DevSecOps means countering threats at all stages of creating a software product. The DevSecOps process is impossible without securing the source code. In this article, I would like to talk about Static Application Security Testing (SAST). As development fluency is growing every year, many companies are introducing DevSecOps. Its main message calls for ensuring continuous safety control at every stage of product creation. At the same time, DevSecOps processes are automated as much as possible.
REvil is one of the most notorious ransomware groups in the world. Also known as Sodin and Sodinokibi, REvil has made a name for itself extorting large amounts of money from businesses, operating as a ransomware-as-a-service (RAAS) business model that sees it share its profits with affiliates who break into networks and negotiate with victims on the group’s behalf.
There is a lot of information out there (and growing) on software supply chain security. This info covers the basics around source and build, but does it cover all of your full software supply chain lifecycle? Is your build env at runtime protected? Is your application post deploy protected at runtime? This article will not only discuss what these concepts are, but provide additional discussions around the following: Read on brave reader…
Learn how tool orchestration empowers AppSec to keep pace with DevOps, providing a union of security and speed. Many organizations have advanced from the DevOps methodology to DevSecOps, and it is expected this trend will continue throughout 2020 as more enterprises leverage the cloud. A DevSecOps approach promotes collaboration between software application development teams and application security teams.
We are pleased to share that Netskope has been selected by the Advanced Technology Academic Research Center (ATARC) as one of 49 vendors to participate in its Zero Trust Lab. The Zero Trust Lab is a state-of-the-art physical and virtual test environment that will provide federal agencies with the opportunity to build, test, and evaluate new Zero Trust Architectures in a simulated environment.
Malicious actors are constantly finding new ways to deliver their malicious payloads. With the recent migration of businesses moving to web application-based services, file storage, email, calendar, and other channels have become valuable means for delivering malicious code and payloads. In some instances, these services are abused as Command and Control infrastructure since many enterprises trust these services by default.
Software supply chain attacks have been on the rise lately. With the current pervasiveness of third-party and open source libraries, which presumably developers cannot control as strongly as the code they create, vulnerabilities in these software dependencies are causing serious security risks to applications. Supply chain attacks abuse the inherent trust that users have with a software provider.
We’re kicking off a new series that will roll up our most recent product releases you need to know, all in one place. This first post will summarize some of the releases from the last few months. Moving forward, expect to see a post each month. We’re excited to share all the new features and product improvements we’ve been working on with you, so you can make the most of the Egnyte platform.
Think of the software supply chain as every software element in your organization—from software development of internal systems to open source or third-party enterprise software to vendors, partners, and even past suppliers who still hold access to company data or IT systems. Attacks on this software supply chain can damage individual departments, organizations, or entire industries by targeting and attacking insecure elements of your software fabric.
Attacks executed through builds abuse trust we have in our build tools, IDEs, and software projects.
A world without Linux is hard to imagine. Every Google search we run is accomplished on Linux-based servers. Behind the Kindle we enjoy reading, to the social media sites we spend scrolling away every day sits the Linux kernel. Would you believe your ears if I tell you the world’s top 500 supercomputers run on Linux? No wonder Linux has permeated into every aspect of the digital age, not to mention its steadily growing enterprise user base.
The effects of the global pandemic pushed organizations to accelerate their digital transformation strategies. Because of this, companies in all industries were faced with an array of new technologies like cloud and containers that support the shift to edge computing and remote workers. With so much focus on these factors, companies often overlook some of the repercussions that come along with such rapid innovations. One of which is the need for a new approach to asset visibility.
During the pandemic, healthcare and education providers scrambled to adapt to providing services remotely, using tools like Slack, Google Drive, and Zoom to continue connecting with patients and students. McKinsey tracked a spike in the use of telehealth solutions in April 2020 that was 78 times higher than in February 2020. And, by some estimates, more than 1.2 billion children worldwide were impacted by school closures due to the pandemic — some of whom were able to learn remotely.
Despite the steady drumbeat of hacks that are reported on a nearly weekly basis, it is safe to say that cybersecurity is still far from a “top of mind issue” for most people. Massive data breaches like Equifax, Marriott, and many, many more are chalked up to being yet another part of the modern life. While each of those cybersecurity incidents was quite serious in its own right, for the public whose data were compromised, they represented more of an inconvenience than a serious concern.
I had the pleasure of being at an in-person event recently. Aside from the joy it brought me to simply see people for the three-dimensional beings they are, it was of course incredible to connect with the Information Security community once more. Interestingly, a topic came up in quite a few of my conversations with fellow delegates. And it was one that I wasn’t expecting: encryption. It was often amiable, but on a couple of occasions eyes would roll.
We are thrilled to announce native support of Kong Mesh, Istio and Kuma within Styra Declarative Authorization Service (DAS), enabling users to combine stellar service mesh solutions with the only authorization management platform that supports trusted cloud architecture. Styra DAS allows teams to manage policies across a broad spectrum of systems, like Kubernetes, microservices, public cloud, and more.
The healthcare industry has always been an appealing target for cybercriminals. From high-value patient data to a low tolerance for downtime that could disrupt patient care, cybercriminals continue to find ways to take advantage of healthcare cybersecurity practices. In recent years, the healthcare industry has seen a 55% increase in cybersecurity threats, turning attacks on healthcare providers into a $13.2 billion industry and making it a gold mine for cybercriminals.
Quite often you are in the middle of a security incident or just combing through your data looking for signs of malicious activity, and you will want to trace the activity or relationships of a particular process. This can be a very time-consuming and frustrating task if you try to brute force things (copying/pasting parent and child process IDs over and over again). And in the heat of battle, you may miss one item that could have led you to something interesting.
The Coverity and Wind River partnership supports developers with fast-turn CI/CD workflows and container-based development. Highlights.
With so many overlapping and self-serving definitions of XDR (Extended Detection and Response), we thought we would provide a perspective from some of us on the front lines of trying to embrace technology innovation while filtering vendor marketing noise. We agree with several industry analysts covering the space that XDR is a vendor push with no real customer demand, but the problem spaces within XDR are of significant customer interest.
On May 1, 2021, ISC² implemented a refreshed set of objectives for the CISSP certification exam for security professionals in order to keep it relevant to the latest technologies and cybersecurity standards, requirements and processes. New information security concepts, terms and acronyms have been added and others are better covered.
CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access based on need to know) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse, and remove access in a standardized, timely, and repeatable way across an entire organization.
There are plenty of security information and event management (SIEM) solutions on the market with various features and capabilities. So why should you pick Log360? We have identified 13 compelling reasons Log360 is the SIEM solution for you.
Cybersecurity is a fast-moving space. In fact, it’s hard to think of a time that security has been moving more quickly. As we continue to move into the cloud, work from home, and otherwise continue the digital transformation of our businesses, additional capabilities are needed as new threats are discovered.
On August 27, 2021, the US House Homeland Security Committee released a draft bill that would update the Homeland Security Act of 2002. This proposed bill seeks to establish a Cyber Incident Review Office and publish an interim rule that would outline procedures for reporting cybersecurity incidents.
Departing employees are a source of insider threats that often get overlooked. According to a study by Biscom, one in four departing employees steal data when leaving. Whether they do so out of negligence or with malicious intent, such cases can only have negative outcomes for organizations, from losing their competitive advantage to facing penalties for non-compliance with cybersecurity requirements.
Deploying a next-gen cloud-native security information and event management (SIEM) in your security operations center (SOC) is a big step in the right direction toward significantly improving your organization’s security capabilities. But once you have that state-of-the-art SIEM in your SOC, how do you get the most out of it? One key step is building and executing specific SIEM use cases designed to meet the particular needs of your organization.
BSIMM12 gathers research on software security activities from real-life firms to create a guide that helps you navigate your software security initiative.
Authorization is a critical part of developing any application. When building an app, at some point you will want to control the data and views that a user or system has access to, and one way you can do that is by writing authorization directly into your app. However, over time this can be challenging to manage because when you make changes to your authorization policies you also need to make changes to the application.
The escalation of cyberattacks since early 2020 is requiring many companies to strengthen their security operations. Adversaries are taking advantage of new attack vectors – like IoT devices, insecure remote access mechanisms, and the multiple personal and work devices users now move between. They’re also leveraging human vulnerabilities, impersonating trusted colleagues and third parties to infiltrate organizations.
The skills gap continues to challenge organizations’ ability to fulfill their evolving cybersecurity requirements. Tripwire confirmed this back in 2020 when it partnered with Dimensional Research to survey 342 security professionals. Indeed, 83% of respondents told Tripwire that they felt more overworked going into 2020 than they did a year earlier.
Hosting phishing pages or malicious payloads on legitimate cloud services is now a consolidated modus operandi for bad actors.
Those of us that work with technology get this question a lot: “What do you do?” “I work in technology — more specifically, I work as a pre-sales engineer.” Sound familiar? Working in IT can mean a lot of different things, and to those outside of this world, it quickly becomes deeply technical and complicated to explain to non-IT people. Even explaining what you do to IT people can become complicated.
It’s no secret that cybersecurity breaches are a major concern for businesses across all industries, and governments are starting to take notice. On August 25, 2021, the U.S government met with business leaders from some of the tech sector’s giants, including Microsoft, IBM, Apple, and Google. The purpose of this meeting was to address the ongoing cybersecurity issues becoming more prevalent as technology advances and becomes more intuitive and accessible.
When you think about your DLP approach, what immediately comes to mind? Is it primarily centered around compliance? Is it simply using vendor-provided patterns of interest to satisfy an industry-specific framework like PCI, PII, or GDPR? Chances are, this probably describes at least some part of your DLP strategy because it is not difficult to set up and can satisfy a key business requirement of regulatory compliance reporting.
2021 has witnessed a surge of ransomware attacks. Also, the attackers are targeting businesses that are critical to the public infrastructure, such as oil pipelines and international meat producers. Further, the demands for ransom have increased and the cost of clean-up has also doubled over the last year. There are two major reasons for this sudden spike in ransomware attacks: Like SaaS, RaaS also has a flexible business approach.
The Lightweight Directory Access Protocol (LDAP) is a cross-platform vendor-neutral software protocol used for directory service authentication. For simplicity, imagine the LDAP server as a comprehensive virtual phone book. The phone book gives access to an extensive directory of contact information for hundreds of people. Using LDAP, it is easy to search through the phone book and find whatever information is needed.
Google Cloud is helping businesses build and deploy apps faster than ever before, but at the same time, cloud teams must consider how to implement secure DevOps practices to avoid risk. We’re partnering with Google Cloud to provide security solutions to cloud teams to simplify safeguarding cloud and containers. Today, we announced our collaboration with Google Cloud.
You’ve got a problem to solve and turned to Google Cloud Platform to build and host your solution. You create your account and are all set to brew some coffee and sit down at your workstation to architect, code, build, and deploy. Except… you aren’t. There are many knobs you must tweak and practices to put into action if you want your solution to be operative, secure, reliable, performant, and cost effective.
The 2021 Egnyte Data Governance Trends Report contains a plethora of interesting findings that offer insight into how we’ve been working collaboratively during the global pandemic, and the security threats that have arisen as a result.
Last year, we made it easier to make secure payments online through direct integration with Privacy. Now, we’re doing the same for email. Announcing Masked Email – a 1Password and Fastmail integration. Create new, unique email addresses without ever leaving the sign-up page. Keep your real email address private from the apps or services that you sign up for – using a masked email address can protect you from breaches, and puts control of your inbox back in your hands.
New quarterly report reveals most in-demand goods bought for resale using automated bots Manchester, UK – 28th September 2021 – Netacea, the bot detection and mitigation specialist, today launches its Top Five Scalper Bots Quarterly Index, a list of leading items targeted by scalper bots globally. This first index covers April to June 2021 and shows a mix of technology and fashion as the most frequently targeting items by scalper bots.
The COVID-19 pandemic fast-tracked the adoption of hybrid workforce in organizations, bringing with it a slew of problems for IT teams. Organizations had to enable a majority of their employees to work remotely, without affecting their productivity and while ensuring the security of the corporate resources. ManageEngine recently conducted a survey of IT professionals to understand the effects of remote work on cloud adoption.
Cloud computing has revolutionized the business and technological landscape of the last decade. More organizations are turning to cloud services to better manage massive volumes of both structured and unstructured data on a daily basis. As organizations move more and more information and applications to the cloud, there are growing concerns for data security and regulatory compliance.
In 2019, Snyk released its first Python cheat sheet. Since then, many aspects of Python security have changed. Using our learnings as a developer security company — as well as Python-specific best practices — we compiled this updated cheat sheet to make sure you keep your Python code secure. And before going any further, I need to give special thanks to Chibo and Daniel for their help with this cheat sheet!
What was once the thing of spy movies and industrial espionage news headlines is now, sadly, a common occurrence for public organizations and private enterprises around the globe. Insiders… employees, consultants, partners… have emerged as one of the most immediate and serious threats facing IT and cyber security teams and practitioners today. It is not however because every insider has turned malicious.
In today’s world with cyber attacks hitting the headlines daily, cybersecurity is at the forefront of many business owners’ minds, but implementing the right solutions and knowing what to do to reduce your risk is a big challenge for decision makers in these organizations. The task is even harder for small- to medium-sized businesses (SMB) that tend to lack extensive budgets and resources needed for implementing the most effective and high-brow cybersecurity solutions on the market.
Veracode CEO Sam King had the opportunity to speak at this year’s inaugural virtual Boston Globe Summit, “The Great Recovery.” Sam was invited to join the panel, How Boston is Tackling the Biggest Cyber Threats Facing Society, moderated by Gregory T. Huang, Business Editor at the Boston Globe, with guests Greg Dracon of.406 Ventures and Christopher Ahlberg of Recorded Future.
The 2021 Egnyte for Life Sciences Summit is in the books, and it was a big success. Biotech visionaries and industry analysts came together to outline the future of the life sciences as we emerge from the pandemic constraints and look to ramp up to our new normal. We presented over four hours of content, with hundreds of life science organizations attending.
When your organization is inevitably hit by a cyberattack, you want your security operations engineers to move lightning fast to identify the scope, duration, and impact of the attack, contain the disruption and prevent any costly or lasting damage. To do that, they need access to actionable information about everything that’s in your network — where devices are located, how they interact, and all the relevant details about their configuration and state.
It’s been a while since we ran our challenge, How strong should your Master Password be?, in which we gave out prizes to the first people who could figure out the passwords in carefully constructed challenges.
Managing customer security is always a challenge for MSPs as they seek to balance efficiency, cost, and high levels of protection. In this area, security managers are faced with the choice of using a single interface or switching between different solutions.
“Say ‘Ta,’” said Mamma Bear. “Ta,” said Baby Bear. He then dropped the mug of blackcurrant juice by accident. “What have you done?” exclaimed Daddy Bear. “The carpet is RUINED!!” Baby Bear felt a great sense of something disturbing, and this wasn’t a thousand voices suddenly being silenced. This was much deeper. This hurt, and Daddy Bear’s face was angry, disappointed. He was panicking about some purple stuff on the carpet.
Five worthy reads is a regular column on five noteworthy items we have discovered while researching trending and timeless topics. This week, we explore decentralized identity, aka self-sovereign identity.
It doesn’t seem that long ago that I wrote about the OWASP Top 10 changes that came in 2017. OWASP has announced the release for the new 2021 Top 10. Find out more about Broken Access Control and Cryptographic Failure vulnerabilities and understand what it means for application development and DevSecOps
When we asked the security community who is their hacker hero, it was unsurprising to see that Eva Galperin, Director of Cybersecurity at EFF and co-founder of the Coalition Against Stalkerware was a finalist on the list. Galperin is a hacktivist known for her rage tweets that help her fight the good fight to protect vulnerable groups being targeted. Most known for her work to track down APTs, she also champions personal privacy and taking down stalkerware. Oh and she’s done a TED talk.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Complex features require a little more care and understanding. If unsure I would advise disabling them and looking at the documentation – that is assuming such features have correct documentation!.
Following on from Brexit, the UK received a positive adequacy decision on its personal data security standards by the EU. Building on this, the UK’s Information Commissioner's Office (ICO) has opened a consultation period to introduce its new International Data Transfer Agreement (IDTA). The European Commission has also issued a draft update addressing the same thing. So what triggered this new work? It’s all in response to the work done by privacy activist Max Schrems.
The pandemic has overwhelmed us with changes, including the changes in workplace setup. Insurance companies have started adopting various types of hybrid workplace setups to accommodate the needs of both customers and employees. However, it has been challenging for such companies to find the perfect solution that provides efficiency, security, and governance all in one platform. This article outlines the internal needs of the insurance companies and how one digital solution can address it all.
Nightfall has added remediation actions for Google Drive violations, so you can fix the issue automatically or with just a click. Nightfall for Google Drive is one of our most popular integrations, helping customers to discover and classify sensitive data across Google Drive. Once sensitive data violations are found to exist in Google Drive, you want to take steps to protect the data – because removing the risk is really the point, isn’t it?
CVE-2021-25741 is a new vulnerability discovered in Kubernetes that allows users to create a container with subpath volume mounts to access files & directories outside of the volume, including the host filesystem. It was disclosed in September 2021 and affects kubelet, which is the node agent that runs on each Kubernetes node. In particular CVE-2021-25741 affects kubelet in these Kubernetes versions.
In cybersecurity, an attack vector is a method of gaining unauthorized access to a private network. These pathways are either unintentional, such as vulnerabilities in third-party software, or intentionally designed by hackers, such as malicious software (malware). Cybercriminals primarily exploit attack vectors to advance extorsion tactics, the most popular being the deployment of ransomware.
During a web shell attack, a cybercriminal injects a malicious file into a target web server's directory and then executes that file from their web browser. After launching a successful web shell attack, cybercriminals could gain access to sensitive resources, recruit the target system into a botnet, or create pathways for malware or ransomware injections. If you haven't implemented defense strategies against this cyber threat, your systems are at a high risk of exploitation.
A robust dark web monitoring programme ensures organisations have the ability to keep track of hidden risks and prevent any data losses from escalating into major events. In this blog post, we outline how dark web monitoring works, how to maximise its value and what to look for in an outsourced dark web monitoring service.
Real estate is just one of many industries that was forced to quickly adapt to an increasingly online-first world in the wake of the COVID-19 pandemic. Virtual viewings are now the norm, and real estate businesses are scrambling to keep up with how their competitors have changed approach. When looking for a property to buy or rent, we are now likely to search online and look through online listings in the first instance.
Network traffic analysis is the routine task of various job roles, such as network administrator, network defenders, incident responders and others. Wireshark plays a vital role during the traffic analysis; it comes pre-installed in many Linux OS’s, for instance, Kali. otherwise, it is available to download from the official website. This article covers the traffic analysis of the most common network protocols, for example, ICMP, ARP, HTTPS, TCP, etc.
Our team of penetration testers arguably have the most interesting and exciting roles within the business, or perhaps, in the world. From robbing banks to breaking and entering, pen testing isn’t your typical desk job. So we’ve asked them to share some of their most interesting stories to really give you career envy! Let’s see what we can find out about a day in the life of a pen tester.
Kroll has observed an uptick in actors offering network access on the dark web, particularly in the wake of recent disruptions to the ransomware-as-a-service (RAAS) ecosphere such as the ban on ransomware discussions in notorious underground criminal forums.
Early in my career, I developed web applications. At the time there were practically no frameworks or libraries to help. I was coding with Java using raw servlets and JSPs – very primitive by today's standards. There was no OWASP Top 10 and writing secure code was not something we paid much attention to.
As tech budgets start to return to a pre-pandemic state, it will be interesting to see where priorities have shifted to over the past year and a half – especially when it comes to cybersecurity. We’ve taken a look at a few major industry reports to give you an idea of shifting plans, and where cybersecurity sits as a priority in 2022 budgets.
The US Government has underlined once again that it continues to strongly discourage organisations hit by ransomware from giving in to extortion demands. In an updated advisory, the Department of Treasury’s Office of Foreign Assets Control (OFAC) has called upon businesses not to pay ransoms, and to focus on cybersecurity measures that can prevent or mitigate ransomware attacks.
We’re excited to share that you can now use Snyk Container to scan container images stored in many more container registries. The latest additions include Github Container Registry, Nexus, DigitalOcean, GitLab Container Registry, and Google Artifact Registry.
Best practices for securing an AWS environment have been well-documented and generally accepted, such as AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.
When we think of identity luminaries, we often think of people who have spent their careers building or designing digital identity technologies. But what about the people who take the technology out of the lab and make it work in the real world - where it matters most? These people solve real problems and create tremendous opportunities.
Zero Trust is a security model — a strategy for protecting an organization’s IT assets, including data, services and applications. The Zero Trust model is built upon research more than a decade ago by analysts at Forrester, and it is now recommended by many security experts and vendors, including Microsoft. Zero Trust is a security architecture model that requires no implicit trust to be given in any quarter.
The Open Web Application Security Project (OWASP), founded by Mark Curphey, first released the OWASP Top 10 Web Application Security Risks in 2003. The Top 10 is the closest the development community has to a set of commandments on how to build secure applications. This list represents the most critical risks to software security today and is recognized by developers as the first step toward creating more secure code.
ISO/IEC 27001 is an international set of standards that provide the requirements to set up an Information Security Management System (ISMS). Implementing ISO 27001 enables organizations to better manage and secure their information assets, including intellectual property, financials, employee details, customer data, and information entrusted by third parties. Furthermore, companies can prove that they are less vulnerable to IT security incidents or data breaches by achieving ISO compliance.
A vulnerability scan identifies and reports points of weakness in your firewalls, software and web applications, servers, and other devices connected to your corporate IT systems. Vulnerability scanning is an integral part of a company’s vulnerability management process and overall security posture. There are two types of vulnerability scans: internal and external.
Most organizations today rely on the cloud to store or manage at least some of their data and applications. If your business is considering (or already using) a cloud environment, it’s important that you know what to do if your cloud system crashes or experiences an outage. In this guide, we cover the basics of cloud computing and then outline some steps you can take in the event of a cloud crash or outage.
Compliance is a constant issue that affects businesses in multiple ways every day. Not only must your compliance program address individual acts of misconduct; the program must assure that your organization follows laws, rules, and regulations overtime — every day, day after day, in perpetuity.
Modern organizations operate in a complex business landscape. Increasingly, they rely on a plethora of third-party partners, vendors, and subcontractors to generate value, boost competitiveness, and strengthen their bottom line. And yet, these same third parties also create numerous risks that can disrupt the organization’s operations, affect its financial standing, and damage its reputation.
A huge swath of the U.S. workforce doesn’t actually hold a full-time job. As many as 40 percent of Americans work in the so-called “gig economy” — driving for ride-share services, selling handicrafts online, pet-sitting, managing a social media account for a local company, and so forth. Typically, a technology company (Uber, Etsy, Rover, AirBnB; the list is endless) matches those workers with customers who have a need.
The global economy is more connected than ever, generating significant benefits for companies and industries operating worldwide. Nobody, however, is exempt from threats that drive supply chain and manufacturing risk. There is no doubt that the manufacturing industry is beset by numerous risks that affect the company and its human assets.
Multiple AppSec tools lead to many results. Let Code Dx centralize your AppSec management to help you make sense of your data. Most organizations have more than one application—some large enterprises have hundreds or thousands of applications in development and production. Each application is constantly updated to fix security issues, improve performance, and meet new customer demands, and an essential part of the update process is to test the application for security issues.
Of all the modern business ecosystems, the Fintech sector is one of the most volatile landscapes that is teeming with industry and technological disruptions. And, adding to the pre-existing list is Neobanking. Currently, there are 246 neo banks in the world, and the market projections suggest an annual average growth rate (CAGR) of 47.7 percent until 2028, amounting to 722.6 billion U.S. dollars.
News of ransomware attacks disrupting supply chains has increased recently. As threat actors disrupt businesses and critical infrastructure, they may appear to be working harder. However, cybercriminals treat ransomware as a business, enabling an underground industry. Ransomware-as-a-Service (RaaS) is a growing underground industry that continues to place sensitive information at risk.
The new normal of working remotely calls for solutions that are seamless, flexible, and secure. Most enterprises believe that they are well-equipped to address the evolving cybersecurity threats. However, when employees connect through a myriad of devices, most of the time the security is highly questionable. This is because either they do not use secure devices or lack critical security updates. With cyberattacks becoming highly sophisticated, a host of security challenges awaits for the enterprise!
In the world of threat detection and response, alert fatigue and tool sprawl are real problems. Security professionals are struggling to manage different tools and control points and still relying on manual processes, which results in security that is fragmented and reactive. Analysts need better visibility and control, more context, and better use of automation so they can cut through the noise and respond to threats faster and more effectively.
There is a growing discussion among network engineers, DevOps teams, and security professionals about the security benefits of bastions. Many assume that they are the “old way” of network access and have little relevance in the modern cloud native stack. These speculations are not irrelevant as in recent years, the corporate IT network perimeter as we knew it is diminishing, and the concept has been shifted to data, identity, and compute perimeter.
In early 2020, almost every government agency embraced telework in response to the pandemic. With telework, employees operate outside the security perimeter that was put in place to protect them and the agency’s data. As a result, telework has had significant cybersecurity ramifications. Lookout has a long history of collaborating with the public sector to secure agency employees.
Malicious Microsoft Office documents are a popular vehicle for malware distribution. Many malware families such as Emotet, IcedID, and Dridex abuse Office documents as their primary distribution mechanism. Attackers have long used phishing emails with malicious Microsoft Office documents, often hosted in popular cloud apps like Box and Amazon S3 to increase the chances of a successful lure. The techniques being used with Office documents are continuing to evolve.
As a managed service provider, you can never sit still. Change is constant, whether it’s the technology, business needs, or clients’ expectations. And while MSPs are accustomed to the churn, this time it’s different. Businesses are digitizing their assets and moving to the cloud, governments continue to layer on more data regulations, security threats are on the rise, and the pandemic has turned traditional office culture on its head.
Knowing who has credentials, how those credentials are granted, and how they are being used is the foundation of any secure environment. It begins with user accounts and the credentials they use. Maintaining a thorough inventory of all accounts and verifying any changes to those accounts as authorized and intentional vs unintended is paramount to establishing a secure environment and this includes service accounts.
In 2021 SecureAge surveyed 1,000 US-based respondents (400+ employers; 600+ employees), 600 UK-based respondents (200+ employers; 400+ employees), and 300 Japan-based respondents (100+ employers; 200+ employees) to find out more about cybersecurity concerns during the pandemic and what has been done to prepare for the future. The study, conducted between July and August 2021, revealed new cybersecurity trends as well as how businesses have and have not adapted.
Credential leakage on the dark web is constantly growing, which reveals a painful reality: a significant proportion of organizations still don’t protect employee data properly. A report published by Arctic Wolf highlights that the number of corporate passwords that have been leaked to the dark web has shot up by 429% since last March. Thus, on average and for each organization, up to 17 credentials (including username and password) are available on the dark web.
Edtech is helping to provide children and adults all over the world with new and updated skills and knowledge. One important area it’s helping with is cybersecurity. A recent report by Forbes gave the opinion that edtech would provide the perfect backdrop for cybersecurity learning, and it's easy to see why.
Vendor tiering is the key to a more resilient and sustainable third-party risk management strategy. But like all cybersecurity controls, it must be supported by the proper framework. To learn how to optimize your Vendor Risk Management program to greater efficiency through best vendor tiering practices, read on.
Security teams are struggling to contend with the expanding third-party attack surface which is fueled by the pernicious cycle of poor vendor risk management.
Learn how to set up continuous assurance with Code Dx to improve code quality and security at the speed of DevOps. Continuous integration (CI) has made a tremendous impact on how we develop software. The concept is simple: fail fast and fail often. This allows the team to fix problems before they become a big deal, saving time and money.
Over the last year, we’ve made tremendous progress expanding NewEdge to provide Netskope customers with the global coverage they demand. We have real, full-compute data centers in nearly 50 regions today and plans to go live with our Lima, Peru data center in early October (which will be our fifth in Latin America).
Netacea recently conducted a wide-ranging survey to uncover how much bots are really costing businesses. We compiled responses from 440 enterprise businesses spread across the US and UK, and have summed up our findings in an exclusive report, as well as an upcoming live webinar. Of all the sectors we surveyed, financial services was the industry most affected by API attacks, with 97% of businesses stating an API had been attacked by bots in 2020.
One of the most critical aspects of managing policy-as-code at scale is ensuring safety when deploying policy changes to production workloads. A misconfiguration or errant rule can lead to consequences such as overly permissive systems, service outages, and other forms of application or platform issues.
You finally have some budget to buy tools for your application security (AppSec) program! GREAT! Purchasing the correct tools for your AppSec pogram can be overwhelming. Even when looking only at point solutions, there still may be some confusion on the value that various tools can provide. Sometimes you'll find the perfect tool, but others may offer you a similar tool with added manual penetration testing (MPT) as part of the overall bundle. That seems like a great idea for the budget.
I recently published a piece in Dark Reading covering the network security challenges of M&A activity. As we ease the restrictions put in place to combat COVID-19, we’re expecting to see business activity including M&A pick up speed, it’s important that the implications of integrating networks are fully understood to ensure that the expected business benefits are achieved as soon as possible.
Snyk is on the mission to make Static Application Security Testing (SAST) tools work for developers throughout the DevOps pipeline. Snyk Code scans in real time with high accuracy — and it does it right from the tools and workflows developers are already using. For example, the IDE plugins for IntelliJ, PyCharm, WebStorm, and Visual Studio Code make it easy to code, scan and fix even before code hits the version management.
Can you really build a cloud-native SOC? As more organizations adopt cloud-native and cloud-hosted technologies, what do security teams and security practitioners need to consider when it comes to the SOC and cloud security?
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a U.S. federal law meant to protect sensitive electronic protected health information (ePHI). Every healthcare organization (“covered entity”) must comply with its two fundamental rules. In 2013, the U.S. Department of Health and Human Services (HHS) passed the HIPAA Omnibus Final Rule, which expanded compliance requirements to the business associates that also handle ePHI on behalf of covered entities.
One of Zeek's greatest strengths is its ability to deeply inspect packet streams that are fed into it. It is adept not only at identifying network protocols but also parsing them to extract large amounts of useful information. There is another strength that is often overlooked: Zeek not only extracts information from individual packets of network sessions, it also provides a very flexible and useful way to track state across the lifetime of network sessions.
Researchers at wiz.io recently found a series of vulnerabilities in Windows Open Management Infrastructure (OMI) software, which is widely installed on cloud-based Azure Linux Agents. We have open-sourced a Zeek package for the most severe of these vulnerabilities, which we’ll discuss later in this blog. One of the four vulnerabilities found is a trivially exploitable unauthenticated remote code execution (RCE).
At 1Password, we’re committed to a customer first, human-centered approach to inform our product roadmap and create award-winning experiences our users love.
Advanced cybersecurity is now the baseline of complex IT environments that include computers, servers, laptops, and other devices that may be used within the corporate network but also outside the office. It is also critical to face the growing threat landscape of advanced, silent, and targeted attacks. But how can you make sure you meet each of your customers’ specific requirements and deliver a cutting-edge IT approach in a way that is sustainable for your business?
A cybersecurity program isn’t just about securing your assets. It is an asset. Security is everyone’s responsibility, from the consumer to a business. Here are some best practices from a consumer's view.
Connected devices offer healthcare providers ways to remotely monitor patient health. Additionally, hospitals use these devices for enhanced patient care, including medication delivery and vitals monitoring. However, malicious actors often use unsecured IoMT as part of their attack methodologies.
A new HIGH severity vulnerability was found in Kubernetes in which users may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. The issue is affecting the Kubelet component of Kubernetes (Kubelet is the primary "node agent" that runs on each node. It registers the node with the apiserver and launches PODs on it).
Building an effective application security program for your organization begins with establishing policies and processes. Psychologist Abraham Maslow wrote, in 1964, “Give a small boy a hammer, and he will find that everything he encounters needs pounding.” This is commonly rephrased as “if you have a hammer, everything looks like a nail.”
Cybersecurity has been gaining more and more importance due to the increasing number of cyber attacks and hackers threatening organizations of every size. In order to enable your business operations to continue and your organization to be safe and secure, you should benefit from real-time security monitoring, threat detection, investigation and automated responses. Once implemented, a SIEM solution becomes a vital component of an enterprise security strategy.
DevSecOps is a process that aims to build security in at the outset of software development. It ensures security audits and testing throughout the agile development process so that security is a priority – not an afterthought. A new survey of more than 1,000 security leaders conducted by Ponemon Research and security firm Reliaquest finds almost half (49%) of security leaders are enabling DevSecOps best practices in their organizations. That’s a promising number.
Vancouver, Canada – September 14th, 2021 – INETCO Systems Limited, a leader in real-time payment fraud prevention, is pleased to announce the launch of INETCO BullzAI, which combines a web application firewall with a real-time payment fraud detection and blocking system in one elegant solution.
The pandemic has changed a lot of things, but one of its largest legacies will be its impact on the workplace. Not surprisingly, security in the workplace is changing too.
The General Data Protection Regulation (GDPR) Act is a broad set of data privacy rules that define how an organization must handle and protect the personal data of citizens of the European Union (EU). The Regulation also outlines the way that organizations can report a data breach. Articles 33 and 34 outline the requirements for breach notification; however, most businesses are still unaware of their responsibilities.
Data breaches have reached a fever pitch over the last few years. The rapid frequency of successful attacks coupled with the rising costs to businesses has raised attention at the highest levels of global governments. In the past, breaches were relatively “localized,” that is, they affected the targeted company only. However, the newer attacks have disrupted entire supply chains.
Everything you love about 1Password is now available in Safari on iPhone and iPad. And it’s as incredible as you could possibly imagine.
Cybersecurity has become a critical concern in every business sector nowadays due to organizations’ growing dependency on technologies. Research by Immersive Lab reported that in 2019 there were more than 20,000 new vulnerabilities. Not only that, TechRepublic reported that global companies experienced a 148% spike in ransomware attacks after COVID-19 hit the world. So, for most organizations, the question isn’t who will be the target of a cyber attack.
In 2021, there are two words that can send a cold chill down the spine of any Cybersecurity professional and business leader; Phishing and Ransomware. Research carried out by the Data Analytics and training company CybSafe, identified that 22% of all cyber incidents reported in the first quarter of 2021 were ransomware attacks. According to the figures obtained from the Information Commissioners Office, they are up by 11% compared to 2020.
Service accounts can be privileged local user or domain user accounts or have domain administrative privileges. Service accounts best practice involves usage to execute applications and run automated services. A single service account can easily be referenced in many applications or processes. The critical nature of their usage and their use makes them challenging to manage.
The main difference in LDAP vs Active Directory is that while both LDAP and Active Directory are used for querying user identity information, AD contains a complete network operating system with services such as DNS, DHCP etc. In contrast, LDAP does not have any of those functionalities. Understanding LDAP plays an essential part in getting to know your Active Directory better and preventing data breaches and unauthorised access.
The internet and all of its conveniences have had a significant impact on how we do business. Our reliance on technology has never been greater, which means cyber hygiene is more important than ever before. In this blog post, we will talk about cyber hygiene, its benefits and why it’s so essential for businesses to practice it.
Cyberattack is one of the common threats that modern businesses are facing today. Despite the growing threat landscape of cybersecurity attacks, many small and medium companies that experience data breaches and threats do not have adequate preparations. This includes prevention measures before the attack and incident response plans during/after the attack.
Ransomware groups have been exploiting the switch to remote work unlike any other. Ransomware attacks increased by more than 485% in 20201. By 2031, a new organization is expected to fall prey to a ransomware attack every 2 seconds2. Multiple reports by threat hunting firms confirm that the primary attack vector they are using to infiltrate corporate networks are poorly guarded Remote Desktop Protocol (RDP) connections.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Cryptocurrencies are never far from the news, and with El Salvador making it an official currency many are jumping at the slightest news of an uptick in respectability. That thirst has not gone unnoticed and a fantastic coup played out in the last week.
In today’s definition, a workplace is no longer a place. Most people realized they could work literally anywhere — office, coffee shop, home. Organizations and companies worldwide have turned to remote working for some time now. With the onset and offset of multiple lockdowns in many countries, there is a need to implement a hybrid workplace to adapt to the demanding conditions of today’s work setup.
It has been one year since I joined Styra as the first European hire, and what a year it has been! Not only have we significantly grown our customer footprint with enterprises such as Zalando, European Patent Office and Extenda Retail, but the EMEA team has been growing at a rapid pace across engineering, sales and customer success and open source! I thought I’d share some takeaways on the industry / market from my interactions with customers and the community.
The Splunk Threat Research Team recently evaluated ways to generate security content using native Windows event logging regarding PowerShell Script Block Logging to assist enterprise defenders in finding malicious PowerShell scripts. This method provides greater depth of visibility as it provides the raw (entire) PowerShell script output. There are three sources that may enhance any defender's perspective: module, script block and transcript logging.
For the past 10-plus years, cybersecurity solutions have been innovating rapidly to thwart new threats. But as they solved security challenges, new ones constantly emerged — especially as organizations continue to expedite their digital transformation efforts and shift to the cloud.
Understanding your organization’s cybersecurity posture is becoming more important every day. So how do you know how secure your IT infrastructure really is? One way to get a glimpse into your organization’s security is penetration testing: pretending (or hiring someone to pretend) to be a hacker, attempting to infiltrate your organization’s physical and cyber systems however possible.
Cyberattacks against businesses of all sizes are at all-time highs. Data from 2021 and projections for the future of cybersecurity suggest that the frequency and intensity of these attacks will only continue to grow. At the forefront of most cyberattacks in 2020 was ransomware, a type of malicious malware attack where attackers encrypt your organization’s data and demand payment in exchange for a decryption key to restore access.
APTs (Advanced Persistent Threat) have more serious consequences than conventional cyberattacks. The explanation for this lies in the fact that, on the one hand, the perpetrators spend much more time and effort (often promoted by government organizations), and on the other, the victims are also more high profile.
When presented with an opportunity, people who never even planned to attack your organization may turn into a severe cybersecurity threat. Forget to block a dismissed employee from accessing your system and they may steal or alter your critical data. Grant a third-party contractor excessive access to your infrastructure and they may cause a serious data breach. That’s why it’s crucial to make sure you don’t give insiders an opportunity to turn malicious.
Nearly 80 per cent of all ransomware attacks in the first half of 2021 involved the threat of leaking exfiltrated data. Exfiltration is a popular pressure tactic as it introduces the threat to publish stolen sensitive data to a threat actor extortion website if a ransom payment is not received. Our team currently tracks over 40 threat actor extortion websites, with new sites belonging to new ransomware groups emerging each week.
The events of 2020 helped to accelerate the convergence between information technology (IT) and operational technology (OT) for many organizations. As reported by Help Net Security, for instance, two-thirds of IT and OT security professionals said in a 2020 survey that their IT and OT networks had become more interconnected in the wake of the pandemic.
In Part I, we put on the shoes of a novice hacker and easily exploited a Confluence Server on the public internet, resulting in full network access. We also realize the problem is not specific to a software vendor but rather the common practice of placing servers on the public internet. Make sure to read Confluenza: What is CVE-2021-26084 and why should you care by Gil Azrielant (CTO, Axis Security) for more technical details around this exploit.
ForgeRock launched in 2010 to help build a future where people could simply and safely access the connected world. At the heart of the company is the belief that better access to what you want to achieve online can transform business and change lives. Today, our team is taking an important step together that will further our mission. We are now a public company, trading on the New York Stock Exchange under the symbol FORG.
Accountability is essential for AppSec analysts, managers, and CISOs. Learn how ASOC tools bring the visibility and transparency required. We have already discussed how application security orchestration and correlation (ASOC) makes the AppSec process more efficient and scalable. In this final post in our ASOC series, we will demonstrate how ASOC tools bring accountability to both the technical and business sides of application security.
A network vulnerability assessment is the reviewing and analyzing of an organization’s network infrastructure to find cybersecurity vulnerabilities and network security loopholes. The assessment can be carried out either manually or by using vulnerability analysis software — although the latter is preferred because it’s less susceptible to human error and usually delivers more accurate results.
An audit universe is a document that details all the audit activities to be carried out by the internal audit function. It consists of multiple and distinct auditable entities, processes, and activities, which can be considered “auditable units.” The number of these auditable units varies depending on the organization’s size, business complexity, and operational scale. In some cases they can run into the hundreds or even thousands.
Security analysts know this situation well: inundated by alerts, alternating between 10 different security tools, and feeling the pressure of responding to each and every threat. It’s typically around this point that SOC teams realize it’s humanly impossible to process the amount of data that needs to be processed, and they should start looking for a solution. Gretchen White, Chief Information Security Officer at Minnesota Judicial Courts, experienced this firsthand.
In April 2021, I discovered an attack vector that could allow a malicious Pull Request to a Github repository to gain access to our production environment. Open source companies like us, or anyone else who accepts external contributions, are especially vulnerable to this. For the eager, the attack works by pivoting from a Kubernetes worker pod to the node itself, and from there exfiltrating credentials from the CI/CD system.
Tripwire Enterprise (TE) is at its heart a baselining engine. It’s been built to take information, create a baseline of it, and show when that baseline has changed. (It’s called a “version” in TE terms.) TE starts with a baseline version designated by an organization’s security teams. At some point, a change version with new information (file, registry entry, RSoP, command output, or data captured in some other way) emerges.
Network segmentation is almost as old as computer networking. The evolution of network segmentation went through switches to routers and firewalls, and as modern networks evolved, the ability to better control traffic by operating system native functionality evolved as well. Native controls like IP Tables became lingua franca, alongside access control lists, process isolations, and more. Native controls are not a new concept.
Netacea recently surveyed 440 businesses from across the USA and UK to understand how much financial impact bot attacks are having across different industries. Read the full results in our report: The Bot Management Review: What Are Bots Costing Your Business?
Technology companies love abbreviations and acronyms. Starting with what’s probably the original tech company, International Business Machines (better known as IBM), initials, abbreviations and acronyms continue to dominate the personal computer (PC), telecommunications (telco), security operations (SecOps), and many other tech industries.
When it comes to PHP, composer is without discussion, THE package manager. It’s fast, easy to use, actively maintained and very secure — or so most thought. On April 21, 2021, a command injection vulnerability was reported, which shook the PHP community. Fortunately it didn’t have a very big impact, but it could have. The problem with the vulnerability is that it affected the very heart of the Composer supply chain: Packagist servers.
Regulations have long existed to govern how organizations collect and use information online, as well as what cybersecurity precautions organizations should take while conducting business online. As digital transformation of business processes has accelerated in the last few years, however, that means ever more organizations — large and small — must comply with all those regulations.
The Health Insurance Portability and Accountability Act (HIPAA) was enacted by Congress in 1996 to prevent medical fraud and to assure the security of protected health information (PHI), such as names, Social Security numbers, medical records, financial information, electronic health transactions and code sets. The law is managed by the U.S. Department of Health & Human Services (HHS).
Co-authored by James Robinson and Jeff Kessler As rapidly as wide-area networking (WAN) and remote access strategies with associated technologies are changing, we’re always surprised by the amount of time some security professionals and auditors dedicate to the either/or debate between split tunnel and full tunnel connectivity.
The California Privacy Rights Act (CPRA) is an extension of the 2018 California Consumer Privacy Act (CCPA). The goal of both laws is to enhance the privacy rights of California residents with regards to the personal information that companies collect about them, giving them the right to see, delete and limit the sale of that data. The CPRA will be fully implemented in mid-2023. In this article, we will take a close look at the provisions of CPRA and how it amends the CCPA.
We’ve all heard about cyberattacks on corporations, but when those attacks go after critical infrastructure, such as the energy grid, it can affect every person in the country.
In our digital age, cybersecurity is everyone’s responsibility. Every device you use, the app you download, the bit of information you share, or the message you open comes with a certain amount of risk.
Security compliance management is the process of monitoring and assessing systems, devices, and networks to ensure they comply with regulatory requirements, as well as industry and local cybersecurity standards. Staying on top of compliance isn’t always easy, especially for highly regulated industries and sectors. Regulations and standards change often, as do threats and vulnerabilities. Organizations often have to respond quickly to remain in compliance.
Cyber attacks, like the pandemic that has spurred the rise in incidents, have been relentless. Over the past eight months, there has been a significant escalation as the sophistication of these attacks has risen. Hackers are going after key vendors, allowing them to target wide swaths of valuable victims like we have seen in the attacks on SolarWinds, Microsoft Exchange, Colonial Pipeline, and more recently, MSP software provider Kaseya.
As we continuously make our way towards a post-pandemic world, adapting to the new normal is necessary. Speaking of new normal, one big trend we are seeing in the workplace is going hybrid. In fact, some organizations consider going hybrid as the future of work. Going hybrid means establishing a work setup that involves both working in the office and elsewhere, usually at home.
“We are honored to have our ZenGRC platform recognized with four G2 Fall 2021 Grid Report badges: Leader, Momentum Leader, Mid Market Leader, and Users Love Us,” said Jenny Victor, Vice President of Marketing at Reciprocity.
Ransomware has become an annual event for many organizations, costing them millions in lost productivity and revenue. While there have been some notable successes in fighting off this threat, the industry as a whole must continue strengthening its resolve in order to safeguard against future attacks. Part of this can come down to recognizing the role that users and employees play in fighting off these attacks and providing them with info and tools they need to help reduce risks.
It feels like there’s a new story every week about a vulnerability that affects thousands of enterprises. This is great job security for everyone working in InfoSec, as well as anyone on the “other” side! Before we get to the fun stuff, I want to reiterate how vulnerabilities like this can happen to any vendor. We are here to learn from these situations and share insights on how these types of situations can be mitigated.
In May 2021, the White House issued an Executive Order (EO) focused on improving the United States’ cybersecurity posture. Among other things, the EO calls for enhancing software supply chain security and strengthening the security of software used by the Federal Government. In short, this EO puts application security (AppSec) front and center.
We’re excited to announce two big updates to our Snyk User Content platform. You can now get better, quicker, clearer access to Snyk user documentation, allowing you to find the information you need, to get more and better use of your Snyk platform. This will help you implement, enable, and configure your Snyk integration, leading to a faster and smoother adoption and usage of Snyk at your company. Here are the enhancements to our User Content platform.
A long time ago (in the early 2000s), I was playing games online. One of my accounts was compromised – the password was changed, and multiple “high-priced” items I had earned were “traded” without my knowledge, to the account of another player. One could easily blame my simple password at that time when there were no rules around password strength. Regardless of the reason, what happened was one of the earliest versions of an account takeover (ATO) attack.
Most fresh installs of operating systems or applications come with pre-configured settings that are usually insecure or not properly configured with security in mind. Use the leverage provided by multiple frameworks such as CIS Benchmarks or NIST NCP to find out if your organization needs to augment or adjust any baselines to become better aligned with policies your organization is trying to adhere to.
The cybersecurity landscape is constantly evolving, even more so in the past decade, with technological revolutions changing the core of the cybersecurity industry. With new emerging technologies, machine learning, security automation, and AI are slowly but surely becoming a reality in the cybersecurity world. But as the cybersecurity landscape continues and redefines the roles of security workers, which logically begs the question - what does this mean for security professionals?
Companies list governance, risk, and compliance (GRC) as a top priority, but “doing GRC” isn’t easy. It takes time, effort and a strategy – and starting is usually the hardest part. So, in the first of our Back to Basics blogs, we’re going to focus on where every compliance and risk practitioner should start when building a GRC program: selecting the compliance frameworks which will form the foundation of your GRC program…
To defend against rapidly evolving cyber threats, businesses need to continually adapt and innovate. This means that red and blue teams must work together on an ongoing basis to maximise their individual and collective impact.
5G is already transforming and enhancing mobile connectivity. With its high speeds and low latency, almost all businesses and industries are now in the position to digitize applications and services they couldn’t dream of not long ago. With 5G networks, billions of devices and IoT (the internet of things) are interconnectible — leading to use cases like smart cities, AR/VR on mobile networks, remote medicine and much more. The potential is practically unlimited.
Modern organizations rely heavily on software and systems. Secure coding standards are significant, as they give some assurance that software installed on the organization’s system is protected from security flaws. These security standards, when used correctly, can avoid, identify, and remove loopholes that might jeopardize software integrity. Furthermore, whether developing software for portable gadgets, desktop systems, or servers, secure coding is critical for modern software development.
LUCERNE, SEPTEMBER 2021: SECUDE, a leading Digital Rights Management (DRM) solutions provider based on Microsoft Azure Information Protection (AIP) today announced that its flagship product HALOCAD® extends data-centric security across PLM and Multi-CAD integrations
The theme of this year’s National Coding Week (from 13th September) is “digital skills stories”, where people share their career stories to help inspire others to get into coding. Whether you are a student interested in a future career in coding, someone already in the industry looking for a new challenge, or even if you don’t know how to code but want to learn, there is plenty of inspiration to be found.
The SANS 2021 Automation and Integration Survey is now available for download, focusing on the question: First we walked, now we run – but should we? Let’s face it, we’ve talked about security automation for years. We’ve grappled with what, when and how to automate. We’ve debated the human vs machine topic.
It’s been a great year so far for the Open Policy Agent (OPA) project and community. OPA achieved graduated status in the Cloud Native Computing Foundation (CNCF) in February and is quickly nearing 100 million downloads! With all this growth, we were excited to see the results of the second annual Open Policy Agent user survey. As I mentioned in my post on the Open Policy Agent blog, we survey the community to help better steer the project's long-term roadmap in the right direction.
Detectify collaborates with Crowdsource, our private network of ethical hackers to help our customers access the latest critical security research and secure their web apps. With a hot hack summer, we saw a lot of devastating breaches which casted a negative view onto hackers as criminals. At Detectify, we believe that hackers are our allies.
Are you putting your organization at risk with outdated security strategies? Embrace next-gen AppSec to reduce security risks without impeding DevOps. Application development practices continue to evolve, enabling development teams to deliver applications at a pace never before thought possible. At the same time, cyber-criminals have developed new levels of attack strategies and intensified their focus, making it more important than ever to scrutinize applications for security vulnerabilities.
Python has been deemed as a “simple” language — easy to use and easy to develop scripts to do numerous tasks — from web scraping to automation to building large-scale web applications and even performing data science. However, dependencies are managed quite differently in Python than in other languages, and the myriad options of setting up an environment and package managers only add to the confusion.
In our recent blog, Who Do You Trust? OAuth Client Application Trends, we took a look at which OAuth applications were being trusted in a large dataset of anonymized Netskope customers, as well as raised some ideas of how to evaluate the risk involved based on the scopes requested and the number of users involved. One of the looming questions that underlies assessing your application risk is: How does one identify applications? How do you know which application is which? Who is the owner/developer?
Taking a proactive approach to threat hunting in cybersecurity is crucial, especially today when attacks are more stealthy and more complex than ever. What this means is that the olden ways of cybersecurity relying on time-consuming manual workflows are slowly becoming obsolete, and cybersecurity teams must be supported by active learning intelligence in their threat hunting processes.
As part of our upcoming attendance at the International Cyber Expo & International Security Expo, we were lucky enough to sponsor The Cyber Security Webinar Series with Nineteen Group and Grey Hare Media. Both Philip Ingram MBE and Emanuel Ghebreyesus, strategic account director for Tripwire, spoke about several topics including: You can read some of the highlights from their conversation below.