

Preventing Recent Microsoft Exchange Vulnerabilities and Similar Attacks Using Netskope Private Access

On March 2, Microsoft released patches to address four zero-day vulnerabilities in Microsoft Exchange Server software. Those vulnerabilities, known collectively as ProxyLogon, affect on-premises Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. (Exchange Online, which is part of Microsoft 365, has not been affected.)


Synopsys CyRC named a CVE Numbering Authority

As a CVE Numbering Authority, Synopsys can assign CVE ID numbers and publish newly discovered vulnerabilities. The Synopsys Software Integrity Group has been helping organizations find and fix vulnerabilities in their software for nearly a decade. And now it will be able to help them and the broader software industry even more.


Most common types of cyber security attacks (includes threats & attack vectors)

The cyber threat landscape evolves every day following the most basic to more advanced types of cyber attacks that makes daily headlines. It is due to data breaches, causing reputational, financial losses and regulatory penalties. Our aim with this article is to update the reader on various types and categories of cyber attacks that help them make informed decisions about their business to identify what is important and how it should be protected.


Manufacturing Has the Lowest Percentage of High-Severity Flaws but Needs to Improve Time to Remediation

The past 12 months have been especially challenging for the manufacturing industry. The pandemic affected in-person manufacturing jobs as well as supply and demand, causing many manufacturing companies to shut their doors or lay off valuable employees. Recognizing the vulnerable state of manufacturing companies, cybercriminals saw manufacturing as an easy target. In fact, the manufacturing industry saw an 11 percent increase in cyberattacks in 2020.

Appknox 7th Year Anniversary!

This week #knoxtars celebrate our seventh year in business. During this time we have continually secured businesses across multiple industries to build a safer mobile ecosystem We wish to thank every single team member past and current, clients and partners who we have worked with us over the years. We take great pride in our work and look forward to helping your business grow & add more feathers to our cap.

How to Overcome the Challenges of Securing a Fully Remote Workforce

One of the most significant changes to come out of the COVID-19 pandemic is the shift to remote work. By late 2020, 58% of U.S. employees worked at home at least some of the time, and this trend will likely continue. While a remote workforce can bring several productivity and morale benefits, it also creates some security challenges such as cyber threats. Most companies’ cyber defenses are designed to handle a single, centralized network in one location with standardized devices.


Using Devo to Stop Black Kingdom ProxyLogon Exploit

Black Kingdom is targeting Exchange servers that remain unpatched against the ProxyLogon vulnerabilities disclosed by Microsoft earlier this month. It strikes the on-premises versions of Microsoft Exchange Server, abusing the remote code execution (RCE) vulnerability also known as ProxyLogon (CVE-2021-27065[2]).


Preventing YAML parsing vulnerabilities with snakeyaml in Java

YAML is a human-readable language to serialize data that’s commonly used for config files. The word YAML is an acronym for “YAML ain’t a markup language” and was first released in 2001. You can compare YAML to JSON or XML as all of them are text-based structured formats. While similar to those languages, YAML is designed to be more readable than JSON and less verbose than XML.


Secure coding with Snyk Code: Ignore functionality with a twist

When scanning your code with our secure coding tool, Snyk Code might find all kinds of security vulnerabilities. And while Snyk Code is fast, accurate, and rich in content, sometimes there is the need to suppress specific warnings. Typical example use cases arise in test code when you explicitly use hard coded passwords to test your routines, or you know about an issue but decide not to fix it.


Detect suspicious activity in GCP using audit logs

GCP audit logs are a powerful tool that track everything happening in your cloud infrastructure. By analyzing them, you can detect and react to threats. Modern cloud applications are not just virtual machines, containers, binaries, and data. When you migrated to the cloud, you accelerated the development of your apps and increased operational efficiency. But you also started using new assets in the cloud that need securing.


Cloud lateral movement: Breaking in through a vulnerable container

Lateral movement is a growing concern with cloud security. That is, once a piece of your cloud infrastructure is compromised, how far can an attacker reach? What often happens in famous attacks to Cloud environments is a vulnerable application that is publicly available can serve as an entry point. From there, attackers can try to move inside the cloud environment, trying to exfiltrate sensitive data or use the account for their own purpose, like crypto mining.


AWS CIS: Manage cloud security posture on AWS infrastructure

Implementing the AWS Foundations CIS Benchmarks will help you improve your cloud security posture in your AWS infrastructure. What entry points can attackers use to compromise your cloud infrastructure? Do all your users have multi-factor authentication setup? Are they using it? Are you providing more permissions that needed? Those are some questions this benchmark will help you answer. Keep reading for an overview on AWS CIS Benchmarks and tips to implement it.


Unified threat detection for AWS cloud and containers

Implementing effective threat detection for AWS requires visibility into all of your cloud services and containers. An application is composed of a number of elements: hosts, virtual machines, containers, clusters, stored information, and input/output data streams. When you add configuration and user management to the mix, it’s clear that there is a lot to secure!

Getting started with cloud security

Your application runs on containers and talks to multiple cloud services. How can you continuously secure all of it? With Sysdig you can. Continuously flag cloud misconfigurations before the bad guys get in. And suspicious activity, like unusual logins from leaked credentials. All in a single console that makes it easier to validate your cloud security posture. It only takes a few minutes to get started.

Adaptive cybersecurity: 3 strategies that are needed in an evolving security landscape

Cybersecurity is no longer an outlandish concept to many business enterprise executives. What is still relatively unfamiliar to many organizations and their leadership, however, is the task of evaluating their cyber strategy and risk to determine how best to adapt and grow to stay secure while remaining competitive. Executives must initiate thorough evaluations of their existing cybersecurity strategies to figure out which types of new technologies and risk management strategies they need the most.


Veracode Hacker Games: The Results Are In!

The first ever Veracode Hacker Games competition has come to a close, but were the flaws in favor of our brave competitors? Read on to find out. Over the course of the two-week challenge, students from several universities in the U.S. and the U.K. came together to explore vulnerabilities and threats that they’ll one day face on the job.

Shape of the New | Global Art Market Webinar Series - Part 2: Regulation and Risk

Our two-part roundtable webinar series on the future of the global art market, features guests from Hauser & Wirth, HMRC, Demif Gallery and The Society of London Art Dealers. Presented by Gareth Fletcher of Sotheby’s Institute of Art, the series explores change and transformation in the art market, from new technologies, ways of viewing and buying art, and market supervision, to digital art crime, the rise of African artists, and the illicit trade in art and antiquities.

Fighting Digital Payment Fraudsters in Real-time: A Winning Framework (Part 2)

A customer walks into a bank, asks a question at the information desk, and then leaves. Later that day an operations manager notices an unmarked USB device left on the counter. He doesn’t remember who might have left it, so he plugs it into his computer to see if he can potentially spot the owner. As the USB loads, the malware shuts down the entire system, while the hackers get the bank’s customers’ account details.

Credential management best practices for business process automations

This webinar recording gives you a clear picture of the various credential-related perils that can surface because of implementing business process automation (BPA) workfows in your enterprise. Ganesh, our in-house IT security expert will walk you through the risks associated with hard-coding privileged credentials within application scripts and also provide you with a handful of security best practices to mitigate the risks and fortify your IT infrastructure from credential exposure through PAM360.

NIST SP 800-172 (Formerly SP 800-171B) Release Couldn't Come at a Better Time

NIST’s timely new release of Special Publication (SP) 800-172 (formerly referred to in draft form as 800-171B) provides exactly what its title says, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171. Yet it goes a step further to protect controlled unclassified information (CUI) specifically from APTs.


Black Kingdom Ransomware

Hot on the heels of 'Dearcry'[1], yet another ransomware threat has been observed as targeting Microsoft Exchange servers vulnerable to recently reported critical vulnerabilities[2]. Dubbed 'Black KingDom', this ransomware threat has reportedly been deployed through a web-shell that is installed on vulnerable Microsoft Exchange servers following the exploitation of the vulnerability chain that results in both remote code execution (RCE) and elevated privileges.


SD-WAN vs. MPLS: how do they compare from a security perspective?

SD-WAN and MPLS are two technologies that are often perceived as either-or solutions. For many organizations, however, SD-WAN and MPLS can complement each other. This article will define and compare the technologies, explaining how, in many cases, they work together. We’ll also explore SD-WAN’s popularity and its role in enabling modern security architectures like SASE.


How to choose a Digital Risk Protection Service (DPRS)

Digital risks are an inevitable by-product of an expanding ecosystem, and an expanding ecosystem is essential to societies' progression into the fourth industrial revolution. This unsettling conundrum has given rise to a novel field of cybersecurity known as Digital RIsk Protection (DRP). But like all novel solutions, it can be difficult to identify the capable minority from the majority still finding their feet.


What is Digital Risk?

Digital risk refers to all unexpected consequences that result from digital transformation and disrupt the achievement of business objectives. When a business scales, its attack surface expands, increasing its exposure to outside threats. This makes digital risk an unavoidable by-product of digital transformation. Fortunately, digital risk protection strategies have been developed to mitigate digital risk so that organizations can continue confidently scaling their operations.


What is Digital Risk Protection (DRP)? You could be exposed.

Digital risk protection (DRP) is the practice of protecting organizations from cyber threats during digital transformation. Rather than reacting to cyber threats after they're discovered, cybersecurity strategies must shift to a proactive approach to protection. This is the key to supporting ecosystem expansion while mitigating risk.


How to cyber security: Minimize risk and testing time with Intelligent Orchestration

Integrating AST tools into your CI/CD pipeline shouldn’t compromise your development velocity. Learn how Intelligent Orchestration can help. Sometimes it feels like software development is at the crux of the collision between an unstoppable force and an immovable object. The answer to putting security in every phase of development is partly process and partly automating and integrating security testing into the build and test phases of development.


What is an SMB Port? How to check for open ports 445 and 139? SMB versions explained.

SMB stands for Server Message Block, once known as Common Internet File System, is a communication protocol for providing shared access between systems on a network. At a high level, it is a set of rules adopted to share files, printers in a network. SMB is a file sharing protocol that involves computers communicating with each other in a local network. This local network could be a small business within the same office or a multi-national company with offices around the globe connected to each other.


SQL injection cheat sheet: 8 best practices to prevent SQL injection attacks

SQL injection is one of the most dangerous vulnerabilities for online applications. It occurs when a user adds untrusted data to a database query. For instance, when filling in a web form. If SQL injection is possible, smart attackers can create user input to steal valuable data, bypass authentication, or corrupt the records in your database. There are different types of SQL injection attacks, but in general, they all have a similar cause.

Are we forever doomed to software supply chain security?

The adoption of open-source software continues to grow and creates significant security concerns for everything from software supply chain attacks in language ecosystem registries to cloud-native application security concerns. In this session, we will explore how developers are targeted as a vehicle for malware distribution, how immensely we depend on open-source maintainers to release timely security fixes, and how the race to the cloud creates new security concerns for developers to cope with, as computing resources turn into infrastructure as code.

Automated Clean-up of HAFNIUM Shells and Processes with Splunk Phantom

If you haven’t been living under a rock for the past few weeks, you've probably come across the recent Microsoft Exchange Server vulnerabilities and its associated exploits.Stop!!! The first thing you should do is to go and patch any Exchange servers you may be running, then you can come back and finish reading this blog. Microsoft's blog provides links to various tools to help in this regard.


Cybersecurity strategy.... To Plan or not to plan...That is the question

What is a strategy? As defined by Merriam Webster…. ‘a carefully developed plan or method for achieving a goal or the skill in developing and undertaking such a plan or method.’ A cybersecurity strategy is extremely important, but many organizations lack a strategy, or they have not kept their strategy and subsequent roadmap current. A strategy is especially important in this day of digital transformation and for key initiatives like Zero Trust.


Average ransomware payouts shoot up 171% to over $300,000

Organisations hit by ransomware attacks are finding themselves paying out more than ever before, according to a new report from Palo Alto Networks. The Unit 42 threat intelligence team at Palo Alto Networks teamed up with the incident response team at Crypsis to produce their latest threat report which looks at the latest trends in ransomware, and compares payment trends to previous years.


Reciprocity Named Leader on G2 Spring 2021 Grid Report for Sixth Consecutive Quarter

ZenGRC Designated ‘Leader’ and ‘Users Love Us’ Among GRC Platforms SAN FRANCISCO – March 25, 2021 – Reciprocity, a leader in information security risk and compliance with its ZenGRC solution, today announced ZenGRC™ earned two badges on the G2 Spring 2021 Grid Report. This marks the 16th consecutive quarter ZenGRC has been recognized by G2 in its quarterly report.


What Is the NIST Cybersecurity Framework?

With cyber threats rapidly evolving and data volumes expanding exponentially, many organizations are struggling to ensure proper security. Implementing a solid cybersecurity framework (CSF) can help you protect your business. One of the best frameworks comes from the National Institute of Standards and Technology. This guide provides an overview of the NIST CSF, including its principles, benefits and key components.


Hybrid IAM: The Next Phase of Digital Identity

Today we published a new study* conducted by Forrester Consulting on behalf of ForgeRock and our friends at Google Cloud on the state of identity and access management (IAM) in the cloud. It’s a terrific read, and I encourage you to check it out. We introduce an emerging concept called “Hybrid IAM,” which we think is the next phase of digital identity.


What you need to know about DPIAs

Data protection impact assessments (DPIA), sometimes referred to as a Privacy Impact Assessment (PIA), are a tool used to describe how you intend to process and protect the personal information(PI, PII, etc) of individuals. Many forms of regulation including the GDPR and some compliance standards will require a DPIA depending on the risk levels associated with the data you are processing.


SSRF Attack Examples and Mitigations

Server-Side Request Forgery (SSRF) is an attack that can be used to make your application issue arbitrary HTTP requests. SSRF is used by attackers to proxy requests from services exposed on the internet to un-exposed internal endpoints. SSRF is a hacker reverse proxy. These arbitrary requests often target internal network endpoints to perform anything from reconnaissance to complete account takeover.


Styra DAS Free Expands to Include Custom Systems

As part of Styra’s vision for unified authorization, we founded the Open Policy Agent project (OPA) to make policy-based control of the cloud-native stack accessible to everyone. OPA has now grown to become the de facto standard for authorization across the stack, leading to a large part of the community looking for ways to manage the OPA policy-as-code lifecycle.


Developer Driven Workflows - Dockerfile & image scanning, prioritization, and remediation

When deploying applications in containers, developers are now having to take on responsibilities related to operating system level security concerns. Often, these are unfamiliar topics that, in many cases, had previously been handled by operations and security teams. While this new domain can seem daunting there are various tools and practices that you can incorporate into your workflow to make sure you’re catching and fixing any issues before they get into production.

How To: Build and Maintain a DevSecOps Culture

DevSecOps is the process of integrating secure development best practices and methodologies into development and deployment processes. Reliant on the fast development and delivery of agile software, businesses cannot afford to miss a step when it comes to keeping pace with the competition. However, when the next security breach is a matter of ‘when’ not ‘if,’ organizations are also ill-fated if they fail to ensure that their DevOps processes are just as secure as they are speedy.

Cloud SIEM: Modernize Security Operations and your Cyber Defense

Scott Crawford, Research Director of Information Security at 451 Research, a part of S&P Global Market Intelligence, joined by Greg Market, Vice President and General Manager of Security at Sumo Logic, discuss the increased adoption of cloud as a deployment model for SIEM. Cloud SIEM and various forms of deployment has become a significant factor for enterprises according to survey-based research at 451 Research.

Tips to Enhance Cybersecurity among Banks in Africa

The first step in enhancing cybersecurity is acknowledging that cyber attackers do not rest, especially now that most transactions are online. Africa has recently experienced frequent attacks on cybersecurity, increasing the global risk for information leakage. Cyber threats usually target those in the financial sector, and today, the probability is higher due to lockdowns and sudden high reliance on digital processes.


Ways to Improve Corporate Governance in Africa

Improving corporate governance should not just be a one-time thing but a continuous initiative. There are different development styles per country in Africa, which makes it important for governing leaders to assess the situation in their locality before planning out their goals for developing sound corporate governance. Africa has seen great efforts in achieving sound corporate governance in the past years. Corporate governance is now considered a prerequisite for economic development.


Stories from the SOC - Propagating malware

While freeware does not have monetary cost, it may come at a price. There may be limitations to freeware such as infrequent updates, limited support and hidden malicious software. Some freeware programs may have added software packages that can include malicious software such as trojans, spyware, or adware. It’s important to have additional layers of defense to provide that your environment is protected.


How Tripwire Does Configuration Management Differently

So many times, we hear companies say, “Our tools are just like Tripwire’s,” “We do configuration management just like Tripwire” and “We can push out policy just like Tripwire.” But as we say, this just ain’t necessarily so. You might be able to do configuration management using a “Tripwire-like” tool. You might configure it and use it set up a policy or a configuration of a system.


Cloud Threats Memo: Keeping Sensitive Data Safe From Personal Instances

Cloud-native threats have multiple implications. We are used to seeing legitimate cloud applications exploited within sophisticated kill chains, and we forget the basics: such as the risks posed by Shadow IT, like when personal email accounts are used to improperly handle corporate data. This is a very real risk right now, when users are working almost completely from home and the line between the professional and personal use of work devices is blurred.


Overview: CyberResearch by UpGuard

UpGuard has launched an exciting new product called CyberResearch. This post summarizes the solution and its key features. CyberResearch is a suite of fully managed services, encompassing third-party risk and data leak detection. This world-first innovation is designed to further reduce the risk of data breaches while making it easier than ever before to scale your cybersecurity efforts.


XR Money Rebellion Planning Movement Vs Banks, Financial Institutions

Extinction Rebellion (XR) is a London-based environmental group aiming at disruptive and nonviolent civil resistance. Launching their first public campaign in October 2018, XR centers their motives on resisting structures that dismiss climate change and degradation of natural resources[1]. XR has been notable in eliciting mass arrest, a Ghandian tactic that garnered them press coverage, funding, and attention from government agencies and policy bodies.


Hacking medical devices: Five ways to inoculate yourself from attacks

Healthcare companies must follow medical device security best practices to defend against attacks on devices and the networks and systems they connect to. It’s vital that healthcare companies follow medical device security best practices to defend against attacks on devices and the networks and systems they connect to—especially during a pandemic.


Top 5 Most Powerful IoT Security Testing Tools

The network of interconnecting devices to exchange data popularly known as the Internet of Things is evolving rapidly in the fast-paced industry of technology. However, advancement in IoT has also taken a toll on security. IoT Systems strive to enhance productivity, efficiency, and flexibility but also invite uncalled risks to the network. IoT Security stands as the need of the hour for secure and holistic development.


When legit apps turn malicious. (It happens more often than you think.)

A popular Android app Barcode Scanner was recently found to be infected with adware. After an update in late 2020, it started pushing advertising to users without warning. The QR code scanning app has been on the Google Play Store for years with over 10 million downloads and a high rating from users. So what happened? This actually happens pretty often.

Case Study - Online Skimming Attack Facilitated by Work-From-Home Arrangements

In May 2020, Kroll was contacted by a purveyor of high-end meats after receiving several customer complaints of potentially fraudulent credit card activity. The fraud allegations were raised after several customers observed unauthorized transactions on their credit cards shortly after placing orders through the purveyor’s e-commerce website. Kroll quickly assigned one of their seasoned Payment Card Industry (PCI) forensics investigators to review and investigate the matter.

Third-Party Risk Management in Healthcare

Third-party risk management in the healthcare industry is getting increased attention (partly due to the worldwide Covid-19 pandemic) because of the new European rules and legislations concerning the Healthcare section. In this video, Matthew McKenna, President of International Sales, speaks about third-party risk management in the Healthcare space.

Hangin' with Haig: Conversations Beyond the Keyboard with Guest Simon Jones of Helping Rhinos

Behind marketing buzzwords, product pitches, and business cycles, the complex cybersecurity market often forgets about the force that makes our world turn: the people that are embedded within it. That’s why we’ve created a livestream series that isn’t a pitch or demo, but a highlight of a star player– whether it be a non-profit partner or SOC leader, who has a tale to tell.

Analytics-Based Investigation and Automated Response with AWS + Splunk Security Solutions

Organizations are migrating an increasing amount of their infrastructure into the cloud. The cloud provides organizations with a number of benefits like greater scalability, improved reliability and faster time to value. However, these potential benefits can be offset if security is an afterthought.

Forward Networks

Integrating With ServiceNow for a Single Source Of Truth

Network operations teams rely on highly specialized tools developed by individual vendors designed to address particular problems. The result? Most enterprises have 10+ Network Operations applications in place and they don’t talk to each other—which means that network operations engineers spend an exhaustive and unnecessary amount of time toggling between applications and sifting through information as they work to resolve tickets.


Unraveling open port threats and enhancing security with port scanning tools

From exposing your network vulnerabilities to becoming a passageway for intruders, open ports can pose several risk vectors that threaten your network’s confidentiality, integrity, and availability. This is why it’s a best practice to close your open ports. To tackle the risks introduced by open ports, network admins rely on port scanning tools to identify, inspect, analyze, and close open ports in their networks.


Cybersecurity and accessibility for Ecommerce platforms: Is it possible?

Ecommerce store losses to online payment fraud are expected to reach $25 billion by 2024, a new Juniper report reveals — up from just $17 billion in 2020. Undoubtedly, cybersecurity should be a top priority for ecommerce owners. At the same time, accessibility is another pressing concern, with the need for websites to comply with the World Wide Web Consortium's Web Content Accessibility Guidelines (WCAG 2.0 AA).


Debunking Top Cloud Misconfiguration Myths

Do you remember all the apprehension about cloud migration in the early days of cloud computing? Some of the concerns ran the full paranoia gamut from unreliability to massive overcharging for cloud services. Some concerns, such as the lack of security of the entire cloud infrastructure, rose to the level of conspiracy theories. It is nice to know that those myths are all behind us. Or are they? It seems that many of the earlier misconceptions have been replaced with new notions about the cloud.


Detectify Security Updates for March 23

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.


How DevSecOps Analytics & Reporting Can Help You Hit 3 Key Goals

With information comes power. The same holds true for the security initiatives we stand up. To gain the most value from an enterprise application security (AppSec) program—and to support a journey toward DevSecOps—organizations must find a single source of truth on the risk they face across the entirety of the application portfolio. How? Through better security analytics.


How To Select A SIEM Solution For Your Business?

What is SIEM? SIEM stands for Security Information and Event Management that collects, aggregates, and analyses activity from different resources across the entire IT infrastructure of the organization. It collects security data from network devices, servers, domain controllers and more. It provides organizations with next-generation detection, analytics, and response. It provides information of utmost importance but the critical decision lies in how to choose the right SIEM solution for you.


Reducing Response Times with SOAR-Integrated Threat Intelligence

Security teams tend to devote a considerable amount of time to investigating warnings that may or may not be "actual" attacks. A false positive occurs when a natural or non-threatening behavior is mistakenly interpreted as malicious. Thousands of warnings may need to be investigated as a result of this. If your security analysts are actively reviewing false warnings, they can spend a lot of time evaluating false alerts before they can start evaluating legitimate threats.


Stored XSS, explained: How to prevent stored XSS in your app

Web applications are one of the most targeted assets these days because they’re both open to the internet and have a larger attack surface. Attackers find various ways to hack web applications. And among all of those techniques, some make it to the OWASP Top Ten list of security risks. Cross-site scripting (XSS) has been one of the consistent toppers of this list, and in this post, we’ll discuss in detail one variant of cross-site scripting—stored XSS.


Bridging Cloud and On-Premises Content Storage in a Post-Pandemic World

In the last several years, companies have accelerated their cloud adoption and have invested time and resources to lift and shift their content, development and applications to public and private clouds. The onset of the global health crisis has further accelerated even the more traditional brick-and-mortar companies to invest in cloud technologies. Yet, we still see customers hosting content on on-premises repositories in spite of inexpensive per-GB cloud storage. Why is that?

CloudCasa Demo - Persistent Volume Backup Utilizing on Amazon EKS Cluster

Watch this video to learn how to easily set up backup and recovery jobs for your persistent volumes in Amazon Elastic Kubernetes Service (EKS). Start by adding your clusters to the CloudCasa service and defining backup jobs for your auto-discovered resources. Select from predefined backup policies for your persistent volumes and enable CSI snapshots to establish recovery points in time. Easily select and restore cluster resources and data from your backup data sets.

Data Protection for SUSE Rancher Managed Clusters is Easy with CloudCasa

Why you Need Data Protection for Kubernetes Now that you have SUSE Rancher managing your Kubernetes applications, you need to consider how to further protect your application data. While Kubernetes is designed to provide a zero-downtime environment, service interruptions can happen, as well as human and programmatic errors and of course the dreaded ransomware and cyber-attacks.


AWS S3 security with CloudTrail and Falco

One of the major concerns when moving to the cloud is how to approach AWS S3 security. Companies may have moved their workflows to Amazon, but are still cautious about moving their data warehouse. And that is totally understandable. We have all heard about data breaches in companies like Facebook, GoDaddy, and Pocket. It’s important that access to information is done properly, in a limited and controlled fashion, to avoid such breaches.


Texas power failures highlight dangers of grid attacks

In mid-February, a winter storm left more than 4 million people in Texas without power. These outages lasted days, leading to substantial property damage and even death, and they paint a grim picture for the future. Should a cyberattack successfully infiltrate U.S. power grids, the results could be deadly. The Texas power failures did not result from a cyberattack, but they highlight how destructive grid outages can be.


CISO Soup: Data Breaches, Strategy and Cybersecurity Culture

For the longest time, those of us who occupy the role of the CISO have fought for our seat at the ‘big table.’ Although it appears some of us are being invited into the C-suite, there is still a long way for us to go.This is highlighted in a 2021 report provided BT, which places “CISOs under the spotlight” and illuminates some interesting and concerning issues that businesses need to address.


6 Cloud Security Resources that You Should Be Using

It’s easy to get overwhelmed with the number of cloud security resources available. How do you know which sources to trust? Which ones should inform your security strategies? Which reports will actually improve your cloud security posture? Let’s first look at six cloud security guides that you should be using. These resources provide action items that you can take back to your team and use immediately.


How Can the Trucking Industry Secure Their Telematics?

The trucking sector is essential to countless other industries. Without reliable transportation, supply chains would crumble, and companies and consumers would face shortages. With so much riding on it, it’s no wonder why the industry has fully embraced technology like telematics in recent years. Telematics refers to the suite of technologies fleets use to share data between vehicles and command centers.

outpost 24

4 ways Security and DevOps can collaborate to reduce application vulnerabilities

A collaborative approach between SecOps and DevOps is key to any successful security integration - particularly as developers and security teams have different priorities from the get-go. In this blog we will share 4 tips for getting developers on board to enable true DevSecOps for your business.


Identity and Access Management vs Password Managers: What's the Difference?

Identity and access management best practices dictate that an organization provide one digital identity per individual. That identity can be maintained, monitored, and modified as needed while the user works on different projects and in different roles. However, strong IAM requires the use of tools and platforms, in addition to the principle of least privilege, to keep valuable information secure. [Read: 5 Identity and Access Management Best Practices]


What harm can computer viruses cause?

It’s often said that coders can make or mar the internet. They make the internet by creating great apps, websites, software etc, and can also mar the internet through malicious programs like viruses. Computer viruses are one of the most discussed topics by regular computer users. You must have found yourself discussing this topic one way or the other. However, many don’t know the details about computer viruses.


Enabling Faster and More Efficient Cyber Security Incident Response With SIEM & SOAR

While bad actors have become more organized and sophisticated by refining their craft, they are not the only attackers a security professional needs to be concerned with in 2020. There are still opportunistic, less skilled hackers that utilize commoditized exploits. These attack strategies are made possible by leveraging resources that are highly profitable and simple to use, such as simple phishing kits or even ransomware-as-a-service (RaaS) tactics.


Why Is SOAR A Good Bet For Fighting Mega Cyber Security Breaches?

Not many things keep company executives and heads of federal agencies up at night like mega cyber breaches do. Mega cyber breaches are not only on the rise, but are also becoming increasingly costly to treat. IBM found that a mega-breach can cost an organization anywhere between $40 to a whopping $350 million. There are two variables contributing to mega breaches, and these variables are spread among most organizations.


Everything You Need to Know to Secure Your Network

SCADA stands for Supervisory Control and Data Acquisition, and although it’s not likely to be the first thing to come to mind when discussing cyber security, it certainly should be. As its name implies, it is a type of software designed to supervise – controlling and monitoring – and collect data and well as analyze data for industrial processes.


Three Reasons Why CCPA Compliance May Require SIEM

CCPA, the recent legal privacy innovation in the US, has introduced a lot of requirements for online businesses. We have previously covered the principle of accountability in both CCPA and GDPR, and how an audit log of all data-related activities as well as handling user rights’ requests is important for CCPA compliance. But we sometimes get the question “Is your SIEM going to help us with CCPA compliance?” or even “Is SIEM required for CCPA compliance?”.

Shape of the New | Global Art Market Webinar Series - Part 1: Markets and Makers

Our two-part roundtable webinar series on the future of the global art market, features guests from Hauser & Wirth, HMRC, Demif Gallery and The Society of London Art Dealers. Presented by Gareth Fletcher of Sotheby’s Institute of Art, the series explores change and transformation in the art market, from new technologies, ways of viewing and buying art, and market supervision, to digital art crime, the rise of African artists, and the illicit trade in art and antiquities.

How Twilio Scaled through Dev-First Security and DevSecOps

As more organizations leverage cloud native technologies such as Kubernetes, IaC, containers and serverless – shifting left and adopting DevSecOps is a must-do. But how does it actually work in practice? Meet Twilio; a billion dollar unicorn that has mastered dev-first security. In this session, you’ll hear from Twilio’s Head of Product Security on how he built and runs an application security program that maintains high velocity outputs.

OWASP Top 10: Security Misconfiguration Security Vulnerability Practical Overview

Security Misconfiguration is #6 in the current OWASP Top Ten Most Critical Web Application Security Risks. Misconfiguration can include both errors in the installation of security, and the complete failure to install available security controls.


Dearcry Ransomware Microsoft Exchange Exploited

Following high profile headlines of critical vulnerabilities affecting Microsoft Exchange servers, as detailed in our previous blog/bulletin[1], proof-of-concept exploits have become publicly available and appear to have been utilized by a financially-motivated threat actor in the seemingly manual deployment of a new ransomware threat dubbed 'Dearcry'.


Netacea discusses Bot Groups at Cyber Security Digital Summit

On 16th March Netacea sponsored the virtual Cyber Security Digital Summit where, alongside speakers from Blackberry, Thycotic and Disney, Netacea’s Head of Threat Research, Matthew Gracey-McMinn hosted a session for attendees. During the showcase, Matthew explored “Lessons Learned From An Invite Only Bot Group & Developing A MITRE-Style Framework for Bots”.

Utilizing Employee Monitoring For Operational Efficiency And Data Security

Join us in our latest episode hosted by Christines Izuakor and Anthony Lauderdale, Head of Cyber Defense at Zoom, as we discuss the evolution of Employee Monitoring Software, and how the technology can be utilized to increase operational efficiency in the new remote world. We also discuss Insider Threat Detection and how employees could be influenced by financial data to exfiltrate intellectual property.

What is PECR and when does it apply?

It’s hard to ignore the GDPR these days, with headline-making fines and regular news updates on the continuing impacts of data protection post-Brexit. Most business will be aware of what they have to do for the GDPR, with increasing numbers actively doing something about it. But there is another privacy regulation that UK businesses must comply with.

How to evaluate & select the right SIEM

In this webinar, we discuss how we evaluated and selected LogPoint SIEM. Cygilant is uniquely positioned to present this webinar as we select best-of-breed technology not just for us but for our customers. How we selected SIEMs to evaluate for our customers What criteria and considerations we use Why we decided to partnered with LogPoint Detection capabilities of LogPoint Real world customer use cases (Fitchburg State University) Benefits of best-of-breed tech combined with best-in-class service

WLAN under fuzzing with Defensics

A wireless LAN (WLAN), also commonly called Wi-Fi, is a wireless local area network defined in the various IEEE 802.11 standards and certified by Wi-Fi Alliance. WLAN capability used to be listed using the name of the IEEE standard amendment that it supports. Now the Wi-Fi Alliance uses generational numbering for corresponding technology support: Wi-Fi 4 (for devices implementing IEEE 802.11n), Wi-Fi 5 (IEEE 802.11ac), and Wi-Fi 6 (IEEE 802.11ax).


Following best practice with the Cloud Controls Matrix

This week the Cloud Security Alliance (CSA) released the latest iteration of the Cloud Controls Matrix (CCM), the first major update in two years. The CCM is considered by many to be the go-to standard for cloud risk assessments. As part of best practice, all organizations should use the matrix when evaluating whether a cloud service meets their requirements. In this article, we provide an overview of the matrix, why it is important and how to use it in conjunction with other CSA tools.

The 2021 Ransomware Landscape for Risk Managers (Q&A)

David Klopp, Managing Director in the Cyber Risk practice of Kroll, recently spoke at the first session of PARIMA’s Confident Response Series 2021. The series aims to fine-tune incident response preparedness and help risk managers understand the latest tactics, techniques and procedures from the most successful cybercriminals, leading to deeper collaboration with business partners and mitigation of technical, legal and reputational risks.


Enterprise-Grade Mobility takes another step forward with new mobile security offers

Companies and organizations of all sizes need mobile technology built for the rigors of business—it’s a must for businesses seeking to stay competitive. Enterprise-grade mobility offers additional business options, features, and services, helping companies perform functions beyond just enabling employees to work remotely.


What is a security operations center (SOC)? Explaining the SOC framework

If you’re responsible for stopping cyber threats within your organization, your job is more challenging than ever. The exposure to threats for any organization continues to escalate, and breaches are occurring every day. Consider: If your company doesn’t have a security operations center (SOC), it may be time to change that. In fact, a recent study indicates 86% of organizations rate the SOC as anywhere from important to essential to an organization's cybersecurity strategy.


64 times worse than ransomware? FBI statistics underline the horrific cost of business email compromise

The FBI is reminding organisations of the serious threat posed by business email compromise (BEC) scams, declaring that it caused over $1.8 billion worth of losses to businesses last year. The newly-published annual cybercrime report from the FBI’s Internet Crime Complaint Center (IC3) reveals that it had received a record number of complaints and claims of financial loss – with internet crime causing more than $4 billion in losses.


What Is FISMA Compliance? Key Requirements and Best Practices

It should come as no surprise that the federal government takes cybersecurity compliance quite seriously. After all, federal agencies manage massive stores of data related to national and international security and public health, as well as the personal information of most residents of the country. FISMA (the Federal Information Security Management Act) defines a set of security requirements intended to provide oversight for federal agencies on this front.


HAFNIUM: Protecting Your Exchange Server from Data Exfiltration

In early March, Microsoft reported a large, coordinated attack that exploited critical vulnerabilities in Exchange Server 2010, 2013, 2016 and 2019 in an attempt to exfiltrate credentials and other sensitive information from organizations’ mailboxes. Microsoft attributed this attack to a sophisticated Chinese group code-named HAFNIUM. The first detected attempts date back to January 2021.


The Internet of Things Is Everywhere. Are You Secure?

From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos, the internet of things is all around you. The internet of things (IoT) describes the network of interconnected devices embedded with sensors, software, or other technology that exchange data with other devices and systems over the Internet.


SIEM and XDR: The Same Thing Under The Hood

XDR (Extended Detection and Response) is a new trend by large security vendors, and too often people find themselves asking “okay, what’s the difference with SIEM?”. According to Gartner, the main difference is that it is natively integrated with products, typically from the same vendor, which helps in providing better detection and response capabilities. But let’s take a look into what this means in practice.

Integrating security automation in modern application development environments

Automating security has become fundamental to supporting the speed-to-market requirements of modern application development environments. In this video, you will hear from the security teams at Skyscanner and Red Venture on how they are automating application security as part of their application development environments, thus helping their development teams to prioritize and remediate vulnerabilities more effectively.

Orchestrate Framework Controls to Support Security Operations with Splunk SOAR

Every security team should utilize security frameworks in their strategy and tactics to help reduce risk from common cybersecurity threats. Security frameworks guide organizations on how they should develop, build, and maintain their IT security policies and procedures while sharing best practices for meeting compliance requirements. Healthcare operations in particular are often presented with increasing regulatory scrutiny and obligations that must be met in order to be competitive.


A look at 4 security log management use cases

It’s a mistake to think log management tools are a simple reactive security tool. A fully modern log management platform does more than just facilitate threat hunting and forensics. Optimal log management helps generate new insights from the data contained in your logs by providing customizable dashboards to view and explore them. Additional features including alerts, and automation speed up processes and make a security team more responsive in real time.


Security checklist for using cryptocurrency in online casino transactions

Cryptocurrency (crypto) transactions are solely reliant on the online space. Billions of people have access to online platforms. The autonomy provided by cryptosystems exposes users to more danger as there are no centralized authorities. Thus, expert fraudsters such as hackers may be able to access your transactions via their computer.


Security vs. Compliance: What's the Difference?

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of reminded me that too often the peanut butter and chocolate sit alone on their own separate shelves.


Vulnerability Management: Top 6 Best Practices for Developers in 2021

Companies with a presence on the internet and widespread networks are increasingly being targeted by malicious code writers. There’s ample evidence to suggest hackers and Advanced Persistent Threat (APT) groups routinely run campaigns trying to snare employees, contractors, etc. to steal data or hold it for ransom. Simply put, cyber threats and cyberattacks are on the rise.


Backstage integration with the Snyk API

Backstage began life as an internal project at Spotify and was released as an open-source project in 2020. Its original intention was to be a central location where the company had a registry of all software they had in production but has since evolved into a much more advanced platform, including a plugins system that helps users extend the platform. This plugin system is a significant reason for Backstages success and drove adoption within the company.


How to Marie Kondo Your Incident Response with Case Management & Foundational Security Procedures

Marie Kondo, a Japanese organizational consultant, helps people declutter their homes in order to live happier, better lives. She once said: Similarly, in security, operational teams are constantly bogged down by a “visible mess” that inhibits their ability to effectively secure their organization.


Deploying Elastic to further strengthen IT security at TierPoint

TierPoint is a leading provider of secure, connected data center and cloud solutions at the edge of the Internet with thousands of customers. At TierPoint, I’m responsible for maintenance and development of the information security program, which includes threat analytics, incident response, and digital forensics. We’re constantly looking for new and even more effective ways to aggregate, process, and make decisions from massive amounts of data streaming in from diverse sources.


4 Strategies to Mitigate Pass-the-Cookie Attacks

Another year, another new set of cybersecurity threats to overcome, outwit and mitigate against. At the beginning of 2021, the cybersecurity world was informed by CISA (the USA Cybersecurity and Infrastructure Security Agency) of a spate of attacks targeting cloud environment configurations, supposedly occurring as a result of the increase in remote working.


To Patch or Not to Patch in OT - That Is the Real Challenge

The objective of an organization when implementing cybersecurity controls is to eliminate risk, but this oftentimes involves settling for managing risk at an acceptable level. Each organization defines what that acceptable level is depending on several factors including the environment, the criticality of function, the asset type, etc. There are many methods and techniques that an organization can then use to manage this risk. One of the most commonly used methods is patching.


3 BYOD Security Risks and Challenges

It’s estimated that over 50% of employees use their personal devices for some work activities. As more people use their personal smartphones or laptops to do their jobs, the security risks at an organization increase dramatically. BYOD — whether instituted as a formal policy or as an adaptation to the pandemic — opens a company’s systems and platforms up to hacking, data loss, and insider threat.


Cloud and Threat Report: Was 2020 the Year of the Malicious Office Document?

In the summer of 2020, there was a big, short-lived spike in malicious Office documents. The Emotet crew had been quiet in the spring and began leveraging their botnet to send extremely convincing phishing emails to their victims, often with a link to download an invoice or other document from a popular cloud service. Those documents contained malicious code that installed backdoors, ransomware, bankers, and other malware on unsuspecting victims’ computers.


How to Fix The Top 10 Critical CVEs That Can Lead To A Data Breaches

A typical organization’s environment consists of a myriad of applications and services, each with its own unique set of ongoing vulnerabilities and flaws that could ultimately lead to a data breach. This can make IT security and operations’ job difficult, as different departments and groups within a company may utilize specific software offerings to accomplish their job functions.


Don't get breached: Learn how to prevent supply chain attacks

Cybercriminals are surprisingly lazy. Hackers are continuously cultivating their methods to achieve maximum impact with minimal effort. The adoption of a Ransomware-as-a-Service model is one example of such an achievement. But perhaps the apical point of cyberattack efficiency was achieved with the invention of the supply chain attack. A supply chain attack is a type of cyberattack where an organization is breached though vulnerabilities in its supply chain.


Critical Microsoft Exchange flaw: What is CVE-2021-26855?

On January 6, 2021. Hafnium, a Chinese state-sponsored group known for notoriously targeting the United States, started exploiting zero-day vulnerabilities on Microsoft Exchange Servers. The criminals launched a deluge of cyberattacks for almost 2 months without detection. On March 2, 2021, Microsoft finally became aware of the exploits and issued necessary security patches. By that point, it was too late.


Zero Trust Architecture: Key Principles, Components, Pros, and Cons

Whom can you trust within your network? In the zero trust paradigm, the answer is no one. The zero trust approach to cybersecurity states that access should only be granted after a user is verified and only to the extent needed to perform a particular task. In this article, we take a detailed look at different approaches to zero trust implementation. We explore the basic principles of a zero trust architecture and consider the key pros and cons of this cybersecurity approach.


Why should DevOps teams choose IAST?

No matter where you are in your AppSec program, IAST tools can grow and scale with your organization’s needs. DevOps principles and practices are continuing to be adopted by a wide variety of companies, and here at Synopsys we’re working with our customers to help them in this journey. When it comes to DevSecOps, we have a comprehensive portfolio of products and services to help build security into every DevOps environment.


Different types of malware + examples you should know

Computers are machines driven by specific instruction sets governed by various rules and protocols known as operating systems. Just like the human body’s immune system is vulnerable to new viruses and their mutants, computers are prone to malware infections. We cover these basics and the different types of malware in this article. Malware in electronic devices can result in software vulnerabilities, which may affect legitimate programs in the system.


Stay Safe From Cyber Criminals With These FIVE Simple Steps

Those who are familiar with ionCube and ionCube24 will know we are big on security with our focus being on robust PHP code protection tools and website malware protection. But what about the daily cyber security risks which affect all of us? Cyber crime is a huge deal in the age of technology and not everyone will be as aware of tools we can use to protect ourselves or the tips we can consider every day to keep ourselves safe.


3 Simple Reasons Why Developers Should Become Security Advocates

If you’re a developer, it’s time to embrace security, not for the higher-ups or the tenacious CISO—but for yourself. Because at the heart of any successful DevOps initiative is you, the developer who drives the software agenda and deploys the code. This means not just nodding enthusiastically during security meetings but actually placing yourself, and the meaningful work you do, at the center of an effective application security (AppSec) program.


Automated Security Testing for Developers

Today, more than ever before, development organizations are focusing their efforts on reducing the amount of time it takes to develop and deliver software applications. While this increase in velocity provides significant benefits for the end users and the business, it does complicate the process for testing and verifying the function and security of a release.

Effective Cyber Crime Investigations Demand Thoughtful Disclosures

The lifecycle of a cyber security incident can be broken up into three stages: investigation, remediation and notifications/disclosures, the latter often being the most complex, time consuming and costly. Disclosure challenges are compounded due to breach notification laws that require initial statements before the investigation is completed and the incident is fully contained. They can also stem from improper interpretation of digital forensics findings.


Scaling OPA: How SugarCRM, Atlassian and Netflix Unified Authorization across the Stack

Open Policy Agent (OPA), now a graduated project from the Cloud Native Computing Foundation, has become the open-source tool of choice for millions of users, who leverage it as a standard building block for policy and authorization across the cloud-native stack. Given the flexibility of OPA — with practically limitless deployment options — it has been adopted for dozens of use cases across hundreds of companies.


Automate container security with Dockerfile pull requests

Integration with your source code managers and issuing pull requests to fix issues has been part of Snyk’s success in helping our customers fix application dependencies for several years. Now, we want to help you address container security in a similar way. We’re happy to share that we are extending Snyk Container by helping you automatically fix issues in your Dockerfile to keep an up-to-date base image at all times.


Defining Developer-first Container Security

Have you shifted left, yet? That’s the big trend, isn’t it? It’s meant to signal a movement of security responsibilities, moving from central IT teams over to developers, but that’s trickier than it sounds. Simply taking tools that are intended for use by security experts and making them run earlier in the supply chain does not provide developers with meaningful information.


Detecting Cobalt Strike with memory signatures

At Elastic Security, we approach the challenge of threat detection with various methods. Traditionally, we have focused on machine learning models and behaviors. These two methods are powerful because they can detect never-before-seen malware. Historically, we’ve felt that signatures are too easily evaded, but we also recognize that ease of evasion is only one of many factors to consider.


ECS Fargate threat modeling

AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances. With AWS Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers. This removes the need to choose server types, decide when to scale your clusters, or optimize cluster packing. In short, users offload the virtual machines management to AWS while focusing on task management.

Forward Networks

Using Insight to Tame ACL Management

Did you hear about the change window that went exactly as planned? No? That’s because the odds of winning the PowerBall without buying a ticket are better than the odds of executing a change window on a global network without a glitch. What about the story of the tier one network engineer that diagnosed and resolved an ACL in seconds? That one also seems as mythical as staying friends with your ex—but it’s not.


What is network segmentation? NS best practices, requirements explained

If you follow cybersecurity current events, you may know that the cost and frequency of a data breach continue to skyrocket. Organizations are constantly under attack, and the shift to remote work is only exacerbating the problem. According to IBM’s 2020 Cost of a Data Breach Report, most respondents are concerned that identifying, containing, and paying for a data breach is more burdensome today than ever before.


Is automated vulnerability scanning the best way to secure smart vehicles?

To those who pay attention to such things, it seems like a new vulnerability in smart car systems is found every week. In 2020, the numbers beat all previous years. The inescapable conclusion is that smart cars are now among the favorite targets of hackers and APT (Advanced Persistent Threat) actors. One of the main reasons for this is the sheer number of different systems that the average connected car contains today.


Navigating Transformation with Managed Cybersecurity Services

The coronavirus pandemic has added new layers to the threat landscape facing corporate security leaders in 2020 and going into 2021, as well. As businesses and workforces sought to adapt rapidly to remote working at scale, malicious groups and other threat actors began exploiting opportunities to target stressed people and systems with malware.

Secure the Supply Chain with Center for Internet Security (CIS) and Tripwire

Events like the recent Sunburst/SolarWinds and Florida water plant breaches serve as a reminder that the supply chain needs to be secured just as much as your organization’s in-house infrastructure. Protecting the supply chain is a matter of implementing the right cybersecurity controls to your multi-vendor environment, such as the 20 Center for Internet Security (CIS) Controls.

Quick Guide to the Difference Between a Public and a Private Cloud

Cloud security. Cloud architecture. Cloud storage. As you start scaling your business, you know “the cloud” is an important element of your IT capabilities. But, it can be a little confusing to understand the ins and outs of “the cloud” — especially when it comes to using cloud-based tools for your company to work remotely. Before we get into private vs public clouds, let’s quickly establish what we mean by cloud computing.


Netskope Threat Coverage: DearCry Ransomware

On March 2, Microsoft released patches for four zero-day vulnerabilities affecting Exchange Server 2013, 2016, and 2019 (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). In the following weeks, attackers have been aggressively targeting vulnerable servers to install web shells that provide persistent remote access to infected servers. On March 9, attackers began installing a new ransomware variant known as DearCry or DoejoCrypt on infected servers.


Complete Guide on Man in the Middle Attack ( MITM ) For Mobile Applications

Businesses have known for a long time that there always are weak links in security, especially mobile security. The worse part is not that businesses get affected by these security issues, but the fact that public awareness is terribly low on how vulnerable this can be. The man in the middle attack has been one of the most exploited ways hackers have tried and managed to steal information and money.


Failed SIEM Projects And How To Avoid Them

You purchase a license (through an RFP process or not), the integrator comes, gathers information about your environment, two weeks later they come to set up the configuration and then you start seeing beautifully ingested logs from all across your environment, allowing you to define meaningful correlation rules. Well, of course, that’s nonsense. It’s never as smooth and straightforward, no matter what the vendor claimed in their datasheet or proposal.


The Future of Cloud-delivered Security: Lookout Acquires CipherCloud

Today Lookout announced that we’ve acquired CipherCloud, a leading cloud-native security company that operates in the emerging Secure Access Service Edge (SASE) market. The combination will create the industry’s first company capable of providing an integrated endpoint-to-cloud security solution.


Solving Java security issues in my Spring MVC application

The Spring MVC framework is a well-known Java framework to build interactive web applications. It implements the Model-View-Controller architecture pattern to separate the different aspects of your application. Separating the different logic elements like representation logic, input logic, and business logic is generally considered good architectural practice.


Docker Hub Authentication: Is 2021 the year you enable 2FA on Docker Hub?

Judging by the reactions I saw in the audience during my past talks on “Securing Containers By Breaking In”, as well as recent reactions on Twitter, not many know about Docker Hub’s fairly recent multi-factor authentication feature. In October 2019, in order to improve the Docker Hub authentication mechanism, Docker rolled out a beta release of two-factor authentication (also known as 2FA).


Running commands securely in containers with Amazon ECS Exec and Sysdig

Today, AWS announced the general availability of Amazon ECS Exec, a powerful feature to allow developers to run commands inside their ECS containers. Amazon Elastic Container Service (ECS) is a fully managed container orchestration service by Amazon Web Services. ECS allows you to organize and operate container resources on the AWS cloud, and allows you to mix Amazon EC2 and AWS Fargate workloads for high scalability.


What Does the HIPAA Safe Harbor Bill Mean for Your Practice?

Getting incentives for the best security practices is a win-win for all healthcare-related entities. For one, you are getting incentives, and secondly, you are making sure that you have a rock-solid defense in terms of security. Many organizations find that the rules and regulations that HIPAA entails are too extensive and overwhelming, however. What’s more, cybersecurity wasn’t a thing when HIPAA was introduced.


Stories from the SOC - DNS recon + exfiltration

Our Managed Threat Detection and Response team responded to an Alarm indicating that suspicious reconnaissance activity was occurring internally from one of our customer's scanners. This activity was shortly followed by escalating activity involving brute force activity, remote code execution attempts, and exfiltration channel probing attempts all exploiting vulnerable DNS services on the domain controllers.


Making Sense of a Ransomware Pandemic Amid a Pandemic

The vast majority of modern businesses rely heavily on optimized computer networks utilizing shared drives and remote connections. The threat that ransomware poses to this network configuration is second to none. 2020 was tough. The world found itself in unfamiliar territory. We faced the challenges of remote working and while doing so ransomware found a gateway to thrive.


The biggest bot threats to your brand in 2021

In our recent webinar Netacea’s Head of Threat Research, Matthew Gracey-McMinn and Head of eCommerce, Thomas Platt, delved into the top threats set to shape the bot landscape in 2021. 2020 saw an increasing number of bot-based attacks as everything moved online. From online shopping to working from home, the pandemic has changed the way we interact, communicate and consume. As internet activity increased, so did the opportunity to exploit users.


10 steps to cyber security for your business

In this article, you will understand what cyber security entails and the breakdown of NCSC’s 10 steps to cyber security that you must know. During our third party security validation exercises or customer communication, we have often come across customers without an answer to ‘what actually their IT and security products are protecting’. It is vital to be aware of what is important, what to protect and how to protect before shopping for security products.


Weekly Cyber Security News 12/03/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I’m not going to make any snappy and witty remark over this one as I feel the horror everyone must have felt seeing the photos and aftermath. We never hope to have to enact a DR plan, and after being there many years ago when I had to, believe me it is not fun even when prepared.

Create and Manage API Service Accounts with the Identity API

In this video you will learn how to use the Identify REST API command to: Veracode REST APIs enable you to access Veracode Platform data and functionality using REST API programming conventions. The API provides endpoints for managing users, teams, and business units, using the create, update, read, and delete actions on their respective objects. It also provides a consistent way of onboarding teams by scripting the process from start to finish.

Integrate certificate life cycle management with enterprise MDM and boost your mobile ecosystem security

A huge portion of today’s corporate network is made up of mobile endpoints, such as laptops, tablet computers, and mobile phones. These are domain-joined and non-domain devices that require access to corporate assets to carry out everyday operations.


A plea to small businesses: Improve your security maturity

Never have I been so compelled to help educate small businesses on the need for cybersecurity. On Saturday morning, March 6, 2021, I awoke to the Wall Street Journal article describing the Hafnium attack. This attack on Microsoft Exchange Servers was shared publicly on March 2nd with a patch for the issue released on Wednesday, March 3rd. This patch appeared to spark action from the hacker who ramped up and automated their attack for maximum scale.


CMMC vs NIST: What's the Difference?

If your firm is a government contractor working with the U.S. Department of Defense, or works anywhere in the DoD supply chain, brace for big changes in the cybersecurity requirements your business will need to meet. By 2026, the Defense Department will require its contractors to comply with new cybersecurity standards known as the Cybersecurity Maturity Model Certification — CMMC, for short.


Cloud Threats Memo: How Leaky Are Your Cloud Apps?

Leaky cloud services are a major concern these days. As more and more organizations move their data and applications to the cloud, ensuring new forms of collaboration and agility for their workforce, setup errors and misconfigurations (or even the lack of understanding of the shared responsibility model) pose a serious risk for the new, enlarged corporate perimeter. So far, in 2021, I have collected 12 major breaches fueled by cloud misconfigurations, and I wonder how many flew under the radar.

Product Demo | Managed Vendor Risk Assessments

Produce accurate vendor assessments using UpGuard's new Managed Vendor Risk Assessments module. Contact to learn more UpGuard is a complete third-party risk and attack surface management platform, managing cyber risk across attack surfaces and third-party vendors by proactively identifying security exposures.

IAM 101 Series: What Is Hybrid IAM?

Cloud identity and access management (IAM) is a fast-growing trend that is predicted to extend well into the future. For example, Verified Market Research alone projects that, by 2027, the market for cloud IAM will be more than $14 billion. Yet, while the cloud-based IAM market is exploding, the reality is not all roses. In our last IAM 101 post, What are Hybrid IT and Hybrid Cloud?, we discussed the differences, benefits, and disadvantages of hybrid IT and hybrid cloud.


Don't let supply chain security risks poison your organization

Supply chain security risks are not new, but recent headlines are a reminder for consumers to re-examine their security practices. The story about the guy who hit his mule between the eyes with a 2×4 to “get his attention first” so the beast would then obey his gently whispered commands is memorable because it uses humor to make a serious point: Don’t wait to get clobbered before you pay attention to exhortations about what you ought to do.


Hitting Snooze on Alert Fatigue in Application Security

Medical devices, subway car doors, severe weather warnings, heavy machinery, car alarms, software security alerts. They all notify you to indicate that something is wrong so that you can take action to prevent harm. Hospital monitors can detect a wide range of issues, from an incorrect dose of medication to an irregular heartbeat and beyond. They can quite literally save a life. The same goes for severe weather alerts that warn of impending tornadoes or hurricanes.


Account Takeover (ATO) attacks and how to prevent them

As more businesses move IT infrastructure to the cloud, the threat of employee account takeover becomes more of a concern. If you’ve migrated to SaaS applications like M365, Zoom, and Salesforce, they are going to be exposed to the public internet, and fall beyond the purview of traditional network security technologies like a firewall.


Preventing SQL injection in Node.js (and other vulnerabilities)

The database is an essential part of a web application. It’s where you receive and store users’ data, which you can then use to provide personalized services. As such, database security is an important part of every web application to ensure the safety and integrity of data collected from users. In this post, we’ll be looking at SQL database vulnerabilities in Node.js, like SQL injection, and how to prevent them.


CSRF Attack Examples and Mitigations

Cross-Site Request Forgery (CSRF) attacks allow an attacker to forge and submit requests as a logged-in user to a web application. CSRF exploits the fact that HTML elements send ambient credentials (like cookies) with requests, even cross-origin. Like XSS, to launch a CSRF attack the attacker has to convince the victim to either click on or navigate to a link.


Onboarding in the Digital age & two must-haves in your tool kit

If COVID-19 pandemic has made anything obvious to the business community, it is that riding the digital wave is no longer an option for businesses to thrive in the long-run. While several giant enterprises have already switched to a completely remote set up, laggards are still trying to figure their way around justifying such a move. For smaller organizations, however, investing in a digital-first future might not be as easy.


Detection and Investigation Using Devo: HAFNIUM 0-day Exploits on Microsoft Exchange Service

On March 2, 2021, Microsoft announced it had detected the use of multiple 0-day exploits in limited and targeted attacks of on-premises versions of Microsoft Exchange Server. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign—with high confidence—to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.


Fighting Digital Payment Fraudsters in Real-time: A Winning Framework (Part 1)

A few weeks ago Seattle-based financial services and data management firm Automatic Funds Transfer Services (AFTS) suffered a serious ransomware attack. A gang called “Cuba” hacked and stole approximately 20 months’ worth of AFTS data, including financial documents, correspondence with bank employees, account movements, balance sheets, and tax documents. The compromised data then was offered for sale on the dark web.


Snyk Expands Into Asia Pacific Japan

At the beginning of 2021, I noted that Snyk was ready to soar. And soar we have…the rocket ship’s next stop? Asia Pacific and Japan (APJ). I would like to welcome Shaun McLagan, our new Vice President of APJ Sales, and our new partners Temasek, an investment company headquartered in Singapore, and Geodesic Capital, a venture capital firm that specializes in helping technology companies expand into Asia, to the Snyk family.


Validating Elastic Common Schema (ECS) fields using Elastic Security detection rules

The Elastic Common Schema (ECS) provides an open, consistent model for structuring your data in the Elastic Stack. By normalizing data to a single common model, you can uniformly examine your data using interactive search, visualizations, and automated analysis. Elastic provides hundreds of integrations that are ECS-compliant out of the box, but ECS also allows you to normalize custom data sources. Normalizing a custom source can be an iterative and sometimes time-intensive process.

Elastic Security 101

Elastic Security empowers analysts to collect data from multiple data source integrations, perform traditional SIEM functions, and take advantage of machine learning-based malware protection on the endpoint. Analysts can filter, group, and visualize data in real-time while performing automated threat detection across various security events and information. In this video, you’ll learn about the components that make up Elastic Security and what those components do to help you protect your data.

How to configure your Endpoint Integration policy in Elastic Security

Elastic Security offers the ability to open and track security issues using cases. Cases created directly in Elastic Security can be sent to external systems like Atlassian’s Jira, including Jira Service Desk, Jira Core, and Jira Software. In this video, you’ll learn how to connect Elastic Security to the Jira Service Desk.

Which is more critical: threat prevention or detection?

In the aftermath of the SolarWinds attack, security professionals debated about which is the most effective method for stopping cyberattacks: prevention or detection. Although detection and prevention each serve a vital role in the fight against cyberattacks, the two are often exclusively discussed as distinct methods. There is a lack of focus on integrating prevention and detection. A resilient security posture requires both.

Insider Risk Management & User Behavior Monitoring as a Service for an Australian MSP

See why the the Australian MSP National IT Solutions says Ekran System is the best choice for user behavior monitoring and insider threat management. Ekran System delivers world-class insider risk management capabilities as a service to customers of National IT Solutions and gives the MSP a competitive advantage over other IT service providers.

Ransomware in 2021: What has changed? Detection and mitigation strategy

A ransomware attack is a bug that we can’t shake off. Or perhaps, it can even be called a shape-shifter that somehow finds a way into networks, no matter how many armed sentries you’ve deployed in and around your perimeter. The line between ransomware and a data breach is slowly fading. Threat actors prefer ransomware over other modes of attack because they work.


Deepfake cyberthreats - The next evolution

In 2019, we published an article about deepfakes and the technology behind them. At the time, the potential criminal applications of this technology were limited. Since then, research published in Crime Science has delved into the topic in-depth. The study identified several potential criminal applications for deepfakes. Among these categories, the following were deemed the highest risk: This list sparked the idea for this article.


Combating Risk Negligence Using Cybersecurity Culture

With a growing number of threat sources and successful cybersecurity attacks, organizations find themselves in a tricky spot if they wish to survive cyberspace. Oftentimes, the adversaries are not the challenge; the obstacle is the organization’s culture. Just like culture influences who we are as a people, culture influences the cybersecurity tone of an organization. Every organization has its own unique fit and feel.


Reciprocity and ZenGRC Honored with Industry Accolades for Information Security Risk and Compliance

SAN FRANCISCO – March 10, 2021 – Reciprocity, a leader in information security risk and compliance with its ZenGRC solution, today announces ZenGRC has been named a winner of four 2021 Cybersecurity Excellence Awards. The company was also recognized as a Grand Trophy Winner, the top honor, along with four category awards by the Globee Awards 17th Annual Cyber Security Global Excellence Awards.


Best Active Directory Management Tools

IT teams rely on Active Directory (AD) to keep networks secure and maintain user accounts — but they often need to adhere to strict budget limitations when it comes to selecting software to help. That’s why we’ve put together this list of the top free Active Directory management tools. Our picks focus on AD tools that will help you complete routine AD management tasks much faster so your team has time to focus on other priorities.


Tips for Implementing Privacy by Design

As builders of software we like to talk about user-centered design. We put ourselves in the mindset of the person using our app, service, or product. Successful user-driven companies bake this process into every part of their software lifecycle. It doesn’t stop at the initial research. Every decision is paired with the question: What about the user? The same approach can be taken when building with privacy in mind. The notion of Privacy By Design (PbD) does that.


Get earlier, actionable vulnerability insights from Black Duck Security Advisories

The number of open source vulnerabilities discovered each year never seems to stop growing, emphasizing the importance of developers addressing them quickly and efficiently. However, simply identifying vulnerabilities is insufficient; their sheer scale makes it necessary to have an intelligent way of understanding which ones need to be fixed first to decrease the risk of a breach. For development teams in this environment, remediation prioritization and broad vulnerability coverage are critical.


How to protect Exchange Server with Zero Trust

The need for a Zero Trust security model has been highlighted in the recent Hafnium hack of Microsoft Exchange servers. Businesses of all sizes and industries have been impacted, with over 60,000 organizations hacked so far, and immediate action is recommended. Read on for guidance on how to remediate the threat and protect your business.


Four reasons why mobile is a good place to start your ZTNA strategy

Working from outside the office has become a necessity. Even before the pandemic, a huge percentage of the workforce (70% according to this article) wasn’t sitting behind a desk every day. People have moved away from the traditional mechanisms of interfacing with IT systems and mobile connectivity has never been more important. When we talk about mobile, we’re not referring to just smartphones, we’re also referring to SIM-enabled laptops, tablets, and IoT devices.

Human Resource and Security Teams Should Work Jointly to Reduce the Risk of Cyberattacks

COVID-19 has not only changed the way we live but also forced many changes to standard business processes. This article will explore some challenges around human resource (HR) hiring, offboarding and contracting activities. As companies in multiple jurisdictions continue to look for advice from state and federal authorities on COVID-19 safe work plans, this article offers some security considerations from a physical security as well as cyber security perspective.


Our Journey to Today

Today we came a step closer towards our ultimate vision – to empower every one of the world’s 27 million developers to develop fast while staying secure. On behalf of the entire extended Snyk family, every current and former employee, partner and customer, I’m humbled to announce that today marks another important milestone in the Snyk journey: the closing of our Series E funding round.

Fast or Secure? You can only pick two

In this live hack session with our partners Dynatrace and Cprime you see how developers and security teams can work together to integrate vulnerability management into Bitbucket workflows. Snyk's Simon Maple shows how the Snyk and Dynatrace integration delivers 100 percent visibility into risks anywhere in production, including third-party applications that haven't gone through pre-production inspection.

Splunk for OT Security V2: SOAR and More

In the last 90 days, the news of cyberattacks on critical infrastructure has been stunning. From the unprecedented breach represented by Sunburst to the more recent bone-chilling attack at the Oldsmar water facility, the urgency to secure critical infrastructure in transportation, utilities, energy, water, critical manufacturing, telecommunications, healthcare, government facilities and the defense sector has never been higher.


Sumo Logic to accelerate modernization of security operations with proposed acquisition of DFLabs

At Sumo Logic, our belief is that security operations is no longer a human scale problem. We need tools and technologies to aid our defenders and responders to be able to process, investigate and respond at machine speed. Our vision for modernizing security operations to deal with threats at machine scale has always encompassed more than just SIEM.


Detecting and mitigating Apache Unomi's CVE-2020-13942 - Remote Code Execution (RCE)

CVE-2020-13942 is a critical vulnerability that affects the Apache open source application Unomi, and allows a remote attacker to execute arbitrary code. In the versions prior to 1.5.1, Apache Unomi allowed remote attackers to send malicious requests with MVEL and OGNL expressions that could contain arbitrary code, resulting in Remote Code Execution (RCE) with the privileges of the Unomi application.

Forward Networks

Actions Not Words, Demos Not Slides

In network operations, it’s never the same day twice. Most network engineers love this aspect, but it has a dark side. The best plans often fall to the wayside—in an instant work stops and firefighting begins. In the last year, I’ve been part of a whole-day colo move, diagnosed an outage in the middle of the night, and resolved a slow performance issue. I know what the networking operations experience is like, and I know how much better it can be.

Featured Post

Security Monitoring and Risk Analysis for Office 365 - A maintainable Journey

The NIST framework tells us that it is crucial to treat security as both an action that is not a singular fix but a chorus of proactive and reactive measures. It also teaches us that it is a continuous journey. In this article, we shall apply these concepts of measures and continuous journeys to some real-world examples. Here we choose Office 365 as, for many organizations, it exposes the dominant risk surface.
Featured Post

Why cloud native apps need cloud native security

A cloud native approach to infrastructure and application development enables simplification and speed. Many of the traditional tasks involved in managing and deploying server architecture are removed, and high levels of automation deployed, making use of software-driven infrastructure models. Applications can be deployed at scale, be resilient and secure, while also allowing continuous integration technologies to accelerate development and deployment. Cloud approaches are set to dominate the future, most authorities agree: according to Deloitte, for example, global cloud spending will grow seven times faster than overall IT spending until at least 2025.

How FIM Is More Than Just About Maintaining Compliance

The purpose of every security team is to provide confidentiality, integrity and availability of the systems in the organization. We call it “CIA Triad” for short. Of those three elements, integrity is a key element for most compliance and regulations. Some organizations have realized this and decided to implement File Integrity Monitoring (FIM). But many of them are doing so only to meet compliance requirements such as PCI DSS and ISO 27001.

outpost 24

How to secure your cloud services with CSPM

As enterprises fast track cloud adoption plans without security considerations, we’ve seen the dangers of cloud misconfigurations and how it continues to cost millions in lost data and revenue for failure to comply. In this blog we’ll explain how to spot the telltale signs and secure your clouds with adequate Cloud Security Posture Management (CSPM).


What is Compliance Management?

Compliance management ensures that an organization’s policies and procedures align with a specific set of rules. The organization’s personnel must follow the policies and procedures to ensure compliance with the set of rules. These rules are based on legal, regulatory, and industry standards.The goal of the compliance management program is to reduce an organization’s overall risk of non-compliance with the legal, regulatory, and industry standards that apply to the business.

Stopping Ransomware in Its Tracks With SOAR: A Conversation With Forrester Research

Considering the speed and extent by which ransomware can topple an organization, what is the best approach for addressing this seemingly existential threat? Forrester Research’s Joseph Blankenship and Chase Cunningham shared insights with Siemplify CMO Nimmy Reichenberg as part of a four-part series with us.

Redscan a five time gold winner at the Cyber Security Excellence Awards 2021

The Cybersecurity Excellence Awards honor individuals, products and companies that demonstrate excellence, innovation and leadership in information security. Awards are given out based on a combination of the strength of individual nominations and a popular vote by members of the information security community. We were winners in the following categories: We also received a silver award in the Best Cybersecurity Company – Europe category.


A CISO's View of SASE

Traditional security programs were predicated on protecting the typically internally hosted technology infrastructure and the data within that environment. This led to an ecosystem composed of numerous discrete tools and processes all intended to detect adversaries and prevent harm. It included a multitude of controls spanning network and infrastructure security, application security, access control, and process controls.


Putting the Sec in DevSecOps

Whether a seasoned professional or a fresh computer science grad, every developer has his or her stressful moments of trying to dig through scanning results to mitigate or remediate a vulnerability. Since you work at the speed of “I need this yesterday,” it’s a hassle to slow down and fix flaws or even stop to rewrite code entirely. Effective AppSec today is about executing essential application security (AppSec) tests as you’re writing code.


Veracode Wins IT Central Station's 2021 Peer Award for AST

Veracode was recently named the winner of IT Central Station’s 2021 Peer Award for application security testing (AST). Winners were chosen based on reviews from verified customers to help prospective buyers make well-informed, smart business decisions. “Receiving positive feedback from our customers on the leading technology review site for cybersecurity, DevOps, and IT is a true testament to our products and services,” said Mark Bissell, Chief Customer Officer at Veracode.


On-prem or Cloud? Lessons from the Microsoft Exchange Attack

As I’m writing this blog, malicious actors are actively exploiting vulnerabilities in the Microsoft Exchange Server software. These were zero-day exploits, which means that even organizations that were diligent in their patching were vulnerable. So far the estimates are that more than 60,000 organizations have been compromised.


Linting Rego with... Rego!

One of my absolute favorite aspects of Open Policy Agent (OPA) is the general purpose nature of the tool. While commonly seen in deployments for Kubernetes admission control or application authorization, the large OPA ecosystem includes integrations with anything from databases, and operating systems to test frameworks and REST clients for most common languages.