September 2020


Next generation firewall (NGFW) explained: What is a NGFW?

Traditional firewalls have been around for decades. But NGFWs, uninhibited by the same technology limits, take advantage of significant advancements in storage space, memory, and processing speeds. The feature set for NGFWs build upon traditional firewall features by including critical security functions like intrusion prevention, VPN, and anti-virus, and even encrypted web traffic inspection to help prevent packets containing malicious content from entering the network.

outpost 24

Fix now: High risk vulnerabilities at large, September 29th

Since the global pandemic we’ve been writing about the latest CVEs to look out for in our risk based vulnerability management blog. As we head into the Autumn and the nights begin to draw in, threat actors continue to exploit vulnerabilities and cause disruption. Let’s take a look at some that have raised their profile in the last couple of weeks


How to Measure Effectiveness of Your Security Operations with SOAR and Business Intelligence (+Video)

Rising above the daily firefighting to actually measure the effectiveness of your security operations is easier said than done. This, in part, is because security analysts traditionally have worked across dozens of products and consoles. The enuing lack of integration has been a major pain point for SOC teams when it comes to reporting, especially when you receive random requests for data in a variety of formats.

Netwrix Auditor for Azure AD - Overview

Netwrix Auditor for Azure AD enables complete visibility into user actions, including user sign-in activity, in your Azure AD deployment. The application provides actionable intelligence about successful and failed sign-in attempts and critical changes to Azure AD users, groups, roles, contacts, applications, devices, licenses and more.

Netwrix Auditor for Windows Server - Overview

Netwrix Auditor for Windows Server delivers complete visibility into Windows-based server infrastructures. It detects and reports on all changes made to server configuration — hardware and software, services, applications, network settings, registry settings, DNS, and more. In addition, it provides event log management and video recording of user activity.

Redscan Labs releases Zerologon detection tool

Zerologon (CVE-2020-1472) is a critical vulnerability in the Windows Server Netlogon process authentication process. Following our recent Security Advisory, immediate patching of the vulnerability is strongly advised. To help determine whether your organisation has been compromised as a result of an attacker exploiting the vulnerability (even prior to a patch being installed), Redscan Labs has developed a Zerologon detection tool.


Dangerous Docs: Surge in Cloud-delivered Malicious Office Documents

The global pandemic caused an abrupt shift to remote work among enterprise knowledge workers, which in turn resulted in an increase in risky behavior. Attackers immediately tried to capitalize on the pandemic, with COVID-19-themed phishing emails, scams, and Trojans. At the same time, techniques used in more sophisticated cyberattacks continued to evolve.


Can SAST tools improve developer productivity?

Organizations are increasingly agile today, producing and deploying software applications faster than ever before. But this requires all the elements in the software development life cycle (SDLC) to work together cohesively. Security practices in the SDLC become especially important, given that more than half of security flaws result from preventable coding mistakes. Ensuring that developers are on board with security practices is even more critical to improve the process efficiency.


What makes ARMO customers immune - by design - against vulnerabilities like the recently discovered CVE-2020-14386?

CVE-2020-14386 is yet another severe vulnerability that was recently discovered in the Linux kernel. It reminds us that the fight against vulnerabilities is not over. This particular one allows a regular application to escalate its privileges and gain root access to the machine. Indeed, it sounds scary.

Install Veracode for VS Code to Run Greenlight Scans

In this video, you will learn how to install the Veracode for VS Code extension. The Veracode for VS Code extension is available from the Visual Studio Marketplace. Greenlight finds security defects in your code in seconds so you can fix the findings directly in your IDE. Veracode for VS Code is an extension to Visual Studio Code, which performs a Veracode Greenlight scan at the file level, and supports JavaScript, TypeScript, and C#.

Find the Correct MSSP or Build an Efficient SOC? (Part 2)

Many organizations don’t rely on outsourced security solutions such as MSSP. Rather, they prefer building their own SOC to combat nefarious cybersecurity threats and attacks. However, it is vital to know how an effective SOC is built and what should be its essential security ingredients.


SSH configuration: ssh_config

This blog post covers some of my favorite settings for configuring the behavior of an ssh client (i.e. what is in the man pages for ssh_config). Whether you are looking to add some additional security constraints, minimize failures, or prevent carpal tunnel, ssh_config is an often underutilized, yet powerful tool. This article will take a look at a few useful ways to modify your ssh_config file to achieve a greater degree of security and control.


API Authorization at the Gateway with Apigee, Okta, and OPA (Part 2)

This is the second post in a two-part series about enforcing API authorization policies using Apigee, Okta and OPA. While the first post explained how to set up all three to work together, this post dives into detail on the policies that go along with the working code. The application we will be discussing is based on a hypothetical medical insurance provider Acme Health Care.


Zero Trust Architecture explained

With the increase in frequency, sophistication, and cost of cyberattacks, the global focus on cybersecurity is at an all-time high. However, the goalposts for those tasked with protecting businesses have shifted. Hackers have a growing number of ways they can compromise a business and are frequently looking to move laterally within an organization, using credentialed (and often elevated) access.


Leaky Images: Accidental Exposure and Malware in Google Photos and Hangouts

Did you know that the default link sharing option in Google Photos allows anyone with the link to view the files and all images shared in Google Hangouts that are publicly accessible? In this edition of our leaky app series, we will cover how image link sharing in Google Hangouts and Google Photos can lead to the accidental public exposure of sensitive data. We will also look at the threat detection capabilities of Google Photos and Google Hangouts.


Measuring Performance in Node.js with Performance Hooks

Measuring performance in Node.js applications can sometimes be a challenge. Do to the nature of the event loop and asynchronous code, determining the actual time a piece of code takes to execute requires tools built into the platform. First added in Node.js v8.5, as stableas of v12, the Performance Measurement APIs are stable and allow much more accurate monitoring than earlier implementations.


Shadow IT shaken with a mobile twist

If you bring up the topic of “shadow IT” to your head of IT, you will likely get a lecture about how employees need to follow protocol when using cloud cloud services so they don’t put the organization at risk. They’re not wrong. Without proper protection, unsanctioned tools can have significant consequences and unintentionally introduce security gaps.


Stories from the SOC - Cloud and On-site Protection

One of the benefits of having your managed detection and response (MDR) service managed by AT&T Cybersecurity is the visibility into threats from a large number of customers of all sizes and across different industries. This allows the team to take what they learn from one customer and apply it to another. Our security operation center (SOC) analysts were able to use an OTX alarm and an AWS correlation rule to discover open ports on public facing servers for two different customers in 24 hours.


Preventing Shadow IT from Blindsiding your Zero Trust Plan

I’ve spoken before about Zero Trust approaches to security, but for many of those starting on their journey, there isn’t an obvious place to start with the model. With this post, I wanted to share an example approach I’ve seen working that many organisations already have in place and can be easily rolled into a larger program of Zero Trust hardening: understanding your Shadow IT.

Siemplify Business Intelligence for Security Operations

The Siemplify Security Operations Platform is the only SOAR platform with out-of-the-box business intelligence (BI), allowing you to analyze and report on your security operations from a single location. With this knowledge, you can gain accurate visibiity into the processes you need to improve. Here is how you can take full advantage of the BI capability in Siemplify.

Law Firm Data Security Compliance: Protecting the Confidentiality Of Personal Data

Lawyers constantly handle sensitive data that attracts hackers and malicious insiders. Every security breach leads to reputational losses, remediation costs, and penalties. That’s why cybersecurity at law firms is regulated by strict IT laws and requirements. Complying with all necessary requirements and implementing protection measures that fit your organization is challenging.


How to Find Your Way to the Federated Responsibility Model for AppSec

There’s no denying it—the world is much different than it was just five years ago. It is a place where software lies at the heart of business. Because software now drives the competitive edge for organizations, everything about it matters. Productivity, efficacy, quality, security—they’re all imperatives in the building of modern software. The velocity at which companies deliver software is now a competitive differentiator in every industry.


Software-Defined Perimeter (SDP) vs Virtual Private Network (VPN)

Zero Trust Network Access (ZTNA) is the latest security model being pushed by vendors and analysts as the next step in cyberdefense. It is often coupled with calls to deprecate, replace or kill VPN, a technology that has been a mainstay of remote access infrastructure for over 30 years.


How to Use SIEM Effectively?

In the last article, we talked about the top 5 SIEM reports and how you can generate them on the Logsign SIEM platform. We covered reports related to user accounts, file access, user/group changes, threats, and attacks. This article will show how you can effectively use the Logsign SIEM platform along the lines of the most popular use cases. A use case is defined as a series of actions or events between a system and a user that achieve a particular goal.

iDevNews Application Architecture Summit 2020 | RBAC for SSH and Kubernetes Access with Teleport

Enterprises are best served by leveraging an RBAC system to manage access to their SSH and Kubernetes resources. With Teleport, an open source software, employers are able to provide granular access controls to developers based on the access they need and when they need it. This makes it possible for employers to maintain secure access without getting in the way of their developers’ daily operations. Join Steven Martin, Solution Engineer at Gravitational, as he demonstrates how to assign access to developers and SRE’s across environments with Teleport through roles mapped from enterprises’ identity providers or SSOs.

Understanding Cybersecurity Supply Chain Risk Management (C-SCRM)

Cybersecurity Supply Chain Risk Management (C-SCRM) deals with more than protecting an organization from cyber-attacks on third parties. It also addresses third parties to those third parties (known as “fourth parties”). Further still, a vendor to your vendor’s vendor is a fifth party, then a sixth party, etc. Your SCRM should involve knowledge of how far, complex and even convoluted your supply chain is. Then measure this complexity with your risk appetite.

Demo | Access Workflow Integration Using Pager Duty | Privileged Access Management | Teleport

Teleport allows you to implement industry-best practices for SSH and Kubernetes access, meet compliance requirements, and have complete visibility into access and behavior. But invariably, change happens. Teleport allows users to request elevated privileges in the middle of their command-line sessions and create fully auditable dynamic authorizations . These requests can be approved or denied in PagerDuty or anywhere else via a flexible Authorization Workflow API.

Data Privacy Solutions: How to Choose the Right One

Data privacy solutions are crucial for complying with privacy regulations and maintaining security. In the first nine months of 2019, there were 5,183 reported data breaches, with 7.9 billion records exposed, according to the Data Breach Quickview. Modern regulations, such as GDPR and CCPA, require companies to develop reasonable data protection measures to protect consumers’ personal information against exposure or loss.


A DLP Security Checklist for IT Professionals

As of June 2020, more than 3.2 million consumer records were exposed in the 10 biggest data breaches this year. Eight of the ten largest breaches occurred at healthcare or medical organizations, meaning patient information in addition to PII was likely acquired by hackers. Data loss prevention (DLP) is an ever-changing practice, with new security policies and information security standards evolving to keep up with the threat of online hackers.


Easy Ways to Boost Employee Productivity Remotely

Employee monitoring and productivity tracking features valuable insights into your teams’ performance levels throughout the day. If your office has been recently affected by the COVID-19 pandemic, you might also be transitioning into a more remote-friendly workplace environment. How do you make sure your employees are staying productive? Can you accurately measure an increase or decrease in your team’s overall productivity?


Under pressure: Managing the competing demands of development velocity and application security

The first software development team I worked on operated on the follow mantra: Make it work. Then, make it fast. Then, make it elegant (maybe). Meaning, don’t worry about performance optimizations until your code actually does what it’s supposed to do, and don’t worry about code maintainability until after you know it both works and performs well. Users generally have no idea how maintainable the code is, but they do know if the application is broken or slow.


What does a SIEM solution do?

It is not a hidden fact that threats in our cyberspace are continuously evolving. While they are getting sophisticated and complicated over time, a business cannot sit and wait for the attackers to exploit a vulnerability and disrupt an organization’s business operations. Absolute security is a state of oblivion and businesses must strive to achieve the maximum possible level of security.


Annotate and Fill Out PDF Files Directly With the Egnyte Mobile App

Working on PDF documents on mobile devices has been one of the most anticipated features this year. Now, with the integration of PSPDFkit, Egnyte has added this capability to its iOS app (the Android app has this feature in Beta, and it will be launched officially later this fall) Users who work on PDF files now have the tools for fast and easy editing. It reduces the time needed for file preparation as you can do it on the go within one app. It also reduces the costs of annotations.


BYOD security explained: what is a BYOD policy?

Bring your own device (BYOD) describes the practice of using a personal device such as a smartphone or tablet to conduct business on an organization's network or with its data. Organizations constantly walk a tightrope with their BYOD policies to balance employee productivity and satisfaction against the effective management of cybersecurity risks.


Instagram photo flaw could have helped malicious hackers spy via users' cameras and microphones

A critical vulnerability in Instagram’s Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. The security hole, which has been patched by Instagram owner Facebook, could be exploited by a malicious hacker simply sending their intended victim a boobytrapped malicious image file via SMS, WhatsApp, email or any other messaging service.


Making Security Proactive at Fitchburg State University

From time-to-time on this blog we like to take a moment to connect with those folks on the front lines of the cybersecurity battle, to give you a direct look into the issues they’re facing every day. Today, we sat down (virtually) with Sherry Horeanopoulos, the Information Security Officer at Fitchburg State University.


Watch Here: Using Analytics to Measure AppSec ROI

Maximizing the value of your application security (AppSec) analytics not only provides a window into whether or not you’re meeting security requirements but also it helps you prove your ROI. That can be a challenge for a lot of organizations – when stakeholders are not close to the data, they may miss milestones like hitting goals for reducing security debt or even how much AppSec program has matured by data.


Black Box Testing: What You Need to Know

Today’s software development life cycle includes a variety of quality and security testing techniques at every stage. Frequent testing throughout the DevOps pipeline is imperative considering the ever-increasing pace of development. One of the most common testing methods that companies use to ensure the products they are pushing out are secure and high-quality is black box testing.


Critical vulnerability in Windows Server discovered

A critical vulnerability has been discovered in Windows Server, allowing unauthenticated attackers to compromise all Active Directory identity services. The severity of this exploit has been rated at a 10/10 by security experts. The U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) believe that “active exploitation of this vulnerability is occurring in the wild”.


Case Study: The intersection of DevOps and security in med-tech

Amid the many challenges for healthcare is managing escalating costs without compromising quality of care and risks to patient safety and privacy. For connected medical device (med-tech) companies, this presents a major opportunity to support healthcare providers with advanced digital services, often via mobile-connected devices that process and transmit critical patient-related health information.


Imperatives for Today's Security Transformation

Industry research firm Gartner asked cybersecurity thought leaders to submit a video of themselves answering the question “What are your customers’ top security priorities?” for the Gartner Security & Risk Management Summit, a virtual event for the EMEA region held this month. Julian Waits, general manager of cybersecurity for Devo, was among those to whom Gartner posed the question. His video is below, and this blog post offers an expanded version of his response.


API Authorization at the Gateway with Apigee, Okta and OPA (Part 1)

API gateways have become a standard component in modern application architectures. The gateway exposes application APIs to the Internet and serves as a logical place to enforce policy. This is a two-part series about enforcing API authorization policies in Apigee with Okta as the identity provider (IdP).


Redesigning the UI of an Enterprise Application: A Development Case Study

Web design trends come and go at a dizzying pace these days. While it might be easy to completely redo a simple website or a web application, visual design is not often a top priority for large-scale enterprise applications. But even with larger applications, there comes a time when the system’s look and feel becomes dated and the user experience is just not at the level it might be. And it directly impacts customers. It’s probably time for a refresh!


What is mobile device management? MDM explained

Not too long ago, the desktop computer was the primary computing device for enterprise employees. With the rise of mobile endpoints like smartphones, laptops and tablets, employees are connecting to corporate networks from a wide variety of places and devices. Today, especially with the popularity of the WFH (work from home) model, managing the multitude of mobile devices is more complicated than ever before. The statistics tell a sobering tale.


IDC MarketScape Names AT&T a Leader in Worldwide Managed Security Services

IDC recently published the IDC MarketScape: Worldwide Managed Security Services 2020 Vendor Assessment, in which primary author Martha Vazquez and team studied 17 organizations that offer MSS globally. The report provides a comprehensive look at the top MSSP vendors, including AT&T Cybersecurity, and how managed security services are evolving to meet the needs of customers today.


Joint "CYPRES" Report on Incident Response Released by FERC

Earlier this month, the Federal Energy Regulatory Commission (FERC) published a joint report entitled “Cyber Planning Response and Recovery Study” (CYPRES) in partnership with the North American Electric Reliability Corporation (NERC) and eight of its Regional Entities (REs) in order to review the methods for responding to a cybersecurity event.


Helping Inspire the Next Generation of Cybersecurity Professionals

If you had asked 10 year old Tyler what he wanted to be when he grew up, the answer would have been a very enthusiastic, “Teacher!” Over time, however, that desire lessened as my fascination with technology grew. I ultimately ended up attending Fanshawe College to study Computer Systems Technology. I never fully abandoned that desire to teach, though. For a period of time in high school and college, I wrote tutorials for a major online security forum.

outpost 24

Container inspection: walking the security tight rope for cloud DevOps

Containers have become very popular with DevOps as a way to increase speed and agility. However, with recent reports of hackers utilizing vulnerabilities in Docker container images to compromise hosts and launch malicious containers – how can we identify this at the time of development to prevent security costing us later?


Key Takeaways from the 2020 Gartner Market Guide for SOAR

The much-awaited 2020 Gartner Market Guide for Security Orchestration, Automation and Response (SOAR) Solutions has arrived! As you can expect from Gartner, the report does an excellent job of outlining the latest trends and developments of the red-hot SOAR market. Here are some of the highlights of the report, along with additional commentary based on what we at Siemplify are seeing as the #1 independent SOAR provider.


SASE and TLS 1.3, Part 1: What does it mean to "support" TLS 1.3?

TLS is the most important protocol for secure communication with web sites and cloud services. Any vendor with ambitions in the SASE (Secure Access Service Edge) market has to be able to proxy TLS at scale. That requires considerable sophistication in terms of designing the computing and networking infrastructure for a SASE “security cloud,” but it also requires attention to the details of TLS itself.


Open source licenses: No license, no problem? Or ... not?

In 2019, the Black Duck® Audit Services team audited 1,253 codebases to identify open source components, their associated licenses, security vulnerabilities, and overall community activity. Our Audit Services team has extensive experience in not only identifying open source licenses, but also researching the more than 2,700 license permutations that exist in the open source world. But what happens when an open source component has no license at all?


The Need to Close the Cultural Divide Between Application Security and Developers

A security risk that many organizations are not dealing with is the cultural divide between application security and developers. In this research sponsored by ZeroNorth, we refer to the cultural divide as when AppSec and developers lack a common vision for delivering software capabilities required by the business—securely.


Developing security monitoring use cases for SIEM

At Logsign, we believe that every one of our clients faces a unique set of threats. There can be overlapping; however, it would be highly rare that two organizations face the same set of threats. Accordingly, when you are using a SIEM solution like Logsign SIEM, there will be use cases that are more important to your business than others. If you have used a SIEM tool previously, you know that a SIEM is a powerful tool to identify the smallest of threats in your entire technical infrastructure.

Escape The Ticketing Turmoil | Slack/PagerDuty Integrations | Teleport Workflow API

Teleport allows you to implement industry-best practices for SSH and Kubernetes access, meet compliance requirements, and have complete visibility into access and behavior. But invariably, change happens. Teleport allows users to request elevated privileges in the middle of their command-line sessions and create fully auditable dynamic authorizations. These requests can be approved or denied via ChatOps in Slack, in PagerDuty, or anywhere else via a flexible Authorization Workflow API.

Research Reveals that 75% of AppSec Practitioners See a Growing Cultural Divide Between AppSec and Developers

New Study Reveals Cultural Divide between AppSec and Dev Teams Capable of Increasing Organizational Risk; Current COVID-19 Environment Contributes to Diminished Levels of Collaboration and Innovation.

Security awareness training explained

Cyberattacks are an almost daily occurrence for many IT and security professionals, and there are a host of different security solutions in the marketplace today that look to help companies detect and prevent those attacks. However, despite all the technology organizations have in place, their users remain their weakest link. Phishing is still one of the top initial attack vectors. Why?


Why misconfigurations are such an issue in your containers and Kubernetes

Organizations are increasingly incorporating containers and Kubernetes into their IT infrastructure. As reported by ZDNet, Flexera’s “2020 State of the Cloud Report” found that about two-thirds (65%) of organizations were using Docker and that another 14% intended to begin using it at some point. Slightly fewer organizations (58%) were using Kubernetes at the time of the survey, by comparison, with 22% of participants saying they planned to adopt it.


Why Your Org Needs DLP for Slack: Ensuring Long-Term Data Security

Cloud security requires long-term investments to get right. Today’s demands of remote work and collaboration across teams are forcing security leaders to make fast decisions about which business tools they should allow their orgs to adopt. Data loss prevention (DLP) is a good way to support cybersecurity policies that will safeguard sensitive data and perform at the highest levels of security over the long haul.

ForgeTalks | Busting Cloud Myths

Welcome back to another episode of ForgeTalks. My guest this week is ForgeRock VP of Cloud Success, Renee Beckloff. Renee's career has been connected to the cloud for the last 15 years, making her uniquely suited to help bust some pretty entrenched myths. She doesn't hold back in our discussion and shares why there has never been a better time for large enterprise customers to embrace the cloud.

BSIMM11 tracks top trends in market activity

If you want to stay current, you have to keep up with what’s trending, no matter if it’s politics, healthcare, education, finance, or entertainment. Or software security, which in a connected world is behind everything on that list above. Software isn’t just important, it’s essential. The world as we know it wouldn’t function or even exist without it.


Detectify releases new and improved integrations

Integrations are intended to make work and the flow of information smoother. In our case, the integrations expedite critical vulnerability information found by Detectify to security teams and the application owners. That way, you can receive vulnerability information directly into your digital workplace of choice. Our solution seemed to be achieving this for our customers and the use cases kept growing and eventually outgrowing our scalability.


3 reasons ZOE chose Sqreen and a WAF to protect their 4M+ users' PII

We recently sat down with ZOE’s VP of Engineering, Julien Lavigne du Cadet, to discuss the tremendous overnight success of ZOE’s COVID-19 symptom app and how his team established protection for their 4M+ users in a short timeframe. ZOE is a fast-growing health science application that uses in-depth research and AI to provide a comprehensive scientific analysis of a user’s metabolism, gut, and overall health.

SKILup Day DevSecOps | How To Securely Access Compute Resources In Cloud Environments | Virag Mody

Virag Mody, Technical Writer for Gravitational gave a concise talk on Infrastructure Security best practices for SKILupDays DevSecOps 2020. In the talk he covers why certificate authorities are so important, and what individuals can do to create a more secure infrastructure access process.

The Devo Cloud-Native SIEM Is Now Even Better

Since February, when we launched Devo Security Operations, the industry’s first cloud-native next-gen SIEM, we’ve kept our foot firmly pressed on the development pedal to add features and enhancements. Security Operations enables customers to transform their security operations centers (SOC) and protect their enterprises against cyberthreats.


Cyber safety tips for virtual events

Since the start of the Covid-19 pandemic, the use of video chat software like Zoom has increased to 300 million meetings held per day. Unfortunately, hackers have taken to crashing private meetings and flooding them with objectionable content — a phenomenon known as Zoombombing. If you’re planning a virtual event, it’s important to pay attention to potential security issues and follow safety tips to keep the experience as safe and secure as possible for everyone involved.


How CISOs Can Foster Effective Comms and Build a Cybersecurity Program

For many organizations, security flows from the top down. That’s a problem when executives don’t emphasize security as much as they should. Cisco learned as much in its CISO Benchmark Study “Securing What’s Now and What’s Next20 Cybersecurity Considerations for 2020.” Here are just some of the findings from Cisco’s study: The reason for these findings wasn’t immediately apparent from Cisco’s study.


The Definitive Guide to Travel APIs

Cutting-edge applications in the travel industry heavily rely on third-party APIs and web services. Take TripActions: the corporate travel management software connects to the United Airlines API, the Southwest Airlines API, and the Lufthansa Group API to import their content like flight schedules and fares. Likewise, it connects to human resources APIs (Namely, BambooHR), finance APIs (Expensify, Spendesk), travel services APIs (VisaHQ, Stasher), and more.


Understanding Ecommerce APIs

If you work in the ecommerce industry, you know that every part of its value chain has been eaten by software: from product sourcing, inventory management, warehousing, online shopping, marketing operations, order management, payment processing, shipping, up to tax management. Today’s state-of-the-art ecommerce software is connected to countless other services. How? Through APIs. Take a random online store using Shopify, which empowers over 1,000,000 merchants in 175 countries.


How in the World Can CISOs Unite Security and DevOps?

For most companies today, software is what helps you compete. You have to roll out new products and services to satisfy customers, and you need to do it FAST. While it’s true DevOps has revolutionized development in terms of speed, capability and agility, the truth is security is having trouble keeping up. For CISOs and other security leaders, it’s no small task trying to ensure software development happens securely.


Making SIEM Use Cases

While threats continue to evolve every day, modern-day businesses cannot remain in oblivion and wait for the attackers to exploit a vulnerability or disrupt their business operations. Logsign experts recommend that businesses should be proactive while dealing with their cybersecurity. As a proactive measure, many of our clients have implemented Logsign SIEM solution to get a single-point view of their organization’s security posture.


Securing Digital Transformation in the New Normal

Last week, our team had the pleasure of hosting a virtual panel on securing digital transformation and what COVID-19 means for cyber security as we continue to navigate the increasingly remote workforce. Amid the COVID-19 pandemic, remote working has added a new dimension to the security, compliance, and digital transformation demand landscape.

EventSentry's tray application "EventSentray"

Tray app that features a system information dialog that shows uptime, hostname, ip address, CPU/Memory/Disk utilization, logged on users, top 3 processes based on current CPU and memory consumption and more. End users can also submit support tickets directly from their desktop, and EventSentry admins can document system activity with notes.

Stop Wasting Your Time and Money with a "Checkbox" SCM Solution

By now, we know a lot about secure configuration management (SCM). We know the way it works, the integral processes of which it consists, the areas of your IT infrastructure that it can help secure as well as the different types of best practice frameworks and regulatory compliance standards with which it can help you to maintain compliance. All we’re missing is how to procure and deploy an effective SCM solution.

SOC Quarantine Diaries: Keven Knight of Sy4 on Opening a SOC in 2020

In Ep. 5 of SOC Quarantine Diaries, Knight joins us to discuss the benefit for an MSSP to retain a physical SOC presence (7:10), the nefarious opportunities that the rise in remote workers and devices on the network have given cybercriminals (10:05), and how collaboration among personnel of varying security operations disciplines can continue effectively in the era of coronavirus (22:30), plus much more.

Data security vs. network security: What should your business prioritize?

Many businesses that have allowed employees to continue working from home for the foreseeable future are aware that they need to update their cybersecurity. It’s likely that they have allocated some budget and IT resources to make those necessary changes. However, IT budgets are finite. Given the economic disruption of the pandemic, enterprises must strategically decide where to invest their cybersecurity budget most effectively.


Nightfall's Policy Engine Makes Creating Custom DLP Workflows Easy

We’re excited to announce a new feature of the Nightfall platform: the Nightfall policy engine. With the policy engine, security teams can now more granularly customize when and how PII, PHI, secrets/credentials, and other business-critical data are detected within their cloud environments. Read on to learn more about the policy engine and how you can make the most of it.


Everything you need to know about DPO for schools

As legislation goes, the GDPR could be unique in its insistence that a new professional role, the Data Protection Officer (DPO), be created to ensure its mandates are properly met. But getting a DPO in place is no simple recruitment exercise, and that’s especially true for schools. For starters, people with the requisite mix of abilities and experience to do the job in educational environments are hard to find.


5 Important SIEM Reports

Security Information and Event Management (SIEM) helps organizations in collecting, correlating, and analyzing log data from a wide range of systems connected to their IT infrastructure. Based on the results, a SIEM solution assists an organization in detecting threats and suspicious activity on their IT infrastructure. If you are already using a SIEM platform such as Logsign, you would know the importance of SIEM reports.

NNT Change Tracker Gen7 R2 - Online Demo

NNT Change Tracker Gen 7 R2 provides critical and fundamental cyber security prevention and detection. It does this by leveraging the required security best practice disciplines of system configuration and integrity assurance combined with the most comprehensive and intelligent change control solution available. Change Tracker from NNT will ensure that your IT systems remain in a known, secure and compliant state at all times.

What is DDoS mitigation and how does it work?

Distributed denial of service (DDoS) attacks are a favorite method for attackers to disrupt or debilitate firewalls, online services, and websites by overwhelming systems with malicious traffic or transaction requests. DDoS attackers accomplish this by coordinating an army of compromised machines, or 'bots', into a network of devices they control from a remote location that focus a stream of activity toward a single target.


4 Reasons Why the OSI Model Still Matters

When it comes to security, practitioners have to keep a lot they need to keep top of mind. The Open Systems Interconnection (OSI) model provides the fundamentals needed to organize both technical issues and threats within a networking stack. Although information security is shifting to a cloud-first world, the OSI model still continues to prove its relevance. We’ll cover four key reasons why the OSI model still matters and how you can operationalize it in today’s world.


Best Practices for FinTech APIs

How many third-party APIs is your application consuming? All modern FinTech companies rely on external APIs to run their business. Take Robinhood for instance: the famous investment application is using the Plaid API to connect to its users’ bank accounts, the Xignite API to get financial data, and the Galileo API to process payments. That is only the beginning. The essential parts of their service could not run without consuming third-party APIs.


Detectify Security Updates for September 17

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users.


Top 7 Questions to Ask When Evaluating a Software Composition Analysis Solution

Your open source usage is out of control. Sure, it’s helping you develop your product faster and getting new releases out the door in days instead of months, but now your code base is made up of 60% or more open source components. And that percentage is only growing. The application layer continues to be the most attacked, so you know you need to stay on top of vulnerabilities.

NNT Log Tracker Enterprise - Online Demo

Comprehensive and easy-to-use Security Information and Event Management (SIEM) solution for any compliance mandate. Log Analysis or SIEM, is a key weapon in the fight against any cyber-attack. By gathering logs from all devices including network devices, Unix and Windows servers, applications and databases, and analyzing them for unusual or suspicious activity, the method and source of any attack can be identified, enabling preventative measures to be continually improved.

NNT Vulnerability Tracker - Online Demo

Vulnerability scanning is an essential foundational security control and vital for every organization. Cyber attacks such as WannaCry and Petya, left many asking the question: How can we stay safely ahead of the next threat? Using NNT Vulnerability Tracker™ will ensure that any known vulnerabilities can be identified within your IT infrastructure before they are exploited.

Dark Web monitoring and scanning explained

Shady deals often occur in darkness – criminal activities require secrecy to cloak their illicit nature. Today, you can find those dark places on the fringes of the internet, known as the Dark Web. More often than not, this is the place where cybercriminals go to monetize the data they’ve acquired as the result of a breach.


The History of Common Vulnerabilities and Exposures (CVE)

During the late 1990s, security professionals were using information assurance tools in concert with vulnerability scanners to detect and remove vulnerabilities from the systems for which they are responsible. There’s just one problem – each security vendor has its own database with little to no crossover.

outpost 24

Accreditation body CREST recognize Outpost24 for web application penetration testing

We are adding CREST to our growing list of industry certifications, which includes PCI ASV and ISO 27001 ensuring our customers know they’re in good hands and the services they receive meet industry best practice and vital data sovereignty standards.


Forging Better Security Outcomes with Integrated Threat Intelligence

For most companies, security and IT systems are growing in complexity, breadth of scope, and coverage, which consumes budget and staff time. The rapid breakdown of the traditional perimeter in this “new normal” world increases the challenges IT teams and remote users face on a daily basis.


16% of Orgs Require Developers to Self-Educate on Security

Theoretical physicist Stephen Hawking was spot on when he said, “Whether you want to uncover the secrets of the universe, or you just want to pursue a career in the 21st century, basic computer programming is an essential skill to learn.” It’s no secret that programming is a thriving career path – especially with the speed of software development picking up, not slowing down.


The new iOS 14 privacy and security features: what you need to know

Today Apple releases its next operating system update with iOS 14 and we’re excited to see data privacy is a central tenet. Apple has been positioning privacy and security on the iPhone as a unique selling point for some time now. At WWDC (and in recent ads), Apple pushed the message that “privacy is a fundamental human right,” and revealed new iPhone features that lend more control to the user when it comes to how their data is shared and accessed.


Find the Correct MSSP or Build an Efficient SOC? (Part 1)

Whether you are a CIO or chief executive of your company, the headlines of cybersecurity threats and attacks might be worrisome for you. There is always a question about how to ensure the cybersecurity of the organization to avoid financial, compliance and reputational risks. Today, to deal with ever-growing, fast, and sophisticated cybersecurity threats and attacks, enterprises either find the correct MSSP (Managed Security Service Provider) or build an efficient SOC (Security Operation Center).

xona systems

Empower, Maintain, Attract: 3 Priorities When Adapting to a Hybrid Workforce

2020 is a transformative year in many ways. Most prominently for businesses, the on-the-ground reality of the Coronavirus pandemic ushered in what Time Magazine described as “the world’s largest work-from-home experiment.” Of course, what began as a grand experiment has quickly become the new normal. More than half of corporate executives and small and medium-sized businesses plan to continue offering a remote work option even after the COVID-19 pandemic eventually comes to a close.


Why Threat Intelligence Sharing is the Future of SOC Analyst Productivity

With all the cyberthreats around today, security operations center (SOC) analysts need the right tools to identify, respond to, and stop those threats. Increasingly, threat intelligence sharing is one of the key tools for preventing threat actors from breaching organizations’ network, infrastructure, and operational environments, including the cloud.


Kubernetes Architecture and What It Means for Security

To understand how to effectively secure your Kubernetes environments, it is informative to understand the architecture of Kubernetes itself as well as where and how to focus efforts on valuable mitigations, especially those which require administrator or user configuration when provisioning clusters. Kubernetes is a robust yet complex infrastructure system for container orchestration, with multiple components that must be adequately protected.


Report: No Organization's Security Culture Has Received 'Excellent' Score

Security culture matters to executives, but these individuals are struggling to implement it. In a November 2019 study commissioned by KnowBe4, 94% of individuals with managerial duties or higher in security or risk management said that security culture was important for their organization’s success.


How SOAR Can Treat the Cybersecurity Skills Shortage

Raise your hand if you are aware that a (worsening) massive global skills shortage is afflicting the cybersecurity industry, leaving many organizations open to greater attack and breach risk because they lack the appropriate talent and skills to defend against their adversaries. Now that everyone’s hand is raised, we can move on to thinking about solutions.


Innovation in clinical genomics starts with DLP for Boston Lighthouse

Boston Lighthouse Innovations is a start-up that offers a clinical genomics solution suite with processing and reporting workflows for patient diagnostics. The nine-person team grew out of Massachusetts General Hospital’s molecular pathology department, which uses genetic data to diagnose cancer.


BSIMM11: Tracking the cutting edge of software security initiatives

The Building Security In Maturity Model (BSIMM)—the annual report on the evolution of software security initiatives (SSIs)—is gaining some maturity itself. The latest report, which went public this week, is the 11th iteration. Some things haven’t changed. The fundamental goal remains what it was at the start, more than a decade ago.


Write Code That Protects Sensitive User Data

Sensitive data exposure is currently at number 3 in the OWASP Top 10 list of the most critical application security risks. In this blog post, we will describe common scenarios of incorrect sensitive data handling and suggest ways to protect sensitive data. We will illustrate our suggestions with code samples in C# that can be used in ASP.NET Core applications. OWASP lists passwords, credit card numbers, health records, personal information and business secrets as sensitive data.


Back to school? Secure your Chromebooks!

Here at Lookout, we spend a lot of time talking about how best to secure tablets and smartphones. That’s because they dominate our lives. But as some of our daily routines continue to stay virtual and our kids return to school, the importance of securing Chromebooks has become top of mind. Chromebooks have become an essential tool for schools that transitioned to distance learning in the spring.


Sqreen's State of Application Security Report 2020: key takeaways

Sqreen recently published its inaugural State of Application Security 2020 Report, analyzing thousands of real security events happening at runtime across Sqreen customer applications. Rather than rely on self-reported data, the insights outlined in this report include data from actual in-app vulnerability exploits to give readers a real-time look into the true state of application security.


Challenges faced by companies in adopting online onboarding process

In the face of huge societal and economical challenges, the need for digital transformation seems the only ray of hope for survival for any company in any domain. Even post COVID there is no escape from going digital because generation Z who learned how to swipe a screen before they learned how to speak will be influencing and dictating the market. This might as well change the face of digital onboarding process of the customer.


Preparing for Zero Trust and planning your strategy

I listened in on a neat webcast recently, which was jointly produced by AT&T Cybersecurity and Palo Alto Networks: “Preparing for Zero Trust and Planning your Strategy.” Panelists were John Kindervag, Field CTO, Palo Alto Networks, Steve Sekiguchi, Director, AT&T Chief Security Office, Bindu Sundaresan, Director, AT&T Cybersecurity and Tawnya Lancaster, Lead Product Marketing, AT&T Cybersecurity.


Using the Cost of a Data Breach to Maximize Your ROI on Your Security Tools

The 2020 Cost of Data Breach report from IBM and the Ponemon is out. It provides a detailed analysis of causes, costs and controls that appeared in their sampling of data breaches. The report is full of data, and the website allows you to interact with its information so that you can do your own analysis and/or dig into aspects relevant to you and your industry.


Joint Cybersecurity Advisory on Threat Hunting and Incident Response Released

A joint cybersecurity advisory released on September 1st detailed technical methods for uncovering and responding to malicious activity including best practice mitigations and common missteps. A collaborative effort, this advisory (coded AA20-245A) is the product of research from the cybersecurity organizations of five nations.


Part Four: A Gap in Understanding and Responsibility

So far in our blog series, we have discovered that there is a high understanding of the threats that bots cause across all industries. We recently carried out a survey of 200 UK enterprises across e-Commerce, financial services, entertainment and travel. In part three of our blog series, we discussed how bots are affecting different industries. There is very little need to explain to businesses that bots can be a problem.


Why Your Org Needs DLP for Slack: Promoting Everyday Cybersecurity

Managing the demands of a distributed workforce — especially across multiple time zones and countries — is difficult in the best of times. Now, in the time of the Coronavirus, security leaders are being asked to manage new productivity tools at unprecedented speeds while keeping data security top of mind. As more companies add Slack to their communications and productivity stacks, security policies are being tested in new ways.


The Migration From PA-DSS to SSF: Everything You Need to Know

Technology is constantly changing and advancing. Payment platforms are no exception. As these new platforms emerge, the software supporting the platform must be reliable and secure. Without secure payment platforms, payment transactions and data could be compromised. The PCI Software Security Framework (SSF) sets standards and requirements for both traditional and modern payment software.


43% of Orgs Think DevOps Integration Is Critical to AppSec Success

It’s no secret that the rapid speed of modern software development means an increased likelihood of risky flaws and vulnerabilities in your code. Developers are working fast to hit tight deadlines and create innovative applications, but without the right security solutions integrated into your processes, it’s easy to hit security roadblocks or let flaws slip through the cracks.


How to Customize a Dashboard on Logsign SIEM?

Dashboards are an integral part of a SIEM solution as they help you in visualizing the security of your organization’s technical infrastructure in real-time. In our last article, we discussed in detail about the pre-configured dashboards on Logsign SIEM and the information they present for your security team. From threat intelligence to identity management, what types of dashboards are available under each category.


Critical Vulnerabilities in ICS Products Could Enable OT Execution Attacks

Security researchers recently discovered six critical vulnerabilities in third-party code that could expose hundreds of thousands of OT environments to remote code execution attacks. These vulnerabilities were found in Wibu-Systems’ CodeMeter software, a license management platform that is used widely by some of today’s leading industrial control system (ICS) product vendors, include Rockwell Automation and Siemens.

Webinar | Industry Best Practices for SSH Access | Teleport | How To

We've all used SSH dozens of times, but do we really understand how to SSH properly? Using such a powerful tool can come with a lot of risks, especially when we're on highly distributed teams with well-trodden workflows that can be tough to change. In an era of sophisticated phishing attacks and threats always knocking at our doors, we could all use a little help with making sure our infrastructure is as secure as it can be.

Gearing Towards Your Next Audit - Understanding the Difference Between Best Practice Frameworks and Regulatory Compliance Standards

Security configuration management (SCM) can help organizations do much more than just harden their attack surfaces against intrusions. This fundamental control also has the ability to make your audits flow more smoothly. Indeed, it allows organizations to pull reports from any point in time and demonstrate how their configuration changes and alignments help to support their compliance efforts.


Inside the Infographic: "Cybersecurity by the Numbers"

The ongoing cybercrime epidemic has triggered a cybersecurity calls to arms, as organizations around the world are looking for some 3.5 million skilled workers to help fight a $6 trillion problem. One of the cool features of the University of San Diego’s comprehensive new Cybersecurity Jobs Report is a shareable graphic that spotlights the cybercrime epidemic, the ongoing shortage of skilled cybersecurity professionals and the need for talent at the top companies across all industries.


Bringing UEBA & Zero Trust Together Making Remote Work Safer

2020 is likely to go down in history as the year of two pandemics, COVID-19 and cybercrime. Certain types of cybersecurity threats have massively intensified this year. For example, the malware NetWiredRC saw a 200% spike in detection rates in March 2020. COVID-19 has caused a sudden shift to remote working. More employees are now working from their homes than ever before. Remote work en masse exposes organizations to increased levels of threats.


Track Employees' Online Activity With Computer Monitoring Software

With so many employees worldwide working from home, can you be certain they are actually working productively? Is some of their time working from home being spent on social media, looking for other jobs, or taking care of their children? To maintain high performance and productivity, it’s important to keep an eye on your employees’ online activity with Veriato’s computer monitoring software.


Cybersecurity Breaches Caused by Insiders: Types, Consequences, and Ways to Prevent Them

Security incidents are often hard to detect and tend to go unnoticed for far too long. They’re also time-consuming to investigate, since gathering evidence and correlating facts may take months or even years. For instance, the graphic design website Canva became aware of the theft of user credentials for almost a million accounts only seven months after the actual incident. That’s why it’s better to put your effort into preventing incidents rather than handling their consequences.


Why Application Security is Important to Vulnerability Management

It was the day before a holiday break, and everyone was excited to have a few days off to spend with friends and family. A skeleton crew was managing the security operations center, and it seemed as though every other team left early to beat the holiday traffic. Every team other than the vulnerability management (VM) team that is. Just before it was time to leave for the day, and the holiday break, the phone rang.


Making it to the Sweet SINET 16

We were already having a great day yesterday – responding to all the congratulations messages on our funding, our huge 240% increase in revenue, and our customer momentum – when news hit that we were named amongst that select group of SINET 16 Innovator Award winners. Wow. The tally of security vendors hovers around 2500, and we’re called out as one of the 16 most innovative across that entire landscape.


Firewalls explained: the different firewall types and technologies

Finding the right network security tools to secure your sensitive data can be a significant challenge for any organization. Choosing a firewall may seem like a simple task, but companies can get overwhelmed by the different firewall types and options. Making the distinction between a firewall and other security solutions can also pose challenges. Here are the answers to some of the most common firewall questions.


O365 Phishing Attack Used Real-Time Validation against Active Directory

A phishing attack used real-time validation against an organization’s Active Directory in order to steal users’ Office 365 credentials. According to Armorblox, the phishing attack targeted an executive working at an American brand that was named one of the world’s Top 50 most innovative companies for 2019 on a Friday evening.


Cryptocurrency exchange Eterbase hacked, $5.4 million worth of funds stolen

European cryptocurrency exchange platform Eterbase has announced that it has suffered a security breach which saw malicious hackers access its network and steal funds worth US $5.4 million. In a message posted on Telegram, the Slovakian cryptocurrency exchange listed the six hot wallets plundered by cybercriminals for their Ether, Tezos, Bitcoin, ALGO, Ripple, and TRON riches.


5 steps to improve cyber security as your employees return to the workplace

During the COVID-19 pandemic, more UK employees have worked from home than ever before. According to a YouGov survey, around one in five people went from never working from home to doing so constantly. Coronavirus and the resulting lockdown have significantly increased cyber security risks for organisations, with many lacking sufficient controls to protect workers outside the workplace. This has been compounded by threat actors seeking to exploit the crisis.


How to Scan GitHub Repositories for Committed Secrets and other Code Snippets

In 2019, GitHub estimates that over 44 million repositories were created, and over 10 million new developers joined the platform. This comes as no surprise, as GitHub is the world’s largest host of source code. With that designation comes a substantial volume of committed code.


Risky Business: How COVID-19 changed user behavior

The COVID-19 pandemic caused an abrupt change — a sudden and lasting shift to remote work for the majority of knowledge workers. The number of people working remotely more than doubled in the span of a few weeks. Among the many challenges that security organizations faced during this transition was a change in user behavior.

ForgeTalks | A Local's Tour of the ForgeRock Identity Platform

Welcome back to ForgeTalks. In last week's episode, ForgeRock's VP of Product Management, Mary Writz, took me on a tour of the main landmarks of the ForgeRock Identity Platform, including Intelligent Access and ForgeRock Go. This week, we are treated to a local's tour of the platform. We'll travel "off the beaten road" and explore some of the hidden gems that the ForgeRock Identity Platform has to offer.

ForgeTalks | What is Single Sign-On?

At ForgeRock we help people access the connected world. How do we achieve it? In part, with an important digital identity tool called Single Sign-On (SSO). What is SSO? How does it work? What is the purpose of it? I was joined this week by ForgeRock's VP of Product & Solution Marketing, Ashley Stevenson, who took me through the ins and outs of Single Sign-On, using an incredibly helpful (and slightly nostalgic) analogy.

Is This Town Big Enough for Security AND Compliance?

In our final installment of a six-part series for CISOs who are looking to survive the “Wild West” of application security, we explore the sometimes tempestuous relationship between security and compliance. Follow us through this last piece of the security puzzle, as we continue to think about the “how” of doing business in a digital environment that often feels like a lawless frontier.


Top 9 Code Review Tools for Clean and Secure Source Code

Shifting left quality and security testing has finally become a practice that organizations are embracing. But even before testing the code comes code review, beginning at the earliest stages of development. Code review is essential for detecting and remediating code defects and errors before production, when they are relatively easy and less expensive to address.


How to Defend Against and Spot Malicious Insider Threats

Safeguarding against insider dangers in cybersecurity is among the leading issues that organizations are encountering today. Whether that risk results from ignorance, oversight or is made with harmful intent, utilizing these techniques will significantly help secure your organization. When people think of insider threats, their minds typically go to rogue or disgruntled employees that are intentionally performing a malicious act.

Virtual Event - CISO Panel: Securing Digital Transformation in the New Normal

As an IT security leader, how are you adapting during these uncertain times? Amid the COVID-19 pandemic, remote working has added a new dimension to the security, compliance and digital transformation demand landscape. It is increasingly important to embed security solutions and processes into the organization that reduce complexity and massively increase the automation of killer manual tasks. Learn how C-Level and other senior leaders from around the globe are securing digital transformation in the new normal by watching our latest CISO Panel.

Vulnerability disclosure: finding a vulnerability in Sqreen's PHP agent and how we fixed it

In June, I was personally contacted by a security researcher who had discovered a vulnerability in one component of the Sqreen PHP agent. This vulnerability would allow a bad actor to execute injected code through network access to the Sqreen PHP daemon. The data, accounts, or other sensitive information of vulnerable customers weren’t compromised or accessed because of this vulnerability.


Best Practices for Secure Infrastructure Access

Technologies build on other technologies to compound growth. It’s no coincidence that of the companies with the highest market capitalization within the US, the first non-tech company is the eighth one down: Berkshire Hathaway. Nor is it a coincidence that tech startups can take their valuation into the 10 digits in a flash on the backs of other tech companies. This pace of growth can only be afforded by the innovation of new technology.


Protecting Against Kubernetes Threats: Chapter 9 - Impact

The final part of our nine-part blog series – where we examine each of the nine MITRE ATT&CK tactics and techniques for Kubernetes – analyzes a set of techniques that fall under the category known as Impact. These techniques are aimed at disrupting or destroying resources and activity within the target environment, or in other words, the ultimate goal of an attacker. These include techniques to achieve data destruction, resource hijacking or denial of service.


What is Incident Response?

As new types of security incidents are discovered, it is absolutely critical for an organization to respond quickly and effectively when an attack occurs. When both personal and business data are at risk of being compromised, the ability to detect and respond to advanced threats before they impact your business is of the utmost importance.


What you need to know about securing your APAC business and the recent data law changes

Data breaches are growing in frequency and intensity amidst the recent Coronavirus pandemic, having increased by nearly 273% in the first quarter compared to the same time frame last year. In fact, 2020 may very well be remembered as the year when cybersecurity became a business problem rather than a technology issue. The driving factor here is the recent shift in workforce culture. More and more organizations are now setting up remote working teams.


Meeting the Challenges of Remote Work with Chrome OS Policy Settings - Part II

Welcome to the second part of this two-part blog series for administrators who are new to the Chromebook enterprise system. In the previous blog, we discussed settings that are applicable to users and applications. In this blog, we will further explore the Chrome enterprise admin panel as we look into settings that pertain to privacy and physical devices. Device Settings Device settings apply to the physical Chromebook device. They are enforced no matter which user is logged in.


Cloud Challenges by the Numbers: Adoption and Configuration

The year 2020 has shown us that cloud computing is among the most powerful capabilities humanity has, enabling people around the globe continue their everyday business and education uninterrupted. We continue gathering the most interesting findings from industry research. If you’re interested in learning statistics on cloud usage, top cloud initiatives and cloud security concerns, read the 2020 State of the Cloud Security Statistics article.


Nightfall helps modernize The Brain and Spine Clinic with DLP for Slack

Dr. Jacob Januszewski opened The Brain and Spine Clinic in January 2020 to serve his community in eastern Florida. Jacob combines his expertise in Minimally Invasive (MIS) Complex Spine Deformity surgery with patient care and compassion to help anyone who visits his clinic get the treatment they need and ensure a smooth recovery.


Leaving Bastion Hosts Behind Part 3: Azure

This post is the third in a series about alternatives to bastion hosts in each of the major cloud providers. The first post covered an introduction to bastion hosts, the SSH multiplexing attack, some disadvantages to managing your own bastions, and an alternative solution in GCP. The second post covered the Session Manager service provided by AWS.


How Cyber Kill Chain Can Be Useful for a SOC Team? (Part 2)

Installation: At this stage, SOC analysts are advised to deploy a Security Information and Event Management (SIEM) and Host-Based Intrusion Detection System (HIDS) to detect attacks. To deny an attack, Cyber Kill Chain recommends using Two-Factor authentication, strong password, and privilege separation as well as disrupting attack using data execution prevention.


How Does Ransomware Work? It Doesn't Have to If You're Prepared

Ransomware attacks have become the most common security threat faced by businesses today. A recent report from TrustWave indicates that the number of ransomware attacks quadrupled last year; this type of attack now accounts for more than 20% of all digital security incidents. It’s now more common than even credit card theft.


Top 6 Security Threats in Cloud Computing and How to Mitigate Them

In this digital era, more companies are encouraging or requiring employees to work from home. In addition to allowing employees to access the corporate network using their own devices, they are also turning to cloud computing, which is cost-effective and scales easily. However, not all of these organizations are prepared for the associated cloud security threats. Cloud providers often offer some protection capabilities, but their responsibility is primarily to ensure service availability.


What is an SLA? API Service-Level Agreements and How to Find Them

When you rely on a third party API for your application's features, it is important that you can reliably expect them work. Knowing that their uptime will be consistent, or greater than your own, and knowing that their support will be available if you identify a problem, can go a long way in making your choice of APIs easier. In this article we'll look at the Service Level Agreement, or SLA, and how it protects both you and the provider in the event of an outage or problem.


Alternate credit scoring: A boon for the banking sector

Financial institutions are responsible to provide liquidity to the economy and permit a greater magnitude of economic activity. Without financial institutions all the stacks of dough will be stuffed under your mattress, no benefits from fluctuating interest rates could be reaped. These establishments basically conduct financial transactions such as deposits, investments and loans.


Guide to Kubernetes Security Context and Security Policies

Securing pods, and the containers that run as part of them, is a critical aspect of protecting your Kubernetes environments. Among other reasons, pods and containers are the individual units of compute that are ultimately subject to adversarial techniques that may be used as part of any attack on your Kubernetes clusters.


Identifying the Most Dangerous Common Software and Hardware Weaknesses and Vulnerabilities - The CWE Top 25 (2020 Edition)

So far, there has not been a perfect solution to ridding the world of software and hardware weaknesses. Keeping up-to-date with which weaknesses have are most common and impactful can be a daunting task. Thankfully, a list has been made to do just that the Common Weakness Enumeration Top 25 (CWE).


How to Create & Customize Correlation Rules on Logsign SIEM

If you have been using a SIEM tool for quite a time, you will know that it can turn out to be a powerful security tool, if appropriately deployed. In your organization’s network, network devices such as IDS/IPS, firewalls, and routers generate a plethora of log data. Like these devices, there are many sources of data for a SIEM solution. The first barrier a SIEM encounters is normalizing the log data before it can detect and alert your team.

outpost 24

Fix now: High risk vulnerabilities at large, September 2020

Since the start of the pandemic we’ve been writing about the latest CVEs to look out for in our risk based vulnerability management blog. As we head into the Autumn and the nights begin to draw in, threat actors continue to exploit vulnerabilities the world over. Let’s take a look at some that have raised their profile in the last couple of weeks.


How to Detect Ransomware

The second most common type of malware incident is the notorious ransomware attack. According to the Verizon 2020 Data Breach Investigations report, the primary aim of a ransomware attack is “to disrupt operations badly enough and long enough that the organization will pay the ransom.” The average ransom payment in Q2 2020 was a whopping $178,254 — a 60% increase from Q1.


Detectify security updates for 4 September

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users.


AppSec Tools Proliferation Is Driving Investments to Consolidate

When it comes to application security (AppSec), it’s important to note that no one testing type can uncover every flaw. Each tool is designed with a different area of focus, along with various speeds and costs – so it’s necessary to employ a mix of testing types. A good way to think about AppSec testing types is to compare them to health exams. You wouldn’t have a cholesterol test and assume your annual physical was complete.


What are The Types of Dashboards in a SIEM Solution?

Dashboards are an integral component of any effective SIEM solution. After log data is aggregated from different sources, a SIEM solution prepares the data for analysis after normalization. The outcomes of this analysis are presented in the form of actionable insights through dashboards. Many SIEM solutions come with pre-configured dashboards to simplify the onboarding process for your team. Besides, an ideal solution should also allow an organization to customize dashboards as per its requirements.


Powerfully Simple SOAR for Service Providers [Video]

Security service providers require a software-driven foundation to deliver high-quality services that impress customers. But building this foundation for your business shouldn’t take you years of effort and massive investments in software development. Siemplify has already spent over five years building an industry-leading platform for service providers like you to manage your security operations.


Data Classification: What It Is and How to Implement It

Data classification is a vital component of any information security and compliance program, especially if your organization stores large volumes of data. It provides a solid foundation for your data security strategy by helping you understand where you store sensitive and regulated data, both on premises and in the cloud. Moreover, data classification improves user productivity and decision-making, and reduces storage and maintenance costs by enabling you to eliminate unneeded data.


Why Network Peering & Interconnections Matter

In previous blogs on the Netskope NewEdge network, we’ve discussed concepts including Secure Access Service Edge (SASE) architecture and why counting data centers alone is meaningless when trying to understand cloud service coverage. Now that we’ve laid the foundation it seems like a good time to get into what’s needed in terms of architecting the actual network and the connections required.


Gartner Summit: Balance Risk, Trust, and Opportunity in an Uncertain World

In light of the current pandemic, most organizations will be working remotely for the foreseeable future. But the increase in virtual operations has led to a higher volume of cyberattacks. Now, more than ever, it’s vital that your organization is armed with the industry’s best application security (AppSec) solutions. But how do you build and secure technology in an uncertain world? It’s a balancing act between risk, trust, and opportunity.


Why Patch Management Is Important and How to Get It Right

Many software developers tend to see patch management as another tedious security task that gets in the way of the development process. However, considering Forresters’s recent State of Application Security Report for 2020 predicted that application vulnerabilities will continue to be the most common external attack method, patch management is a critical part of the vulnerability management process that organizations can’t afford to neglect.


Why the IDC MarketScape named Lookout a mobile threat management software leader three years in a row

The IDC MarketScape for Mobile Threat Management Software just named Lookout a leader for the third consecutive year. Everyone at Lookout works hard to make sure we provide the best mobile security for our customers, so it’s incredibly satisfying to have the MarketScape recognize our capabilities and strategies. We’re honored for the recognition of our capabilities for the third consecutive year.


Understanding the Essential Elements of a SecureOps Strategy

The traditional approach to security is desperately flawed. NNT’s SecureOps strategy is a progressive way to deal with solving the problem of cybersecurity by combining the essential prescribed security controls recommended by frameworks such as NIST and the Center for Internet Security (CIS) with advanced threat prevention and detection, closed-loop intelligent change control and continuous compliance monitoring technology.


Celebrate Open Source Day with Gravitons on September 4th!

I was going through a row of photography books in an antique store when I got a call from Bucky Moore, our lead investor and a board member. “Let me know if you need anything from me. This is getting serious,” he said. He seemed concerned. It was Sunday, March 22nd, right after the shelter in place order went in effect here in California. The next day, COVID-19 was no longer just in the news, it was everywhere.


The Content Governance Mindset for IT Leaders

We’ve all been subjected to quaint media features that try to make business leaders seem like a joyful walk on the beach. They usually have a title like, “A Day in the Life of the CIO,” and they are laden with tropes that try to make the person relatable (“…and at 9:34 am, I finally get around to drinking that latte I got at Starbucks on the way into work!”), but truly the whole thing is just an annoying ploy to make you feel inadequate.


Red Team testing explained: what is Red Teaming?

In the world of cybersecurity preparedness, there are a variety of strategies organizations large and small can take to help protect their networks and data from cyber-attacks. One such strategy involves an organization testing its own environment for security vulnerabilities. But because security weaknesses come in different forms, it’s necessary to have a focused security team that comprehensively searches for vulnerabilities that go beyond simple risk assessments.


How Covid-19 has increased vulnerabilities in Industrial Control Systems

By now, most are aware that the Covid-19 pandemic has led to a spike in cyberattacks. This sharp increase in malicious activity related to COVID has taken the typical form of adversaries seeking to benefit financially, gain unauthorized access to networks for immediate and long-term strategic benefit, and spread misinformation with political agendas.


Dashboards: An Effective Cybersecurity Tool

Data is only as good as what you are able to do with it. Not only does the cybersecurity universe collect data, but individual enterprises also collect cybersecurity data from within their organization as well as from external sources in order to add to more context and relevance. All data needs to be analyzed in order to create actionable insights.


Part Three: How Are Bots Affecting Your Industry?

We recently carried out a survey of 200 UK enterprises across e-Commerce, financial services, entertainment and travel. In part two of our blog series, we discussed the current state of bot attacks. As we continue our blog series, we investigate how bots are affecting different industries. We surveyed enterprises in the industries we saw as the most at risk.

How to Understand the Software Supply Chain

The software supply chain can come with great risk if you’re not set up with the right processes, solutions, and tools, as well as the right checks and balances for third-party vendors. What Will You Learn? The entire development process, from ideation to creation and even the tools you have in place, can stall if there are security issues in your software supply chain. Without the right infrastructure in place, that can mean problems for your CI/CD and, down the road, the applications your customers rely on.

How to Customize a Report on Logsign SIEM?

In the last article, we discussed various types of reports a SIEM solution offers. We also threw light on how reports are arranged block-wise on Logsign SIEM along with other features. In this article, we explore how you can customize an existing report to suit your requirements. To start with, go to the Reports and Analysis section and select any report that you wish to customize.

Webinar | How Decisiv Scaled Global Remote SSH Access and Remained Compliant With Teleport

Learn how Decisiv provides secure access to developers and deals with compliance hurdles. Senior Engineer Hunter Madison will talk about how Decisiv needed to quickly solve the pain of scaling the engineering team, migrating to AWS, maintaining ISO 27002 compliance, and a few of his key learnings from his two-year journey using Teleport.

Cloud-based SIEM explained

Security information and event management (SIEM) solutions offer businesses the ability to collect, store, and analyze security information from across their organization and alert IT admins/security teams to potential attacks. In today’s complex digital environments, SIEMs allow IT teams to more effectively detect and respond to a wide range of threats across broad networks.


PCI DSS logging requirements explained

As a consumer, I feel more confident about using my credit card online and in brick-and-mortar stores when I know retailers are being careful about PCI DSS compliance. Breached financial credentials can wreak havoc not only on the lives of consumers, but also on the well-being of merchant businesses. I think the PCI DSS is an excellent example of how security standards can be improved when organizations cooperate and collaborate.


Gift Cards Requested in Two-Thirds of BEC Attacks, Report Reveals

A report revealed that scammers requested funds in the form of gift cards in two-thirds of business email compromise (BEC) attacks. For a phishing trends report from the Anti-Phishing Working Group (APWG), APWG member Agari examined thousands of BEC attacks that occurred in the second half of 2020. It found that 66% of them involved gift cards. By contrast, direct bank transfers factored in just 18% of attacks, followed close behind by payroll diversions at 16%.


Meeting the Challenges of Remote Work with Chrome OS Policy Settings - Part I

Many organizations, from enterprises to small businesses and schools, are focusing efforts on distance working and learning. One significant hurdle for those who are suddenly tasked with supporting remote users is the question of how to manage a fleet of new endpoints. One appealing solution for managing all these new remote users is to use Google Chromebooks.


CISO: What the Job REALLY Entails and How It's Evolved over the Years

All of us know what a Chief Information Security Officer (CISO) does from afar. A CISO upholds the organization’s overall security by overseeing the operations of the IS practice, the IT security department and related staff. In this capacity, those who become a CISO attain the highest paying job in information security, as it carries the associated responsibility of enabling business in a fast-evolving threat landscape. But is there more to this job than that description is letting on?


Responding to Cloud Misconfigurations with Security Automation and Common-Sense Tips

Few things can boil the blood of a security professional quite like the unforced error. It is a common term used in tennis, referencing a mistake attributed to a player’s own failure versus the skill or effort of their opponent. In cybersecurity, the unforced error is better known as the misconfiguration. This occurs when security settings, typically involving a server or web application, are set up improperly or left insecure.


Improve Workflow Collaboration with Slack Integration for ZenGRC

Not long ago, we’d say “slack” to describe not working, as in “slacking on the job.” With the advent of the Slack app, though, the term has become synonymous with productivity. And Slack’s ability to work in tandem with hundreds of applications makes this popular team communication and collaboration tool even more useful.


Migrating from On-prem Proxies to the Cloud

Recently, a Fortune 500 customer asked us to migrate 5 million lines of URL policies into our cloud solution. This configuration included frequently used websites like,, and as well as hundreds of other URLs and domains that were no longer reachable or registered anymore. Our first question to the customer was, “Help us understand why you would want to do that?”, in the context of migrating their entire configuration.


Affordable SOC-as-a-Service for SMEs

You may think that a Security Operations Center (SOC) is only for very large companies, but the reality is that malicious actors target any size company. A SOC is simply the epicenter of security, responsible for every aspect of protecting the organization. You have the choice of doing it yourself on-premises or outsourcing this to an experienced cybersecurity-as-a-service. A SOC combines people, process and technology to monitor and remediate IT security and compliance throughout your organization.


Work is no longer tethered to the office. Neither should security be.

The coronavirus pandemic forced the world’s workforce to retreat from their offices in a hurry. In that process, it proved something many of us already knew: employees can work productively without needing to be physically present or connected to the corporate network. Assisted by cloud-based productivity apps, tablets and smartphones have untethered us from the office space. At any time, I can pull out my phone and resume working via the cloud.


Why Microservices Require Unified Tools for Authorization

Cloud-native organizations embracing microservices are running into an unavoidable security question: how to handle microservice authorization controls? The central problem is this: unlike monolithic app structures, microservices architectures expose dozens more functionality through APIs, which can leave them vulnerable to attack.


Protecting Against Kubernetes Threats: Chapter 8 - Lateral Movement

The eighth installment in our nine-part blog series – where we examine each of the nine MITRE ATT&CK tactics and techniques for Kubernetes – examines lateral movement. Following a breach, an attacker might try to move throughout the environment to gain access to other resources, including other containers, nodes, or cloud resources. This blog post covers the set of techniques an attacker can employ to achieve lateral movement and offers guidance to mitigate them.


Predictive Risk-Based Vulnerability Management

Are you struggling to triage through tons of findings to identify the greatest threats and patch more effectively? You are not alone! With speed being the biggest challenge to effectively patch, this whitepaper looks at how existing prioritization works with CVSS scoring and how a risk based approach with machine learning can be applied to align corporate risk appetite and drive better decision making for optimal efficiency.

A Technical Guide to Remote Security Operations

One of the big reasons security operations centers excel at what they do is because they are a centralized unit charged with monitoring, assessing and addressing activity across a company's IT infrastructure. But with many SOCs shifting to remote arrangements, this cohesion has come undone. Yet, you and your team must charge on, and the good news is you can overcome any bumpy adjustment period by ensuring you have all of your bases covered.

Overcoming the 6 Most Common Threat Modeling Misconceptions

Threat modeling promotes the idea of thinking like an attacker. It enables organization to build software with security considerations, rather than addresssing security as an afterthought. However, there are some very common misconceptions tha can cause firms to lose their grip around the threat modeling process. This eBook shines a light onto the essentials and helps to get your bearings straight with all things related to threat modeling.

Build Security Into Your SDLC With Coverity

Are your developers getting discouraged by too many false positives from security tools that slow them down? You need a solution that boosts their productivity, finds real vulnerabilities, and provides expert remediation guidance. Coverity will help you achieve this and more. Learn how you can assess the ROI of implementing Coverity into your SDLC, quickly build secure applications, and accelerate your software velocity.

Mobile Wi-Fi Security Report

People tend to favor Wi-Fi over cellular for obvious reasons - it's usually faster, it doesn't tax your data plan and it's widely available. However, there are a number of inherent risks in allowing your devices to connect to Wi-Fi networks. Wi-Fi networks expose mobile devices to malicious threats, such as man-in-the-middle attacks and sensitive data loss on public hotspots. This report is designed to inform you of the many and varied risks of Wi-Fi and practical steps on how to manage that risk.