October 2020


Detecting Ryuk Using Splunk Attack Range

Cybersecurity Infrastructure Security Agency (CISA) released Alert (AA20-302A) on October 28th called “Ransomware Activity Targeting the Healthcare and Public Health Sector.” This alert details TTPs associated with ongoing and possible imminent attacks against the Healthcare sector, and is a joint advisory in coordination with other U.S. Government agencies.


Ryuk and Splunk Detections

Several weeks ago, my good friend Katie Nickels (Director of Intelligence at Red Canary extraordinaire) and I were chatting about Ransomware. She was super interested and passionate about some new uses of a ransomware variant named “Ryuk” (first detected in 2018 and named after a manga/anime character) [1]. I was, to be honest, much less interested. It turns out, as usual, Katie was right; this was a big deal (although as you will see, I’m right too… still dull stuff!).


What is Smishing? SMS phishing explained

SMS phishing, or “Smishing,” is a mobile phishing attack that targets victims via the SMS messaging channel rather than through email. A natural evolution of the phishing phenomenon, smishing attacks attempt to dupe mobile users with phony text messages containing links to legitimate looking, but fraudulent, sites. These smishing sites try to steal credentials, propagate mobile malware, or perpetrate fraud.


Are Bots Slowing Down Your Website?

Bad bots are disrupting your website performance, reducing performance and speed. Bot activity, both good and bad, affects all industries including retail, online gambling and gaming and streaming. In our blog we discuss the detrimental impact of bots to your website performance and subsequently, the customer experience, with advice for detecting and mitigating bad bot activity.


Could a Flurry of Interactions Be Skewing Your Metrics?

APIs served as part of web and mobile applications are vital to enabling customers to interact with your business. However, it’s important to understand the impact on your business when these APIs are used in new, non-standard and potentially unintended ways. While APIs are usually written and intended for use with certain frontends (i.e. web application or mobile app), they are served publicly on the internet and are open to inspection by any interested party.


The Fintech Sector is Under Cyber Attack - Here's How Companies Are Protecting their Data

Fintech companies – those that offer technology to support the banking and personal finance industry – are increasingly at risk of cyberattack. After healthcare, fintech is the second most frequently attacked industry, according to Alissa Abdullah, senior vice president of cybersecurity technology at Mastercard. Fintech News found that 27% of attacks target banks or healthcare.


Beware of Google Docs Spam

Netskope Threat Labs is warning users to be careful of spam messages being shared via Google Docs. The spam messages come in the form of a comment on a document or presentations and are sent by [email protected]. Both the comment and the document link the user to a spam or scam website. Because the messages are sent by Google Docs, it is likely that your spam filters do not detect and block these messages. In fact, docs.google.com may be explicitly allowed by your spam filters.


Weekly Cyber Security News 30/10/2020

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Once again the impact of this COVID pandemic claims another. Cast your minds back to earlier in the yearn (or was it last year now – feels like it) with the sudden burst in use of Zoom and House Party causing all sorts of issues.

Install Veracode for VS Code to Run IDE Scans

In this video, you will learn how to install the Veracode for VS Code extension. The Veracode for VS Code extension is available from the Visual Studio Marketplace. The Veracode IDE Scan finds security defects in your code in seconds so you can fix the findings directly in your IDE. Veracode for VS Code is an extension to Visual Studio Code, which performs a Veracode IDE scan at the file level, and supports JavaScript, TypeScript, and C#.

Why Are SIEMs Expensive?

SIEM (Security Information and Event Management) systems have a reputation for being expensive. And that’s generally correct – they can cost hundreds of thousands per year or have huge upfront costs. But why is that? There are several main reasons: All of this is changing. According to Gartner, SIEMs are going to the mid-market and these things don’t hold true there.


Extending security visibility beyond the network layer: Sqreen's October release

Yesterday, we hosted the first Sqreen Summit, where we shared our vision for unparalleled visibility in application security, demoed the latest feature releases from Sqreen, and chatted with Jason Montgomery, VP of Security at Datarobot and one of our Sqreen design partners. We also had a great breakout session on the changing role of the security engineer with Jacolon Walker, former CISO and security engineer at OpenDoor, Collective Health, Palantir, and others.

xona systems

Cybersecurity & Remote Workers: How to Protect Your Data & OT Infrastructure

Even before the Coronavirus pandemic created an environment ripe for bad actors to exploit, cybersecurity was a top priority at many companies. Most industries identified cybersecurity as a serious threat to their business continuity and longevity. Since the onset of COVID-19, 75% of business leaders view cybersecurity as a top priority to while navigating the new normal. It’s easy to see why.


What is Security Information and Event Management (SIEM), and how is it evolving?

Halloween is tomorrow, and do you know what that means? For starters, it means you can dance under the rare blue moon. A full moon visible for all time zones on Earth hasn’t happened since 1944, and won’t happen again until 2039. It also means you can don a costume and be anything you like. Kind of like a fraudster, that assumes a new persona every time there is a payment fraud attack.


StackRox + AWS + Kubernetes - A look inside our Security Hub integration

StackRox partners with AWS on many fronts, in large part because so many StackRox customers run our platform in their Amazon Elastic Kubernetes Service (EKS) environments. As the world’s most popular managed Kubernetes service, EKS – like all other AWS services – operates under a shared responsibility model for security.


Is IT security under attack?

From credential theft to network vulnerability exploitation and ransomware incidents on highly secure organizations, the year 2020 has been surprisingly rough on IT security. In the wake of the COVID-19 pandemic, companies around the world are reporting more cyberattacks than ever before, and although the techniques used or the method of attack may be new, the vectors of attack over the years remain unchanged.


Vulnerability scanning vs. Penetration testing: comparing the two security offerings

It’s no secret: the number of security vulnerabilities organizations must contend with is overwhelming. According to a 2019 Risk Based Security report, there were 22,316 newly-discovered vulnerabilities last year. One Patch Tuesday disclosed a record number of 327 vulnerabilities in a single day. Just keeping up is becoming a monumental task. But knowing where and how your organization may be vulnerable is critical to maintaining a healthy security posture.


How to make the future IoT more secure

IoT security begins with building secure software. Learn how to embed security into your SDLC to avoid becoming an easy target for hackers. In this, the final week of 2020’s National Cybersecurity Awareness Month, the focus is the future of connected devices. And some things about that future are pretty easy to predict. There will be more devices—billions more.


A Software Security Checklist Based on the Most Effective AppSec Programs

Veracode’s Chris Wysopal and Chris Eng joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security.

Veracode State of Software Security Vol. 11

Veracode, the largest global provider of application security testing (AST) solutions, announced the State of Software Security (SOSS) Volume 11 revealing 76% of applications contain at least one security flaw and fixing those flaws typically takes months. This year’s analysis of 130,000 applications found that it takes about six months for teams to close half the security flaws they find. Watch as Veracode's Chris Eng and Tim Jarrett break down the key findings from SOSS 11, with specifics on what's within developers' control as they seek to improve the security of their applications.

Top Tips for Getting Started With a Software Composition Analysis Solution

You’ve purchased a software composition analysis solution, and you’re excited to start scanning. Before you do, read our top tips for getting started with WhiteSource. Following some basic guidelines ensures your implementation gets off on the right foot.


Free Ebook: SIEM for Work From Home Security

The number of cyberattacks has increased five-fold after COVID-19, as the pandemic brought new opportunities to cybercriminals. At this rate, cybersecurity threats are estimated to cost the world US $6 trillion a year by 2021. Since remote working became “the new normal”, it also became a growing gateway to new forms of data theft and as a result, companies face significantly increased risk of cyber-attacks and data breaches.


Alert Fatigue And Automation Fatigue

Alert fatigue is a well-known phenomenon with security products – the security team gets a lot of alerts (from the SIEM, for example), it tries to triage and act upon all of them, but at some point, they are so many and so few of them are actual threats, that the security team just ignores them. And that leads to both overworked security teams and an increased risk for missing an actual threat. Why is that happening? It’s hard to tweak a system right, no matter how flexible it is.


3 Ways SOC Automation Can Reduce Analyst Burnout

The 2020 Devo SOC Performance ReportTM presents security professionals’ responses to a variety of survey questions related to people, processes, and technologies within their security operations center (SOC). One of the more interesting topics in the report is the role security automation technologies can play in improving SOC performance and alleviating analyst stress caused by overwork and performing repetitive, mind-numbing tasks, which can lead to analyst burnout.


What is endpoint detection and response? EDR security explained

As recent global health events have changed the world, the cybersecurity landscape has changed along with it. Almost all organizations — large or small — have seen their attack surface grow. For those unfamiliar with the term, an attack surface represents the sum total of all the ways in which a bad actor can exploit an endpoint or network to retrieve data. Every endpoint that connects to or communicates with the network is part of the network attack surface.


LokiBot Malware: What it is and how to respond to it

The Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security recently announced that activity in LokiBot, a form of aggressive malware, has increased dramatically over the last two months. The activity increase was discovered by an automated intrusion detection system referred to as EINSTEIN, which the Department of Homeland Security uses for collecting and analyzing security information across numerous government agencies.


5 Essential Steps to Improve Cybersecurity Maturity

From small- and medium-sized organizations to large enterprises, every business is under continuous threat of security risk in today’s digital world. With the growing digital footprint and cloud adoption, organizations continue to experience sophisticated cyberthreats that hold the potential to disrupt business continuity. A vast majority of these threats can go undetected, or they can be detected too late for an organization to avoid the exposure and the associated risks.


What Is Password Spraying, and How Can You Spot and Block Attacks?

In 2019, a data heist at Citrix shook the cybersecurity world. The attackers stole business documents from a shared network drive and from a drive associated with a web-based tool used in Citrix’s consulting practice. The hackers gained this access to Citrix’s IT infrastructure through a password spraying attack, a technique that exploits weak passwords, leading to criticism that the software giant needlessly compromised its clients by failing to establish a sound password strategy.


CyRC analysis: Circumventing WPA authentication in wireless routers with Defensics fuzz testing

Three WPA authentication bypass vulnerabilities were found in wireless routers using the Defensics fuzz testing tool. WPA3 will become a mandate for all new wireless devices, which can only be a good thing considering the number of vulnerabilities found in WPA2 implementations. Learn about the basic concepts (and common weaknesses) of WPA authentication, how these vulnerabilities work, and how proactive fuzz testing can identify and address similar issues in WPA implementations.


Discover latest security vulnerabilities in minutes with Detectify

25 minutes. That’s how long it took to bring high severity security vulnerabilities to Detectify Asset Monitoring customers from the moment they were discovered. On a more technical side, our Security Researchers, led by Tom Hudson, implemented a high priority vulnerability test to detect an Arbitrary File Read in VMware vCenter, and released it into production in this record time.


How to Appease the Gods of Compliance Without a Human Sacrifice

Halloween is here, and while trick or treating may be cancelled because of the ongoing pandemic, the basics of the celebration remain the same: pumpkins, costumes, kids amped up on sugar. That said, the origins of Halloween are rooted in Samhain, an ancient Celtic festival marking the end of the harvest season. Festival goers would slaughter animals and throw them into bonfires in an attempt to appease the dead.


SIEM: What Is SIEM, How It Works, and Useful Resources

SIEM stands for Security information and event management. This technology has existed since the late 1990s. Traditional SIEM has been joined by a broad use log management technology that focuses on collecting various types of logs and events for different purposes, such as: SIEM vendors usually provide different combinations of functionalities to offer the benefits listed above.


Lookout and Verizon Committed to Protecting Small Businesses with the Launch of Business Mobile Secure

Our mission has always been to secure the mobile experience and for many in our current climate, that means protecting employees as they work from home. Verizon recently announced the launch of Business Mobile Secure, a full security solution designed specifically for small and medium business customers with Lookout mobile security at the helm of the bundle’s modern endpoint protection offerings.


How to Set Up an SSH Jump Server

In this blog post we’ll cover how to set up an SSH jump server. We’ll cover two open source projects. Both of these servers are easy to install and configure, are free and open-source, and are single-binary Linux daemons. An SSH jump server is a regular Linux server, accessible from the Internet, which is used as a gateway to access other Linux machines on a private network using the SSH protocol.


KubeLinter: open source YAML linter / HELM linter for K8s

Today, I’m excited to announce the launch of KubeLinter , a new open source project from StackRox! KubeLinter analyzes Kubernetes YAML files and Helm charts, and checks them against a variety of best practices, with a focus on production readiness and security. Scroll down to watch a video overview of KubeLinter.


Phishing Emails - Less Ocean, More Aquarium

Here at Splunk, when we discuss Splunk Phantom with customers we end up talking about phishing pretty frequently because it’s something like Olivia outlined in a recent blog post, "Between Two Alerts: Phishing Emails — Don’t Get Reeled In!", customers both encounter and talk to us about all the time. It makes a lot of sense — phishing is a super common issue that almost everyone deals with ad nauseum and it’s annoying to investigate.


Duped, deluded, deceived: How disinformation defrauds you

The rise of social media has no doubt been one of the major revolutions of the 21st century. It’s brought about a whole new way for people to connect and share information with others, regardless of their geographical locations. But along with these more noble intentions of social media, there will always be abuse of these platforms – and one of the big ones is the spread of disinformation.


How Containers Support the IT-OT Convergence

The worlds of information technology (IT) and operational technology (OT) are colliding. In July 2019, Automation.com cited a survey finding where 82% of respondents told Forrester and Nozomi Networks that their organizations were in the early stages of an IT-OT convergence. Some said their organizations were embracing this meeting more fully. This finding begs several questions. Why are IT and OT converging?


4 Considerations for a Secure Cloud Environment

Digital attackers are increasingly turning their attention to the cloud. According to the 2020 Trustwave Global Security Report, the volume of attacks targeting cloud services more than doubled 7% in 2018 to 20% a year later. This growth made cloud services the third most-targeted environment after corporate and e-commerce at 54% and 22%, respectively. These trends highlight the need for organizations to secure their cloud environments.


Commit Code Confidently with the Nightfall DLP CircleCI Orb

Nightfall Data Loss Prevention (DLP) is now available as a CircleCI orb. CircleCI orbs are reusable snippets of code that help automate repeated processes, speed up project setup, and make it easy to integrate with third-party tools. With the Nightfall DLP orb, you can scan for sensitive items and prevent developers from accidentally committing sensitive information. We’re excited to announce our launch with CircleCI and share what you can do with the Nightfall DLP orb.


Introducing Advanced Analytics

Every organization is adopting the cloud, but there are some companies that are reaping a larger number of benefits from cloud transformation than others. Making an effort to adopt the cloud is simply not enough to realize the benefits. The organization that prepares for efficiently managing risk will be able to capture a larger percentage of the benefits than one that has not.


Using Real-User Monitoring to Understand API Performance

In our previous article we talked about Synthetic Monitoring—a technique used to automate the testing and monitoring of resources by performing simulated user interactions and API calls. Now we're going to look at a complimentary technique called real-user monitoring which takes a more passive hands-off approach.


njRAT Rising - The Increase in Activity of the Remote Access Trojan

First identified as active in November 2012, 'njRAT', also known as 'Bladabindi' or 'Njw0rm', is a well established and prevalent remote access trojan (RAT) threat that was initially created by a cybercriminal threat group known as 'Sparclyheason' and used to target victims located in the Middle East. Undoubtedly following the source code leak, reportedly in May 2013, njRAT has become widely available on the cybercriminal underground with numerous variants being released over the years.


Web Cache Entanglement - Novel Pathways to Poisoning

Each year we anticipate new research from James Kettle at the annual Black Hat USA event and he’s become known for his web cache research. This year he announced Web Cache Entanglement – new techniques to exploit web cache poisoning. We’ve previously covered his work concerning web cache poisoning and HTTP request smuggling which is intriguing for any software engineer to know about. This article will briefly highlight the main points about Web Cache Entanglement.


Cybersecurity is not complete without EDR for mobile

We just recently unveiled the industry’s first mobile endpoint detection and response (EDR) solution. This is an industry game changer as we are providing the same tools the Lookout security researchers use to hunt for novel threats to our customers to investigate cyberattacks. If you want to learn more about how we did it, I strongly encourage you to read our Chief Strategy Officer Aaron Cockerill’s blog on the announcement.


SOC 2 compliance for containers and Kubernetes security

This article contains useful tips to implement SOC 2 compliance for containers and Kubernetes. The Service Organization Controls (SOC) reports are the primary way that service organizations provide evidence of how effective their controls are for finance (SOC 1) or securing customer data (SOC 2, SOC 3). These reports are issued by the American Institute of Certified Public Accountants (AICPA).


Mobile device security explained

With recent global health events resulting in a surprise shift to an either completely remote or hybrid remote workforce for many organizations, the need to leverage mobile devices as work endpoints has grown significantly. This has created challenges for IT in maintaining both the ability to manage a wide range of devices, as well as securing them in a way that achieves corporate security objectives and governance.


Observations from the digital trenches

When AT&T Incident Response Consultants first engage a client during a ransomware incident, the situation is often very chaotic. The client's ability to conduct business has stopped; critical services are not online, and its reputation is being damaged. Usually, this is the first time a client has suffered an outage of such magnitude. Employees may wrongly fear that a previous action is a direct cause of the incident and the resulting consequences.


How to Best Secure the Industrial Network for EMEA Organizations

You don’t have to search very far in the news to see stories of websites being hacked and customer details being stolen. Stories about incidents involving industrial control systems (ICSes) and operational technology (OT) environments aren’t so common. But they are prevalent. Just the other week, for example, an airline company sent out an email letting me know that their database had been hacked and that my travel details might have been taken.


Protecting data in Snowflake is easy with Nightfall's API platform

Ever since Snowflake burst onto the scene in 2014, the company and the software has been massively influential in how we all think of storing and accessing data. Snowflake reached new heights in September when they launched their IPO — at 28 million shares and $3.4 billion raised, it’s the largest software IPO in history. The higher financial profile and cash influx means Snowflake can expand its reach even further.


The Future of Security and The Inevitability of Remote Working

By this time in 2020, you’re probably well past the panic of pandemic cybersecurity. The “New Normal” isn’t very new anymore and what was once perceived as short term crisis management of security is looking more like a long term solution. As we look ahead, it’s important to look at what we’ve learned from this situation, as security professionals and how we can apply that to the long road we still have ahead of us.


The Business Case for Cybersecurity-as-a-Service

Look no further than the almost daily cybersecurity threats and attacks on businesses to know that cybersecurity should be at the top of every organization’s priority list. Yet, for small and medium-size businesses (SMBs) it seems to always slip down the list because cybersecurity is viewed as a sunk cost rather than an important business enabler.


Red Team vs Penetration Testing - Which one is the right choice for your business?

Whether it’s a security assessment, a vulnerability scan, a red team or a pen test – What’s common? To identify issues and mitigate them from an organizational risk perspective. This article is aimed at weeding out various confusions from the readers mind. Stock up your caffeine, we are going to cover these areas under this topic.


Announcing the 11th Volume of Our State of Software Security Report

Today, we released the 11th volume of our annual State of Software Security (SOSS) report. This report, based on our scan results, always offers an abundance of insights and information about software vulnerabilities – what they are, what’s causing them, and how to address them most effectively. This year is no different. With last year’s SOSS Volume 10, we spent some time looking at how much things had changed in the decade spanning Volume 1 to Volume 10.


Understanding and mitigating CVE-2020-8566: Ceph cluster admin credentials leaks in kube-controller-manager log

While auditing the Kubernetes source code, I recently discovered an issue (CVE-2020-8566) in Kubernetes that may cause sensitive data leakage. You would be affected by CVE-2020-8566 if you created a Kubernetes cluster using ceph cluster as storage class, with logging level set to four or above in kube-controller-manager. In that case, your ceph user credentials will be leaked in the cloud-controller-manager‘s log.


Australia Proposes Security Law to Protect Critical Infrastructure Against Cyber Attacks

The Australian Government is committed to protecting the essential services all Australians rely on by uplifting the security and resilience of critical infrastructure. Increasingly interconnected and interdependent critical infrastructure is delivering efficiencies and economic benefits to operations.

outpost 24

NSA list: what you need to know about the top vulnerabilities currently targeted by Chinese hackers Part 2

In our previous blog we covered the first 10 of the NSA vulnerabilities currently targeted by Chinese hackers, here the remaining ones, again demonstrating the predictive power of our risk based vulnerability management tool Farsight


Security Analytics

As cybersecurity threats evolve, companies must adapt and rethink their security strategies. This means moving away from traditional technologies and towards new cybersecurity frameworks. One such framework is the NIST cybersecurity framework, which comprises five major functions: These five functions are the pillars of a well-rounded and effective cybersecurity strategy that is designed to improve a company’s capacity to counteract threats.


5 Tips for Training Non-IT Employees on Cybersecurity

In June, one research study found that the pandemic caused just over 40% of the entire US workforce to work from home full-time. Many businesses made the quick decision to allow employees to work remotely, scrambling to provide IT resources and remote-work tools on the fly. Now, many enterprises are doubling down and allowing employees to work from home for the foreseeable future.


10 Takeaways About the Impact of 2020's Uncertainty on Security

This week Netskope hosted our annual executive briefing with the US Embassy in London, converted, in common with many events this year, into an online webinar. We wanted to take the opportunity to consider what impact this year’s unprecedented changes and uncertainty were having on the cybersecurity landscape.


Docker vs VMWare: How Do They Stack Up?

This is a clash of virtualization titans: one virtual machine, the other a containerization technology. In reality, both are complementary technologies—as hardware virtualization and containerization each have their distinct qualities and can be used in tandem for combinatorial benefits. Let’s take a look at each to find out how they stack up against each other, as well as how the two can be used in tandem for achieving maximum agility.


The Importance of User Behavior Analytics

There’s no question that cybercrimes are a growing problem for businesses in the United States. A cyberattack can cost a business about $200,000 on average. Sadly, many businesses that are targeted cannot recover from the financial effects of a cyberattack. In fact, it’s estimated that 60% of targeted companies go out of business within six months of the attack.


Synthetic Monitoring

Testing uptime, response time, and other performance metrics in applications can take a few different shapes. One common technique is an approach known as synthetic monitoring. This form of performance monitoring doesn't rely on real users interacting with a service, and instead uses automated tools to mimic interactions. Then, the results are recorded and parsed just like other solutions.


Must-Have Features of a Modern SIEM

Initially, Security Information and Event Management (SIEM) solutions were readily adopted because of their capability to provide actionable insights into the deep corners of an organization’s network. Legacy SIEM systems helped in understanding when and where security incidents are happening in real-time. Soon enough, these SIEM systems faced an avalanche of false positives, and they required a dedicated team to filter out irrelevant alerts.


Using SIEM for Simplifying SOX Compliance

The Sarbanes-Oxley Act (SOX) establishes requirements for the integrity of the source data used in financial transactions and reporting. In particular, auditors are looking at regulated data residing in databases connected to enterprise applications. To prove the integrity of financial data, companies must extend audit processes to the financial information stored within corporate databases.


SPAM text messages vs SMiShing and defending against it

Businesses want to connect to their users and meet them where they are. One growing way to communicate to them is through text messages including providing coupons, recent news, and other marketing materials. When these marketing efforts are unwanted by the customer, this is when they cross the line into the SPAM category. SPAM has taken many forms throughout history such as junk mail in your mailbox and robocalls.


Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered

Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability researcher Slavco Mihajloski, opened up opportunities for cybercriminals to completely compromise WordPress sites. The flaw can be exploited if a user attempts to log into a Loginizer-protected website with a carefully-crafted username.

outpost 24

NSA list: what you need to know about the top vulnerabilities currently targeted by Chinese hackers Part 1

This week NSA published a list of the top 25 vulnerabilities that Chinese hackers are actively exploiting, and unsurprisingly the list included some of the most prominent CVEs that we’ve covered in our previous risk based vulnerability management blogs.


The evolution of bots: generations 1, 2 & 3

Bots are evolving dramatically and becoming more sophisticated and launching ever more complex and targeted attacks at ever increasing rates. This makes detecting bots more important than ever but also more difficult than ever. Bots of the more recent generations are harder to identify without expert bot detection tooling. These bots could put businesses at risk of exposure to threats such as scraping, carding, and credential stuffing.


How Netskope NewEdge Takes SD-WAN to the Next Level

With Gartner releasing its latest Magic Quadrant for WAN Edge Infrastructure earlier this month, it seemed an appropriate time to explore the intersection of SD-WAN and SASE. Both of these technological approaches hold great promise and are large, billion-dollar markets, sharing the common goal of connecting users to the data and applications critical to doing their job. The two technologies demonstrate the increasing overlap and tightening linkage between networking and security investments.

ForgeTalks | How to Address Identity Governance Fatigue

Welcome back to another episode of ForgeTalks. This week I met with ForgeRock Senior Director for Product Marketing, Tim Bedard, to discuss how organizations can address their identity governance fatigue. Because of legacy identity governance and administration (IGA) limitations, IT and security teams are exhausted from manually reviewing and approving access requests. These organizations need an identity model that provides visibility into who has access to what and why, eliminating these manual processes.

ContainerDrip - Another Example of Why HTTP Basic Authentication is Flawed

The latest exploit in the series of issues with cloud infrastructure software is called “ContainerDrip” (CVE-2020-15157)and in some cases it can cause you to leak your registry secrets to an attacker. The attack is actually a kind of secret or password leak using request forgery. Your client unintentionally makes an HTTP API request to the attacker’s endpoint where this request contains the container image registry secret.


Top 10 Application Security Best Practices

Software applications are the weakest link when it comes to the security of the enterprise stack. In The State of Application Security, 2020, Forrester says the majority of external attacks occur either by exploiting a software vulnerability (42%) or through a web application (35%). based on Forrester's The State Of Application Security 2020


Indonesia Fintech Market - SWOT Analysis

The limitations of traditional lending solution creates a room for innovation via Fintech. Fintech is able to address the challenges that conventional lending providers face by utilising a combination of different business models, technology, and innovative approaches. Indonesia’s fintech market looks like an open bottle of honey to me. The fintech market has grown by 16.3% with total investment in fintech companies reaching $176.75 million in 2019.


Everything You Need to Know About the Evolving Bot Landscape

In 2019 we saw more credential stuffing, sniper and scraper bot attacks targeting websites, mobile apps and APIs alike. The shift in attack vectors and scale of attacks highlights an urgent need for a sophisticated solution that protects businesses and customers from the growing malicious bot threat. Understanding the intent of bad bots vs. humans or good bots is vital as all industries face new challenges in acquiring the necessary visibility of their traffic, and subsequent analysis required for rapid and effective attack response that doesn't sacrifice the user experience.

3 Steps to Better Bot Management

Are you seeing the full picture when it comes to web and application security? Without fast and accurate data at your fingertips from the best bot management, it's increasingly difficult to differentiate human from automated bot traffic on your web-facing applications. Credential stuffing, account fraud and scraping attacks are a multi-billion-dollar business¹, with the scope for earning made increasingly simple by the vast number of internet users, availability of login credentials and the sheer volume of connected devices.

Internet of Things toys are fun but raise privacy and socio-political concerns

An estimated 38 billion devices are connected to the internet this year, highlighting the fact that the Internet of Things (IoT) is not a farfetched futuristic concept, but the reality for most of the modern world. Many of these connected devices are toys that children enjoy, but no matter how fun they may be, challenges have come to the surface due to privacy concerns and socio-political issues pertaining to gender-neutral toys.


More Effective Security Awareness: 3 Tips for NCSAM

It’s often said that humans are the weakest link in cybersecurity. Indeed, I’d have a hard time arguing that a computer that was sealed in a box, untouched by human hand, poses much of a security risk. But a computer that is unused has no purpose. It behooves security practitioners to get smarter about how we teach people to use those machines so that both humans and computers can work together to safely accomplish greater things.


Cybersecurity Compliance in the Education Industry: How to Protect Students' Personal Data

Educational institutions handle tremendous amounts of data and have access to personal, financial, and healthcare information of both students and staff. However, this exposes them to cybersecurity risks. In 2019, the US was hit by multiple ransomware attacks that impacted 89 universities, colleges, and school districts — up to 1,233 institutions were potentially affected.

Application Security Decoded: What It Means For IoT Devices, Security & Privacy | Synopsys

In our new video series, “AppSec Decoded,” Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Centre (CyRC), sat down with Laurie Carr, blog managing editor at Synopsys, to discuss the future of IoT devices and what it means for security and privacy.

How to Comply with the NIST Cybersecurity Framework

Since NIST Cybersecurity Framework is the best solution for better prevention, detection, and response to cybersecurity incidents, various organizations have adopted it to safeguard their IT assets. The 2019 SANS OT/ICS Cybersecurity Survey spells out the NIST CSF as the number one cybersecurity framework in use today. However, it is imperative to consider that how should we comply with NIST CSF in 2020 and beyond? Here is some help!


Mobile EDR for security professionals by security professionals

In case you missed it, Lookout just announced something that I’m super excited about – the introduction of threat hunting and research into the Lookout Security Platform. The reason this is so satisfying is because we are enabling organizations to use the same tools our security analysts have been using for years.


When Old News is More Dangerous than Fake News: Vulnerability Scan Blind Spots

Out of all the cat videos you could watch, how do you decide which one to view first? The beauty of social media is its real-time, democratic operation. Everyone gets to vote and the content with the most shares is the People’s Choice, rightfully ‘The Best’. But we now know this Facebook-era notion of ‘most popular equals best’ is open to abuse. It turns out that a significant proportion of social media interaction is in fact, manufactured.


Announcing Netskope's Upcoming Integration for Splunk Mission Control

Today’s security operations require coordinated efforts from multiple team members, many of whom are in different roles and technology specializations. Complexity inhibits the ability to conduct time-sensitive operations such as incident response. Security engineers and the threat hunters have to be on the same page when it comes to establishing priorities and conducting investigation, across the entire detection & response lifecycle.


Website Security: How to Protect Your Website Checklist

Putting a website on the internet means exposing that website to hacking attempts, port scans, traffic sniffers and data miners. If you’re lucky, you might get some legitimate traffic as well, but not if someone takes down or defaces your site first. Most of us know to look for the lock icon when we're browsing to make sure a site is secure, but that only scratches the surface of what can be done to protect a web server.


What is SQL injection?

An SQL injection (also known as SQLi) is a technique for the “injection” of SQL commands by attackers to access and manipulate databases. Using SQL code via user input that a web application (eg, web form) sends to its database server, attackers can gain access to information, which could include sensitive data or personal customer information. SQL injection is a common issue with database-driven websites.


Cybersecurity Experts Discuss: Enhancing and Augmenting the Analyst

In the final blog in our cybersecurity experts discuss series, we summarize why a SIEM can enhance and augment your SOC analyst. Read what Ben Harrison, Director SOC and Security Services at Cygilant and Jake McCabe, CISSP, Presales Director at LogPoint. A modern SIEM can help make a SOC analyst more effective and productive. It should take and leverage all types of different security-related data to perform meaningful analytics.


Session Control for SSH and Kubernetes in Teleport 4.4

Teleport 4.4 is here! The major innovation we’re introducing in this version is much improved control over interactive sessions for SSH and Kubernetes protocols. We’ll do a deeper dive into session control later, but for those who aren’t familiar with it, Teleport is an open source project. It provides access to SSH servers and Kubernetes clusters on any infrastructure, on any cloud, or any IoT device, anywhere, even behind NAT.


Teleport 4.4: Concurrent Session Control & Session Streaming

A SSH session can be interactive or non-interactive. The session starts when a computer or human connects to a node using SSH. SSH sessions can be established using public/private key cryptography or can use short lived SSH Certificates, similar to how Teleport works. Organizations often want to know who is accessing the systems and provide a greater level of control over who and when people are accessing them, which is where Teleport 4.4 comes into play.

xona systems

How Remote Operations Capacity Improves Organizational Efficiency

The Coronavirus pandemic is proving to be one of the most disruptive forces of our generation. In addition to being a prolific public health emergency that’s tragically cost the lives of hundreds of thousands of people, the economic implications have been vast and far-reaching. As a result, companies of every size in nearly every sector are contending with a new financial reality.


Egnyte Rolls Out New Governance and Compliance Tools for the Remote-work Era

From the beginning, Egnyte was architected so that your content would not have to be “boxed in” to any one single environment, but rather can flow seamlessly up, down, side to side across multiple clouds. There are good reasons for this. Sometimes it makes sense for data to be miles away, while other times it needs to be closer to where users actually are (at the edge), or offline altogether.


Raising the Red Flag on the Insider Threat from Ransomware

There was nothing in particular that should have drawn attention to the two individuals sitting for drinks at the bar in Reno. Just two old colleagues catching up over some drinks. But if someone had paid close enough attention (and perhaps spoke Russian), then they might have overheard that one of the pair was attempting to recruit the other into what was possibly one of the biggest ransomware operations to date.

Featured Post

Project Management Lessons Learned From Risk Management

While risk management can be draining, it offers crucial lessons that enable managers to implement projects efficiently. If you undertake a thorough risk analysis before any project, you'll identify all the gaps and create mitigation strategies. This way, you'll save time and resources.

6 top risk factors to triage vulnerabilities effectively

Common Vulnerability Scoring System (CVSS) scores have been viewed as the de facto measure to prioritize vulnerabilities. Vulnerabilities are assigned CVSS scores ranging from one to 10, with 10 being the most severe. However, they were never intended as a means of risk prioritization. If you’ve relied on CVSS scores alone to safeguard your organization, here’s why you’re probably using them incorrectly.


PSPs vs. OPA Gatekeeper: Breaking down your Kubernetes Pod security options

Organizations are increasingly turning to Kubernetes, but they’re having trouble balancing security in the process. In its State of Container and Kubernetes Security Fall 2020 survey, for instance, StackRox found that 91% of respondents were using Kubernetes to orchestrate their containers and that three quarters of organizations were using the open-source container-orchestration system in production.


A Closer Look at the Attempted Ransomware Attack on Tesla

Cybersecurity is in the news again with the disclosure that Tesla, working in conjunction with the FBI, prevented a ransomware attack from being launched at its Gigafactory in Nevada. The cybercriminals targeted Tesla through one of its employees, whom they allegedly promised to pay $1 million in order to help them infect the company’s system with malware.


3 Ways to Ensure Your Security Policies Survive the Transition to the Cloud

By 2025 the amount of data stored in the cloud by both governments, organizations, and individuals will exceed 75 Zettabytes – an estimated 49% of the world’s 175 zettabytes of data at that time. This trend has no doubt been accelerated by COVID, as organizations have been forced to shorten cloud migration timeframes to ensure business continuity during the pandemic.


What's the Cost of a Data Breach in 2019?

According to the 2019 Cost of Data Breach Report from Ponemon Institute and IBM Security, the global average cost of a data breach has grown by 12 percent in the last five years to $3.92 million. This was driven by the multi-year financial impact of breaches, increased regulation and the difficult process of resolving cyber attacks.


Full Stack Blues: Exploring Vulnerabilities In The MEAN Stack

Full stack development is all the rage these days, and for good reason: developers with both front-end web development skills and back-end/server coding prowess clearly offer substantially more value to their respective organizations. The ability to traverse the entire stack competently also makes interacting and cooperating with operations and security an easier affair—a key tenet of DevOps culture.


What is Secure Coding?

A skillful black hat hacker can quickly assume control of your digital products with just a few swift modifications to its coding, and as businesses continue to digitize their processes, this risk of penetration will only multiply. The solution is the adoption of secure coding practices. Secure coding is a method of writing software and source code that's shielded from cyber attacks.


Which Web Programming Language Is The Most Secure?

The question is indeed a contentious one, never failing to incite heated arguments from all camps. Many ways exist to cut the cake in this regard—WhiteHat Security took a stab at it in a recent edition of its Website Security Statistics Report, where it analyzed statistics around web programming languages and their comparative strengths in security.


Is DDoSing illegal?

You're woken by your phone erupting with notifications. You drowsily reach for it and find a barrage of messages from frustrated clients complaining about your website. You try to load your website but you're met with a frightful "service unavailable" message. You could be a victim of a DDoS attack. A Distributed Denial of Service attack (DDoS attack) is the process of sending an overwhelming amount of data requests to a web server with the intention of impeding its performance.


The Windows Server Hardening Checklist

Whether you’re deploying hundreds of Windows servers into the cloud through code, or handbuilding physical servers for a small business, having a proper method to ensure a secure, reliable environment is crucial to success. Everyone knows that an out-of-the-box Windows server may not have all the necessary security measures in place to go right into production, although Microsoft has been improving the default configuration in every server version.


What is SPF filtering and how do I implement it?

People fall victim to internet scams, not because they're exceedingly credulous, but because scammer efforts are becoming more and more believable. Now, cybercriminals can leverage your hard-earned reputation by sending emails that appear to come from your business. Victims of this spoofing attack could suffer irrevocable reputation damage or get their IP address blacklisted, putting an instant end to all online business activities.


What is Egregor ransomware? The new threat of 2020

Since stepping into the cybercriminal arena in September 2020, the Egregor group has penetrated over 71 businesses globally, including recruitment giant Randstad and US retailer Kmart. But who is the Egregor group and how have they managed to rise up as a significant cyber threat in just a few short months? Egregor is a cybercriminal group specializing in a unique branch of ransomware attacks.


What is Netwalker ransomware? Attack methods & important defense tactics

Since ransomware was founded in 1996, many ransomware gangs have attempted and failed to quake the cybersecurity landscape. But some have broken through and even rearranged it with their obfuscatory cyberattack methods. Netwalker ransomware is an example of such a success. Within its first six months of operation, the ransomware gang received more than $25 million in ransom payments. What is Netwalker ransomware and why is it so lethal? To learn more, read on.


What is Fourth Party Risk?

Every company outsources parts of its operations to multiple suppliers. Those suppliers, in turn, outsource their operations to other suppliers. This is fourth party risk. The risk to your company posed by suppliers' suppliers. Confusing, isn't it? The best way to frame it with a case study, so please read on! You help look after Information Security at a manufacturing company. Your company has got a policy for everything, including the policy to regularly maintain all the policies.


Cybersecurity Experts Discuss: Machine Learning for Security Applications

In a discussion between Ben Harrison, Director SOC and Security Services at Cygilant and Jake McCabe, CISSP, Presales Director at LogPoint, we summarize why machine learning and a SOC go hand in hand. Traditional SIEMs offer a rules-based approach as it looks for alerts. Because you can easily write a search, it’s very good at picking out known-bad entities. However, there are certain things that can occur which are not so black and white.


Get effective DevSecOps with version control

“Version control” sounds a bit like something used by people scattered around the country trying to collaborate on a story. But it’s a crucial part of software development, especially in the DevSecOps era, where you need to ensure that the speed of the CI/CD pipeline doesn’t outrun quality and security. That’s because software development isn’t like an assembly line where a product moves from one group of workers to the next in a perfectly coordinated sequence.


How to choose a Zero Trust Network Access architecture: Software-Defined Perimeter or Reverse-Proxy?

Zero Trust Network Access (ZTNA) is the next generation access solution that is set to be a key part of IT administrators toolkits, displacing longstanding Virtual Private Networks (VPN). There are numerous factors and features that need to be considered when choosing the right ZTNA architecture for your organization. In this guide we breakdown the differences between the two prominent architectures, Software Defined Perimeter (SDP) and reverse-proxy, and how to successfully evaluate them.


Top 5 Criteria for Selecting a Managed Security Service Provider (MSSP)

Does your organization consider working with a MSSP? Don’t make a commitment before reading our article about how to choose the right MSSP for you! Regardless of the reason why you decide to work with an MSSP, you must be very careful and fastidious when selecting a MSSP for your organization. In this article, we will discuss what you need to consider before making a commitment.


3 Zones that Require Network Security for Industrial Remote Access

By now, we have a good understanding of what secure remote access (SRA) is and why organizations might choose to enable it for their OT environments. We also know that securing IT-OT collaboration, leveraging guidance from best practice frameworks and using an automated solution can help organizations to implement this type of access. Even so, we still don’t have a detailed view of how to implement industrial remote access in practice.


IoT Devices: Privacy and Security in Abusive Relationships

A few weeks, ago, technology news site The Verge reported on a new Ring security camera that is in fact a drone that flies around inside your house. Available beginning next year, the ‘Always Home Cam’ is supposed to give its owners a total view of their home without the need for multiple cameras. Those worried about break-ins or other kinds of suspicious activities may like the idea of being a fly on the wall in any room inside the house, even when they’re away from home.


How are scalping bots threatening your businesses?

Scalper bots, or inventory hoarding bots, are used to disrupt, manipulate, and steal merchandise much faster than any human can. These malicious bots add products to carts, often products that are in high demand or limited supply. This stock is held in a basket and made unavailable to other prospective buyers. Scalper bots perform this process multiple times, causing significant problems for websites and retailers, by hijacking inventory and reselling the items at a higher price.


Cybersecurity Experts Discuss: SIEM Enrichment

Ben Harrison, Director SOC and Security Services at Cygilant and Jake McCabe, CISSP, Presales Director at LogPoint discuss why SIEM enrichment is essential to cybersecurity and how it improves your SOC. A mountain of data doesn’t do businesses any good unless it is put to good use. This is why data enrichment is essential.


Synopsys' Seeker IAST wins Best Cloud and Web Application Security category at CybersecAsia Awards

Synopsys is proud to announce that Seeker® IAST won the CybersecAsia 2020 award for Best Cloud and Web Application Security. This award underscores Seeker’s position as an industry leader in functionality and capability, offering best-in-class detection, tracking, and monitoring of sensitive data leakages for today’s modern and complex web, mobile, and cloud-based applications.


Weekly Cyber Security News 16/10/2020

It has been an interesting few months for all of us, and perhaps the only ones to have really benefited are the bad guys. With people on the edge for the latest news, and for those countries where governments have quickly setup public health alerting often quickly with little opssec planning, the doors are open for many opportunities for crooks to cash in – and they have. Needless to say, if you are here, then you probably already know the value of checking before acting right?


Watch Here: How to Build a Successful AppSec Program

Cyberattackers and threat actors won’t take a break and wait for you to challenge them with your security efforts – you need a proactive application security (AppSec) program to get ahead of threats and remediate flaws quickly. It’s critical that you stand up an AppSec program covering all the bases, from which roles each team member will have to alignment on KPIs and goals, and even a detailed application inventory to stay on top of your code.


7 Steps of Cyber Kill Chain

The Cyber Kill Chain offers a comprehensive framework as a part of the Intelligence Driven Defense model. In this article, we will discuss what the cyber kill chain is and what its steps are. Cyber intrusions are the worst nightmare of many of us. That is why many cyber security professionals and developers offer unique solutions for the identification and prevention of cyber intrusions activity. Being one of those developers, Lockheed Martin has brought the Cyber Kill Chain into our lives.


Use of Digital Identities to improve consumer experiences

Nowadays I do not need to waste my time fidgeting what I want to binge watch this weekend because my Netflix seems to knows what I would want to see better than me. And I often cringe if people ask me to share my Netflix account with them as that disturbs my suggestion algorithm. Similarly, while ordering from Myntra, it shows me suggestion of products which are available in my size and according to my spending capacity based on my previous buying habits.


Understanding and mitigating CVE-2020-8563: vSphere credentials leak in the cloud-controller-manager log

While auditing the Kubernetes source code, I recently discovered an issue (CVE-2020-8563) in Kubernetes that may cause sensitive data leakage. You would be affected by CVE-2020-8563 if you created a Kubernetes cluster over vSphere, and enabled vSphere as a cloud provider with logging level set to 4 or above. In that case, your vSphere user credentials will be leaked in the cloud-controller-manager‘s log.


Domain controller patch alert! Vulnerability grants domain admin access in 10 seconds

A critical Active Directory vulnerability (CVE-2020-1472) has been making headlines for being the most notorious elevation of privilege bug because it can affect all computers and domain controllers in an organization. This high-risk vulnerability, dubbed Zerologon, gives threat actors easy, instant access to domain controllers without requiring any additional privileges. This attack does not even require a user to be authenticated; the user just needs to be connected to the internal network.


What is threat modeling?

A lot of cybersecurity terminology can sound complex and esoteric. You may hear defensive security specialists, the people who work to secure computers and their networks, talk about threat models and threat modeling a lot. So what is threat modeling? It’s actually pretty simple, and it’s a concept that can not only be applied to computer security, but also to ordinary people in our everyday lives.


CMMC compliance explained: what is the Cybersecurity Maturity Model Certification?

With an escalating cybersecurity threat risk that doesn’t appear to be slowing down, the Department of Defense (DoD) has taken proactive measures in creating the Cybersecurity Maturity Model Certification (CMMC). The CMMC will soon be a requirement for any defense contractors or other vendors that are, or wish to be, working with the DoD .


Barnes & Noble warns customers it has been hacked, customer data may have been accessed

American bookselling giant Barnes & Noble is contacting customers via email, warning them that its network was breached by hackers, and that sensitive information about shoppers may have been accessed. In the email to customers, Barnes & Noble says that it became aware that it had fallen victim to a cybersecurity attack on Saturday October 10th.

outpost 24

Fix now: High risk vulnerabilities at large, October 13th

This time around, the MySQL vulnerabilities caught our attention because of their low CVSS scores compared to their high likelihood risk rating. This is something we see often when working with our customers, and demonstrates how a risk based approach to vulnerability management changes as organizations focus on where there is a real risk of compromise.


Add DLP to Airtable with Nightfall's API platform

Airtable has proven its staying power among tech unicorns as a customizable and collaborative project management platform that empowers users to track literally anything at work or at home. When the company announced its $185 million Series D funding in September, they generated a whole new round of buzzworthy headlines. For security leaders, this means that new requests for adding Airtable to tech stacks are likely on the way.


Cybersecurity Experts Discuss: Data is King

We recently spoke with Ben Harrison, Director SOC and Security Services at Cygilant and Jake McCabe, CISSP, Presales Director at LogPoint on 10 steps to cybersecurity. Here we summarize their conversation on why data is king. The volume of data we must analyze to stay secure is substantially increasing. At the same time, the tooling and systems that support cybersecurity are not increasing at the same rate.


Making SCA part of your AST Strategy

Open source software is now used in nearly every organization, which makes it critical to know your code. Learn how an SCA tool can help you. There’s an ongoing sea change in how developers ensure a more secure software development life cycle (SDLC). “Shift left” is the notion that creating high-quality software begins with planning and continues through the development and testing stages to actual deployment.


Calligo joins the Top 100 of the Growth List 2020, Canada's fastest-growing businesses

For the first time, Calligo has been included in the official ranking of Canada’s fastest-growing businesses, entering the Top 100 at its first attempt, ranked 84th overall and the 9th highest IT company. The Growth List 2020 is based on the five-year revenue growth of Canada’s top private and public independent companies.


Be Wise - Prioritize: Taking Application Security To the Next Level

As the number of known vulnerabilities continues to grow every year, software development and application security teams are increasingly relying on vulnerability detection tools throughout development. The result: teams are often overwhelmed with a steady stream of security alerts that must be addressed, and it’s becoming clear that it’s impossible to attempt to fix everything.


Remote access evolved: Wandera Private Access

For Wandera the year started with a new brand and a new direction, using our strengths as security experts to establish a circle of trust. Security leaders were telling us that establishing trust was becoming a major challenge for their business, especially when remote users and highly sensitive, data-rich corporate resources were involved.


How to Set Up Kubernetes SSO with SAML

Kubernetes has some impressive baked-in role based access controls (RBAC). These controls allow administrators to define nuanced permissions when querying Kubernetes resources, like Pods, Deployments, ReplicaSets, etc. For those familiar with Kubernetes, the value of RBAC is immediately recognizable. A single Kubernetes cluster can contain your organization’s entire CI/CD pipeline, highly available SaaS products, or infrastructure that is in the process of being moved to the cloud.


6 Kubernetes Security Use Cases You Must Prioritize

Organizations are rapidly moving their Kubernetes applications to production to accelerate feature velocity and drive digital transformation and business growth. Our latest State of Kubernetes Security survey report shows that companies have standardized on Kubernetes, and this rapid adoption offers equal parts promise and peril. Promise, in the form of infrastructure that enables far greater inherent security than ever before.


The Journey to 7X Search Performance Improvement

Egnyte is used by our customers as a unified platform to govern and secure billions of files everywhere. As the amount of data stored is huge, customers want to search their dataset by metadata attributes like name, user, comments, custom metadata, and many more, including the possibility to find files by content keywords. Taking all of that into consideration, we needed to provide a solution that is able to find relevant content in a fast and accurate way.


CVE-2020-16898 - Microsoft TCP/IP Vulnerability

In Microsoft’s October 2020 Patch-Tuesday release, a remote code execution vulnerability CVE-2020-16898 was disclosed. The vulnerability is wormable and does not require any user interaction. The proof-of-concept code for crashing the victim system is available publicly and the vulnerability could soon be weaponized by malicious actors. The CloudPassage Halo cloud security platform identifies which servers are vulnerable.

Enhancing Observability in DevSecOps

Digital transformation often accelerates innovation at the expense of creating an intelligence gap with massive amounts of unanalyzed data. This is where Continuous Intelligence comes into play. Join Sumo Logic’s Systems Engineer, Suresh Govindachetty, as he demonstrates how Continuous Intelligence helps find and solve information gaps, and how a single platform approach allows organisations to combine devs, operations, and security in ways that ease the burden for all teams across the organisation.

Penetration Testing Services: what to look for in a pen test provider

These days computers and the software that operate upon them touch practically every part of our professional and personal lives. The information they store, process and transmit is the foundation upon which businesses are built, how customer experiences are delivered, and how we find the best takeout food in our immediate area. So why is it so hard to keep them highly secure?


UAE's Information Assurance Regulation - How to Achieve Compliance

For years, the United Arab Emirates (UAE) has committed itself to adopting information technology (IT) and electronic communication. The UAE’s Telecommunications Regulatory Authority (TRA) noted that this policy has made the state’s government agencies and organizations more efficient as well as has improved the ability for individuals to collaborate around the world.


How to Automate a Ransomware Response in 5 Steps

As if organizations are not under enough pressure from ransomware purveyors, Check Point estimates that ransomware attacks have roughly doubled in the United States over the past three months, due in part to the shift to remote working which has increased phishing opportunities and exposed new gaps in corporate IT infrastructure. And the situation has become even more distressing with the U.S. government now threatening fines to victims who pay the cyber extortionists’ demands.

Siemplify Security Operations Platform Overview

Watch as we take you on a high-level tour through the world's leading independent SOAR platform and how it enables security analysts and engineers to work more efficiently and effectively. Discover how the platform provides integrations to hundreds of security and IT tools and ready-to-deploy use cases, yet goes beyond orchestration and automation to provide a complete platform to manage security opeations from end to end, from patentend threat-centric alert grouping all the way to an integrated crisis management portal.

What You Need to Know About Unofficial APIs

Some APIs provide data we benefit from. Others are hooks into an ecosystem that our users find valuable, and others provide features that are difficult to build. What happens when we need access to data that users expect, but an API doesn’t exist? Maybe you’re building an automotive application that would benefit from pulling driving statistics from the user’s car, but the manufacturer’s API is private.


Cybersecurity Experts Discuss: Balancing People and Process

Two cybersecurity experts recently discussed balancing people and process. Read what Ben Harrison, Director SOC and Security Services at Cygilant and Jake McCabe, CISSP, Presales Director at LogPoint have to say. While your modern cybersecurity SOC and SIEM must be process driven, it also needs to be talent-led. You have a constant balancing act between people and process. Don’t neglect your people.


Three stages of IT security where you can implement CARTA (Continuous Adaptive Risk and Trust Assessment): Run, Plan, Build

CARTA (Continuous Adaptive Risk and Trust Assessment) is a novel and efficient approach to the IT security that aims to offer additional context for the cybersecurity professionals when they are making a decision. Keep reading to learn more! CARTA (Continuous Adaptive Risk and Trust Assessment) was introduced in 2017 by Gartner. Being around for only 3 years, CARTA offers a strategic and efficient approach to the IT security.


The U.S. Department of Defense - A Role Model for DevSecOps

Several years ago, few would have thought that a government agency would be at the forefront of application development tooling and processes, daring the civilian world to keep up with their shift-left knowhow. But that’s exactly what’s happening in the U.S. Department of Defense, which is implementing the Enterprise DevSecOps Initiative to enable agencies to increase the warfighter’s competitive advantage by developing applications more rapidly and securely.

Sumo Logic Cloud SIEM overview

Sumo Logic's Cloud SIEM solution provides security analysts with enhanced visibility to seamlessly monitor their on-prem, hybrid, and multi-cloud infrastructures and thoroughly understand the impact and context of an attack. In addition to supporting a wide spectrum of security use cases, including audit & compliance, Sumo Logic fused analytics and SOC automation to perform security analyst workflows and automatically triage alerts—increasing human efficiencies and enabling analysts to focus on higher-value security functions.

Remote, Hybrid Work Need Better Data Security

2020 is a uniquely transformative year. Prompted by a global pandemic, we’ve been forced to change many things about how we live, work and relate. For most businesses, this means a rapid and comprehensive shift toward remote work. While more than half of all employees participated in a rapid transition to remote work, it’s clear that this is more than just a temporary change.

DIY Guide to Open Source Vulnerability Management

You've realized you need to do a better job of tracking and managing your open source as well as the vulnerabilities and licenses associated with it. How hard can vulnerability management be? Do you really need special tools? After all, the license and vulnerability information is publicly available. Once you get a list of open source components and do some Google searching, you should be all set, right?

What is search engine clickbait and how do hackers trick Google's crawlers?

Search engine optimization (SEO) works with algorithms to ensure that the most relevant and most popular webpages show up first in an internet search. SEO makes sure that the best websites get the biggest boost. However, SEO has a lesser-known, evil twin called black hat SEO. This term refers to a common trick of cybercriminals. Black hat SEO is meant to circumvent algorithms, exploit weaknesses, and create fraudulent links.


Nightfall DLP enables customer-centric data security for one of the largest movie-ticket retailers

Just when a company thinks they’ve seen it all in cybersecurity, new challenges in data protection keep security leaders on their toes. One of the largest movie-ticket retailers discovered a need to protect sensitive data that could be shared across their productivity tools.

ForgeTalks | Citizen Identity & Access Management

Welcome back to another episode of ForgeTalks! All around the world public sector organizations are trying to provide better and more secure digital experiences for their citizens. Here at ForgeRock, we believe that digital identity can help enable these experiences. With the rise of security breaches, online services, remote citizen and workforce user demands, digital transformation is a must. In this week's episode of ForgeTalks, I was joined by Tommy Cathey, ForgeRock RVP for Public Sector, to talk about citizen identity and access management.

Cybersecurity Experts Discuss: Process, Process, Process

In our next post featuring Ben Harrison, Director SOC and Security Services at Cygilant and Jake McCabe, CISSP, Presales Director at LogPoint, we discuss the power of process in keeping your business secure. modern SOC is 100% process driven. You can’t wait until there is an emergency to work out how you’ll respond. You need to have planned and prepared in advance. That means keeping cybersecurity healthy with continual improvements within your technology, processes, and people.


The Joy of Secure DevOps Demands More Cooks in the Kitchen

In many ways, the DevOps process looks a lot like cooking for a large dinner party—with very short notice. DevOps requires the right blend of technical acumen, automated processes and tools to shorten development cycles and cut costs, empowering developers to serve up high-quality applications (or delicious entrees and desserts) in record time. Just like cooking, DevOps is a methodology that encourages experimentation.


Lookout partners with Google to deliver Zero Trust and BeyondCorp vision for mobile devices

Productivity suites have changed the way we work With the advent of cloud productivity platforms, tablets and smartphones have become an integral part of our work and personal lives. At any time, we are one tap away from accessing the same content as our desktop computers. In some ways, mobile devices have replaced those traditional devices as our main productivity tool. To borrow a line from a current ad campaign for tablets – “your next computer is not a computer.”


5 Key Processes & Controls to Maximize Cybersecurity Effectiveness

As of late, cybersecurity has come to the forefront of the I.T. Industry, and is one of the key functions of any organization. This article will discuss 5 key processes and potential controls you should implement in order to maximize the effectiveness of your cybersecurity efforts, leading to an all-around secure environment.


Cloud Content Governance: Egnyte's Data Security Framework

Are our systems secure? Is our valuable content safe? These are tough questions to tackle when news headlines regularly bombard us with messages of cyberattacks and security breaches. Centrify, a zero-trust and privileged access management provider, reported that 71 percent of business decision-makers are concerned that the move to remote working creates a significant increase in the risk of cyberattacks.


K3s + Sysdig: Deploying and securing your cluster... in less than 8 minutes!

As Kubernetes is eating the world, discover an alternative certified Kubernetes offering called K3s, made by the wizards at Rancher. K3s is gaining a lot of interest in the community for its easy deployment, low footprint binary, and its ability to be used for specific use cases that the full Kubernetes may be too advanced for. K3s is a fully CNCF (Cloud Native Computing Foundation) certified Kubernetes offering.


Shared Responsibility and Configuration Management in the Cloud: SecTor 2020

A number of high-profile data breaches have resulted directly from misconfigured permissions or unpatched vulnerabilities. For instance, the 2017 Equifax breach was the result of exploiting an unpatched flaw in Apache Struts allowing remote code execution. More recently, the Capital One breach last year stemmed from a misconfigured web application firewall. Verizon’s 2020 DBIR reported that only hacking was more prevalent than misconfiguration errors as the culprit of data breaches.

Managing Compliance & Security In A Remote World

There are many advantages to having employees working from home, but there also seems to be significant challenges regarding data security, privacy, and compliance. How can we address these issues? Best practices for securing remote devices Maintaining compliance when employees work remotely Addressing additional risks caused by the COVID-19 Pandemic Regaining visibility into your mobile workforce using technology

Are you ready for ISO SAE 21434 Cybersecurity of Road Vehicles?

The goal of ISO SAE 21434 is to build upon functional safety standard ISO 26262 and provide a framework similar to it for the entire life cycle of road vehicles. The major components of this new standard include security management, project-dependent cyber security management, continuous cyber security activities, associated risk assessment methods, and cyber security within the concept product development and post development stages of road vehicles.


What is MITRE ATT&CK Framework?

If you are in the IT and/or cybersecurity, you must have heard of MITRE ATT&CK framework at least once but do you actually know what it is? Keep reading to learn! The ATT&CK network is developed by the MITRE Corp roughly seven years ago to offer crucial information, support and threat tactics to those who work in cyber security. ATT&CK framework is a living document that grows and gets updated every day.


The 5 Biggest Security Operations Trends Shaping Today's MSSP

While opportunity has never looked brighter for MSSPs, they are still under obligation to solve the very security challenges so many enterprises and SMBs count on them for, all while recognizing that each client environment requires unique attention. This is no easy feat, especially as competition grows and customer expectations become more exacting.

Deepfake Voice Technology Iterates on Old Phishing Strategies

As the world of AI and deepfake technology grows more complex, the risk that deepfakes pose to firms and individuals grows increasingly potent. This growing sophistication of the latest software and algorithms has allowed malicious hackers, scammers and cyber criminals who work tirelessly behind the scenes to stay one step ahead of the authorities, making the threat of attacks increasingly difficult to both prepare for and defend against.


How Cybersecurity Leaders Can Understand the Value of Their Organization's Security Solutions

Information Security leaders have to demonstrate the value and purpose for each solution that’s purchased and prove the solution that was chosen is doing the job it was procured to do. Executives are therefore requiring Information Security leaders to prove the value of the solutions in ways they understand. They need to see the value not in security metrics but in dollars and cents.

Featured Post

Container Inspection: Walking The Security Tightrope For Cloud DevOps

Containers are at the forefront of software development creating a revolution in cloud computing. Developers are opting for containerization at an impressive rate due to its efficiency, flexibility and portability. However, as the usage of containers increases, so should the security surrounding it. With containers comprising of many valuable components it is of the utmost importance that there are no vulnerabilities exposed when developing applications, and risks are mitigated before containers, and their contents, reach the end-user.

Build a resilient cybersecurity framework by transforming your IT team into a security team

More organizations than ever before have shifted to a hybrid work culture to reduce the impact of COVID-19. This unprecedented change has not only given rise to new security challenges, but has also considerably increased the surface area available for an attack. A blend of personal and corporate endpoints in use, geographical spread of resources, and a sharp spike in the overall number of security threats have further complicated the already labor-intensive security landscape.


Five worthy reads: Every month should be Cybersecurity Awareness Month!

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. Organizations on a global scale observe Cybersecurity Awareness Month to educate and instruct their employees on cybersecurity best practices. This week we highlight some cybersecurity trends that are shaping the industry today.


4 Ways CASBs Differ from Cloud DLP

CASBs have traditionally been a popular option for enterprises seeking to secure their data. Both Gartner and Forrester predict that cloud security will continue to be a growing market through the end of 2023. Gartner projections foresee a 20% increase in CASB usage at large enterprises by 2022, while according to Forrester, cloud security will become a $112.7B market by 2023.

Why Should You Care About Bots?

Humans have become a minority of internet users, with automated bot traffic accounting for more than half of all internet traffic. The bots are becoming more sophisticated as they seek to evade detection. This webinar will reveal the true extent of the bot problem and what you can do to solve it with a pioneering approach to bot management, powered by machine learning that identifies even the most sophisticated bots by their behaviour.

The Future of Cyber Security Manchester: What Are Bot Attacks?

Netacea's General Manager, Nick Baglin, talking about a new approach to bots and account takeover at The Future of Cyber Security Manchester 2019. This presentation will reveal the true extent of the bot problem and what you can do to solve it using behavioural machine learning that identifies even the most sophisticated bots.

Fighting back at bots with Scott Helme

Humans have become a minority of internet users, with automated bot traffic accounting for more than half of all internet traffic. However, most businesses do not know the composition of their web traffic, or what that traffic is doing on their websites. A trillion-dollar cyber-crime business has been born out of this environment, at the expense of organisations around the world. As the cyber threat grows, the internet is becoming increasingly unfair and driving businesses to spend roughly $88bn on cybersecurity, with this figure predicted to increase by 1,200% to $1tn in 2021.

When robots strike: The hidden dangers of business logic attacks

When organisations consider how to protect their web applications from attacks, they often focus on security scans and pen tests to identify technical security flaws. While this is absolutely correct, there is another risk that often remains undetected until it is too late: business logic attacks.

Uncovering Bots in eCommerce Netacea Webinar

Up to 40% of traffic to an eCommerce site consists of automated bot traffic, but many eCommerce sites lack the visibility required to accurately identify human traffic vs. good and bad bots. Watch the webinar recording and hear from guest speakers from leading eCommerce organizations who discuss what bots mean for them in 2020, the challenges facing technology leaders and their approaches to managing bot traffic.

Employee PC Monitoring Software

You never have to wonder about what your employees are doing during work hours again. With Veriato, the most robust PC monitoring software on the market, you can monitor every digital move your employees make, regardless of whether they are working in the office or at home. It’s never been easier to keep track of your employees’ digital activity thanks to Veriato.


Cybersecurity Experts Discuss: Plan Your Use Cases

In our fourth post featuring Ben Harrison, Director SOC and Security Services at Cygilant and Jake McCabe, CISSP, Presales Director at LogPoint, we summarize why you need to plan your cybersecurity use cases. Whether you are launching a new cybersecurity program or looking to improve your existing one, a SIEM should play a large part in it’s success. However, it’s important to start small. Don’t get a SIEM in place and simply turn on every dashboard or alert rules on the first day.


GDPR Staff Awareness Training

When it comes to protecting your organization from IT security threats and cyberattacks, your staff are one of your biggest vulnerabilities. For data protection and data privacy compliance, it is no different. On May 25, 2018, the General Data Protection Regulation (GDPR) was passed by the European Union (EU). It imposes strict data protection obligations on any organization who target and/or collect data of EU citizens.


Best Practices for Security in SSH

Secure Shell (abbreviated as SSH) is a network protocol that aims to offer an extra layer of protection. In this article, we will discuss how you can ensure the security of your network using SSH. Keep reading to learn more! With the advancements in technology, many business processes we carry out today heavily relies on the internet, online tools and connected devices.

Security misconfiguration prevention | ManageEngine Vulnerability Manager Plus

ManageEngine Vulnerability Manager Plus is a prioritization driven threat and vulnerability management solution for enterprises with built-in remediation. This video covers how you can utilize Vulnerability Manager Plus' security configuration management feature to continually detect security misconfigurations in your endpoints using a pre-defined set of baselines, and bring them back to compliance.

Detecting Google Cloud Platform OAuth Token Abuse Using Splunk

In a recent post by the Splunk Threat Research team, we addressed permanent and temporary token/credential abuse in AWS and how to mitigate credential exposure. With 94% of Enterprises using a cloud service, and some using at least five different cloud platforms, it’s imperative to stay ahead of threats across multicloud environments. Let’s now turn our attention to Google Cloud Platform (GCP) and how to detect and mitigate OAuth Token Abuse.


The DevOps Guide to Appsec

Web app attacks remain the #1 vector exploited in successful breaches. With agile development, apps run the risk of creating new vulnerabilities or perpetuating old ones on a weekly, daily, even hourly basis, security and risk managers need to step up a programmatic response. Fortunately there's a new, collaborative model for Appsec that organizations can operate in a mostly automated manner. Download our useful DevOps guide and learn how best to operationalize security testing in an agile process.

10 AWS Best Security Practices Guide

More and more companies choose to migrate to a Cloud infrastructure to take advantage of new resources, an elastic storage power and agile deployment, nevertheless IT professionals are not always trained to secure these new technologies. Like traditional infrastructures, a public Cloud infrastructure services requires the implementation of security measures and controls by their users. Enterprises must adapt their security policy to these new technologies to reap the Cloud benefits without increasing their cyberattacks exposure area.

Nightfall Data Loss Prevention makes HIPAA Compliance Possible

Covered entities bound by law to follow HIPAA regulations – like healthcare providers, health plans, and others handling protected health information (PHI) – need to demonstrate efforts to secure PHI. The specific measures required to do so are detailed in the HIPAA security rule which states that covered entities must put controls into place to identify and protect against anticipated threats to the security and integrity of PHI.


You Can Run, But You Can't Hide: Detecting Malicious Office Documents

Malicious Microsoft Office documents are a popular vehicle for malware distribution. Malware families such as Emotet, IcedID, and Dridex use Office documents as their primary distribution mechanism. Several recent Emotet attacks used a novel approach to sending email baits and hosted the malicious documents in cloud apps to increase their success.

ForgeTalks | What are Containerized Directory Services?

Welcome back to another episode of ForgeTalks. This week we tackle how to help organizations prepare for unexpected spikes in consumer demand. I sat down with ForgeRockers Jeff Carpenter, director of product marketing and Ludovic Poitou, director of product management, to discuss the importance of scalability for millions of identities. They explained how our Containerized Directory Services can help you handle massive transaction volumes and millions of identities at thousands of transactions per second.

Cybersecurity Experts Discuss: Frameworks & MITRE ATT&CK

Ben Harrison, Director SOC and Security Services, Cygilant and Jake McCabe, CISSP, Presales Director, LogPoint continue their discussion on modern SOC and SIEM by discussing frameworks. There are many cybersecurity frameworks examples, including NIST and ISO 27001, which provide a roadmap for organizations to protect themselves and their customers. The majority of these frameworks include SIEM, log management, and security detection.


Microsoft 365 vs G Suite - Who to trust with your data privacy

Microsoft 365 (formally known as Office 365) and G Suite are two of the most prominent cloud-based business productivity tools available. With so much increased demand for accessible cloud-based platforms, choosing between Microsoft 365 vs G Suite has never been a more prevalent decision for business owners and IT managers. But also data protection officers (DPOs).


How ZeroNorth is driving the DevSecOps revolution for the good of software

Where software was once on the sidelines of organizational success today, it is front and center—with businesses under more pressure than ever before to deliver more software, at greater speed, with better quality. But as the DevOps movement has accelerated to address these challenges head on, and the processes for developing software have become more distributed, responsibility for securing these applications has splintered.


5 Lessons About Software Security for Cybersecurity Awareness Month

October is cybersecurity awareness month, and this year, the overarching theme is “Do Your Part. #BeCyberSmart.” When considering what “cybersmart” means in application security, we realized we unearthed some data this year that made us a little cybersmarter and could help other security professionals and developers increase their AppSec smarts as well. We’re sharing those data gems below.

The Devil's in the Dependency: Data-Driven Software Composition Analysis

We all know that lurking within even the most popular open source packages are flaws that can leave carefully constructed applications vulnerable. In fact, 71% of all applications contain flawed open source libraries, many (70.7%) coming from downstream dependencies which might escape the notice of developers. Using graph analytics and a broad data science toolkit, we untangle the web of open source dependencies and flaws and show the best way for developers to navigate this seemingly intractable game of whack-a-mole.

Eclipse SW360: Main Features

Over five years ago, Adrian Bridgwater wrote a Forbes article pronouncing that “If Software Is Eating The World, Then Open Source Will Chew It Up (And Swallow).” That statement is just as true today. Open source components have become a basic building block for software developers, providing them with ready-made solutions from a vast community that help them keep up with today’s speedy and frequent release cycles.


Change Management's 'Dirty Little Secret'

Change Management is blind. It is a key IT Service Management process and, undeniably, it's beneficial to plan and schedule changes. But Change Management’s ‘dirty little secret’ is that, despite the comfort blanket of documentation and approvals, you never know what’s really going on. You have no idea what was actually changed, either during the Change Window or at any other time.


Alerts and threat sensors: How Vijilan Security uses Humio

When ransomware attacks can begin encrypting data in seconds, it’s vital to have systems in place to detect the attacks as they are occurring. Vijilan Security provides security information and event management (SIEM) services to users, leveraging the live streaming alerts Humio can provide and using their security expertise to draw attention to the real, most pressing threats to users.

Sponsored Post

Validating your IT environment, discovering browser extensions & more with EventSentry v4.2

This latest update to EventSentry improves your security posture with validation scripts, simplifies IT troubleshooting for both administrators and users, gives you visibility into installed browser extensions along with many other usability improvements in the web reports.


Get smart and stay safe: Best practices to protect you from digital financial fraud

The past two years have seen a 391% rise in fraudulent attempts that target digital transactions around the world. The research carried out by TransUnion also saw a specific increase of 347% in relation to account takeover so the average consumer needs to up their understanding of financial fraud risks. When data breaches and cyberattacks occur, it impacts society in various ways like lowering consumer trust and damaging foreign politics.


How Tripwire Custom Workflow Automation Can Enhance Your Network Visibility

Tripwire Enterprise is a powerful tool. It provides customers insight into nearly every aspect of their systems and devices. From change management to configuration and compliance, Tripwire can provide “eyes on” across the network. Gathering that vast amount of data for analysis does not come without challenges. Customers have asked for better integration with their processes and third-party tools.


Achieving Compliance with Qatar's National Information Assurance Policy

Qatar is one of the wealthiest countries in the world. Finances Online, Global Finance Magazine and others consider it to be the wealthiest nation. This is because the country has a small population of under 3 million but relies on oil for the majority of its exports and Gross Domestic Product (GDP). These two factors helped to push the country’s GDP measured at purchasing power parity (PPP) to over 132,886, per Global Finance Magazine’s findings in August 2020.


The Most Disruptive Black Friday Outages of 2019

Major eCommerce businesses experienced technical difficulties on their websites during Black Friday 2019. And this isn’t something retailers can afford, when Black Friday is traditionally the day retailers roll out their biggest online discounts. As Black Friday approaches, many websites will see a spike in traffic which means an increase in bot activity. Are bots hiding in your holiday traffic?


Data Protection Compliance for the Insurance Industry

Insurance companies are desirable targets for cyber attackers because they work with sensitive data. To ensure the safety of customers’ personal information, insurance companies have to follow strict data protection requirements. These requirements oblige companies to implement the best cybersecurity practices or face considerable fines for non-compliance. In this article, we discuss data protection compliance for insurance companies and how to safeguard customer data.


Cybersecurity Experts Discuss: Demonstrable Customer Security Value

These four words embody a modern SOC and security service. Security is a game of trust and reputation. All SIEM and SOCs must demonstrate customer security value to instill confidence. Your service and tools must offer a monthly heartbeat and flexibility to deliver what customers want from security in a format they can consume.


Data Management on Logsign SIEM: What you must know

Log data plays an unparalleled role in the operation and functioning of a SIEM solution. Or in other words, logs are intrinsic for an effective SIEM solution. Without incoming log data from a variety of different sources in your IT infrastructure, a SIEM essentially becomes useless. In our previous posts, we have explored a variety of features of Logsign SIEM concerning dashboards, reports, search queries, alerts, and behavior definitions.


Local File Inclusions, explained

When building a web application, developers must focus on both user functionality and user security. A single security issue can have a dramatic impact on the credibility of your organization and the security of your users. Server-side scripting languages, like PHP and JavaScript, use inclusions to open files. An “inclusion” refers to dynamically loading a file that your application needs.


How to Safely Collect and Store Patient Data

With telemedicine, cloud storage, and electronic record-keeping on the rise, patient data has found itself a common target for hackers. As a result, healthcare organizations must adapt and become even more diligent in their protection of sensitive patient and financial data. Fortunately, the right technology and protocols can minimize your risk of attack and help keep your patient data secure. This post covers the most important security factors for collecting and storing patient information.

ManageEngine PAM360: An overview

PAM360 is a comprehensive solution for businesses looking to incorporate PAM into their overall security operations. With PAM360's contextual integration capabilities, you can build a central console where different parts of your IT management system interconnect for deeper correlation of privileged access data and overall network data, facilitating meaningful inferences and quicker remedies. In this video, our product expert will give you an overview of PAM360 software.

Remote Work, Threat Fatigue, and Budget Constraints: 3 Priorities for Cybersecurity Heading into 2021

Disagreement is one of the defining trends of 2020. However, I think most of us would agree that this year hasn’t turned out to be the kind of year that many of us anticipated when we celebrated on December 31st. Difficulty abounds on many fronts, reducing our ability to operate with precision and excellence. For companies balancing concerns about employee health, adjusting to a new hybrid workforce, and responding to shifting consumer demands, the challenges are many.


A guide to the OWASP Top 10 Web Application Security Risks

Recognised by developers and security professionals around the world, the OWASP Top Ten outlines key vulnerabilities which affect web application security. It was created by the Open Web Application Security Project (OWASP), a not-for-profit foundation which supports organisations to improve the security of their web applications. First published in 2003, the Top 10 is updated every three years, with OWASP currently accepting submissions to help produce the next iteration of the framework.


It's All About Access: Remote Access Statistics for Public Cloud Workloads

“The more things change, the more they stay the same.“ In the recent Equinix breach in September 2020, 74 RDP servers were exposed to the Internet. Any publicly exposed ports are a risk but remote access protocols such as RDP have had their share of critical vulnerabilities (e.g., BlueKeep in 2019).


How Your Business Can Benefit From Card Issuing APIs

FinTech isn't new, but the reach of its usefulness continues to spread into unexpected areas. One such area is card issuing. Card issuing is the ability of financial institutions to issue debit or credit cards—either physical or virtual. This might not seem like much, but when combined with new business needs and consumer trends we start to see interesting use cases crop up.


Cybersecurity Experts Discuss: Doing the Basics Well

In a series of blogs, we cover why a modern SIEM and SOC are essential in fighting today's cyber threats. Here is a summary from a discussion between Ben Harrison, Director SOC and Security Services, Cygilant and Jake McCabe, CISSP, Presales Director, LogPoint. The cornerstone of a modern SOC and modern SIEM is that the basics are not forgotten. The essence of good security is doing the basics well.


The BSIMM: Five key steps to a better software security initiative

If you care about software security—and you should, since to be in business today means that no matter what you do or produce, you’re also a software company—you should be interested in the Building Security In Maturity Model (BSIMM). It can serve as a roadmap to better security.


Using Open Policy Agent to safeguard Kubernetes

Open Policy Agent addresses Kubernetes authorization challenges with a full toolkit for integrating declarative policies into any number of application and infrastructure components. As more and more organizations move containerized applications into production, Kubernetes has become the de facto approach for managing those applications in private, public and hybrid cloud settings.


A New Framework for Modern Security

We are in the midst of an unprecedented convergence of events that are forcing enterprises to dramatically change how they secure their modern businesses. With the acceleration of digital transformation from COVID-19, work-from-home initiatives, the continued growth of SaaS and the increasing adoption of microservices-based applications, the modern enterprise threat landscaping is transforming rapidly.


Image scanning for Google Cloud Build

In this article, you will learn how to add inline image scanning to a Google Cloud Build pipeline using the Sysdig Secure DevOps platform. We will show you how to create a basic workflow to build your container image, scan the image, and push it to a registry. We will also customize scanning policies to stop the build if a high-risk vulnerability is detected.


Insider threats: What are they and how to prevent them

Companies need to establish a secure system to avoid insider threats and other online issues that could destroy a business. There are different online threats that businesses face every day. The most common of which is phishing attacks were the victim accidentally clicks on an unsafe link and log in. Other commonly known threats to businesses are malware, ransomware, weak passwords, and insider threats. Most of these online attacks are due to what is known as insider threats.


Zerologon: Tripwire Industrial Visibility Threat Definition Update Released

Today, we released a Threat Definition Update bundle for our Tripwire Industrial Visibility solution to aid in the detection of Zerologon. Otherwise known as CVE-2020-1472, Zerologon made news in the summer of 2020 when it received a CVSSv3 score of 10—the most critical rating of severity. Zerologon is a vulnerability that affects the cryptographic authentication mechanism used by the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory.


File Integrity Monitoring (FIM): Your Friendly Network Detective Control

Lateral movement is one of the most consequential types of network activity for which organizations need to be on the lookout. After arriving at the network, the attacker keeps ongoing access by essentially stirring through the compromised environment and obtaining increased privileges (known as “escalation of privileges”) using various tools and techniques. Attackers then use those privileges to move deeper into a network in search of treasured data and other value-based assets.

Securing Cloud Environments: Staying on top of cloud configurations to prevent data leaks.

Securing Cloud Environments: Staying on top of cloud configurations to prevent data leaks with PJ Norris, Senior Systems Engineer. Shares new research Shows common mistakes Offers solutions that help with hardening and compliance in the cloud

Announcing Polaris support for GitHub Actions

Security and development teams are increasingly adopting DevOps methodologies. However, traditional security tools bolted onto the development process often cause friction, decrease velocity, and require time-consuming manual processes. Manual tools and legacy AppSec approaches limit security teams’ ability to deliver the timely and actionable security feedback needed to drive improvements at the pace of modern development.


Veracode Makes DevSecOps a Seamless Experience With GitHub Code Scanning

Developers face a bevy of roadblocks in their race to meet tight deadlines, which means they often pull from risky open source libraries and prioritize security flaws on the fly. In a recent ESG survey report, Modern Application Development Security, we saw that 54% of organizations push vulnerable code just to meet critical deadlines, and while they plan for remediation on a later release, lingering flaws only add to risky security debt.


SIEM Alerts Best Practices

Security Information and Event Management (SIEM) tools play a vital role in helping your organization in discovering threats and analyzing security incidents. Logsign’s internal team continuously makes correlation rules and alerts so that your team’s workload is minimized. In our previous posts, we discussed generating important reports and deriving maximum possible benefits from use cases. In this article, we will be discussing SIEM alerts best practices.


Detect Ransomware in Your Data with the Machine Learning Cloud Service

While working with customers over the years, I've noticed a pattern with questions they have around operationalizing machine learning: “How can I use Machine Learning (ML) for threat detection with my data?”, “What are the best practices around model re-training and updates?”, and “Am I going to need to hire a data scientist to support this workflow in my security operations center (SOC)?” Well, we are excited to announce that the SplunkWorks team launched a new add-


Gaining holistic visibility with Elastic Security

Let’s talk visibility for a moment. Security visibility is a data-at-scale problem. Searching, analyzing, and processing across all your relevant data at speed is critical to the success of your team’s ability to stop threats at scale. Elastic Security can help you drive holistic visibility for your security team, and operationalize that visibility to solve SIEM use cases, strengthen your threat hunting practice with machine learning and automated detection, and more.


Zero Trust Architecture: What is NIST SP 800-207 all about?

“Doubt is an unpleasant condition, but certainty is an absurd one.” Whilst I claim no particular knowledge of the eighteenth-century philosopher Voltaire, the quote above (which I admit to randomly stumbling upon in a completely unrelated book) stuck in my mind as a fitting way to consider the shift from traditional, perimeter-focused ’network security’ thinking to that of ‘ZTA’ (Zero Trust Architecture.)


Deep packet inspection explained

Deep packet inspection (DPI) refers to the method of examining the full content of data packets as they traverse a monitored network checkpoint. Whereas conventional forms of stateful packet inspection only evaluate packet header information, such as source IP address, destination IP address, and port number, deep packet inspection looks at fuller range of data and metadata associated with individual packets.


Ransom Payments Could Result in Civil Penalties for Ransomware Victims

Victims of ransomware attacks could potentially receive civil penalties for making ransom payments to a growing list of threat actors. On October 1, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) revealed that it could choose to impose civil penalties on ransomware victims who make ransom payments to malicious actors whom it has designated under its cybe