November 2020


The perfect storm: How digital transformation is reshaping security and networking

Think back to the end of 2019. Enterprises were evolving IT infrastructure at a moderate pace to reduce costs, be more competitive, and improve their ability to adapt to an increasingly digitized world. Whether migrating workloads to the cloud, virtualizing network functions, diversifying mobility, or moving applications and services closer to the edge, digital transformation was steadily evolving the business landscape.


Insider Threats: Risk Assessment Considerations for Remote Work

The outbreak of COVID-19 has led many businesses to transition a large number of employees to remote work. The shift could end up becoming a long-term trend; it’s expected to continue after the pandemic ends. Therefore, it is more important than ever to develop strategies for managing and responding to risks within your organization. Internal risk management procedures will need to adapt to the issue of insider threats, a challenge which is compounded by remote work.

Tripwire Enterprise for Secure Configuration Management (SCM)

As the industry's leading Secure Configuration Management (SCM) solution, Tripwire helps reduce your attack surface and risk exposure with proper system hardening and continuous configuration monitoring. See how Tripwire enables you to maintain a secure baseline configuration, monitor assets for deviations, while automating and guiding security teams for rapid repair of non-compliant systems and misconfigurations.

How Understanding User Privacy Can Improve Your Cybersecurity

User privacy and cybersecurity are two terms that often get used interchangeably when we talk about protecting our information on the internet. However, privacy and security are different areas of practice – only recently have these two areas come to intersect. In 2018, Harvard Business Review reported, “[P]rivacy and security are converging, thanks to the rise of big data and machine learning.


Configure security tools for effective DevSecOps

Managing security vulnerabilities and false positives is a challenge in today’s DevSecOps environment. Configure the right tools correctly to avoid overload. To do a job well, you need the right tools. But it’s just as important—perhaps even more so—to use those tools correctly. A hammer will make things worse in your construction project if you’re trying to use it as a screwdriver or a drill. The same is true in software development.


Detectify security updates for November 30

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.


Hacking Christmas Gifts: Putting IoT Under the Microscope

If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their possible security implications.


What Is Configuration Management and Why Is It Important?

Configuration management (CM) is a systems engineering process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. Configuration management is a form of IT service management (ITSM) as defined by ITIL that ensures the configuration of system resources, computer systems, servers and other assets are known, good and trusted. It's sometimes referred to as IT automation.


Weekly Cyber Security News 27/11/2020

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Social engineering attacks are really common, perhaps due to customer service staff being constantly told to present a helpful persona, especially in these tough times where customer retention is important. Vigilance and process are your best friends here.

outpost 24

How to mitigate Ransomware attacks

Ransomware is a serious security threat affecting companies of all sizes and industries. While the symptoms (an attack) can be extremely damaging and disruptive, the solution can be simple - proactive prevention through a heavy dose of security hygiene. Here we cover the basics of Ransomware and top tips for securing your organization against it.


Microservices Architecture: Security Strategies and Best Practices

Over the past few years enterprises and industry leaders have been steadily adopting microservices to drive their business forward. At this point, companies like Amazon, and Google, to name a few, must agree that the microservices style of architecture is much more than a passing trend. Along with the many benefits of updating monolith systems to microservices architecture, there are also new security challenges that organizations need to address.


Emergence of Liveness detection with OCR capabilities for onboarding new customers

A sudden surge in acceptance of digital onboarding was observed during 2020.This new reality makes the onboarding of new customers a riskier affair. Over 90% of customers think that companies “could do better” when it comes to onboarding new customers. Either enterprises must collect a lot of information to ensure that onboarding customer is authentic which leads to high dropouts or by collecting less information to maintain user experience they jeopardize their security.


Emerging Public Cloud Security Challenges in 2020 and Beyond

According to last year’s Gartner forecast, public cloud services are anticipated to grow to $USD 266.4 billion by the end of this year, up from $USD 227.8 billion just a year ago. Clearly, cloud computing is making its way to cloud nine, (See what I did there?) leveraging the sweet fruits of being in the spotlight for a decade. However, the threats to public cloud security are growing at the same rate.


Best Tools for Building Your DLP Tech Stack

Most organizations are aware that data loss prevention must be a top priority – but few understand how different tools and policies must be leveraged in combination to create complete, 360-degree protection for critical data. Data loss prevention (DLP) has traditionally focused on securing data on devices – laptops, phones, and internal company networks.


Keeping Your Data Safe in the "Gig Economy"

As workforces continue to evolve and adapt to the COVID-19 pandemic, the door is open for organizations to hire workers from anywhere around the country to offer their skills remotely as needed, often as a freelancer or gig worker. While this outgrowth of the burgeoning gig economy stands to benefit many businesses in need, it’s important that you assess your risk of utilizing gig workers and freelancers.


ForgeRock Tops KuppingerCole Leadership Compass for CIAM

Once again, ForgeRock’s Customer Identity and Access Management solution has been recognized as a leader for its ability to help companies deliver exceptional digital experiences while ensuring that security, privacy, and compliance needs are met. This time, the honor comes from KuppingerCole, who named ForgeRock an overall leader in the KuppingerCole CIAM Platforms Leadership Compass Report, 2020. In the report, ForgeRock leads the way in product, innovation, market, and overall categories.


AppSec Decoded: The consequences of insecure IoT devices

Watch the latest video in our AppSec Decoded series to learn why manufacturers should consider building security into their IoT devices. Application Security Decoded: Manufacturers should build security into their IoT devices | Synopsys - YouTube An error occurred. Try watching this video on, or enable JavaScript if it is disabled in your browser.


eCommerce Security : Cyber Threats & Best Practices (2021)

Before the eCommerce growth, traditional stores were targeted with Point of Sale and general cyber security risks. This equation is different and more complex today. It is difficult to talk about the best security practices without discussing cyber security risks challenging eCommerce sector growth. It is also a recommended read if the reader is considering sourcing eCommerce solutions to improve their eCommerce business security.


Continuously Hack Yourself because WAF security is not enough

Have the WAF security companies got you thinking that a firewall is enough? In a modern landscape, development and security move faster, and so do web application vulnerabilities. Unfortunately, WAF doesn’t prevent many of these events, and hackers of all hats have known ways of bypassing WAF to exploit common and creative web vulnerabilities.


The Second Critical Step to Building the Modern SOC

The new Devo eBook, Building the Modern SOC, presents four evolutionary steps for creating a highly automated and efficient security operations center (SOC) that empowers analysts. This is the second in a series of posts about the four steps that highlight some of the most important concepts. The first post covered Step 1, which is about establishing a foundation of centralized, scalable visibility. This post excerpts Step 2, extracting intelligent insights from your data.


How to query logs in Humio to detect brute force attacks

This month’s featured query can help you uncover successful brute force login attempts. The query finds at least three failed login attempts followed by at least one successful login attempt. While it could be left out, the selfjoinfilter enables you to search very large datasets for this kind of data.


IT security under attack blog series: Instant domain persistence by registering a rogue domain controller

In this blog in the IT security under attack series, we will learn about an advanced Active Directory (AD) domain controller (DC) attack to obtain persistence in AD environments. Dubbed DCShadow, this is a late-stage kill chain attack that allows a threat actor with admin (domain or enterprise admin) credentials to leverage the replication mechanism in AD to register a rogue domain controller in order to inject backdoor changes to an AD domain.


What is Third-Party Risk Management?

Creating and maintaining relationships with third parties brings about multiple risks. Whether your organization is large or small, it’s almost certain that you have business relationships with many third parties for specific types of operations. When operational data and confidential information are exchanged with third parties, that data and information are vulnerable to misuse and exploitation. This is where risk comes into the equation.


Is Cybersecurity Smart Enough to Protect Automated Buildings?

Imagine that you are in an elevator in a high rise building when suddenly the elevator starts to plummet with no apparent stopping mechanism other than the concrete foundation below. While this may sound like something from a Hollywood movie, consider the idea that a securely tethered, fully functional elevator is as vulnerable as it is smart.

Longwall Security: An MSSP-SOAR Case Study from Siemplify

Hear from U.K.-based MSSP Longwall Security describe how it turns to SOAR from Siemplify to expeditiously close hundreds of thousands of events, literally wowing customers and allowing its security experts to leave the menial work to automation technology as its human experts hunt for threats and respond to active incidents.

Foresight Mental Health is changing mental health care for the better with DLP in mind

Industry: Healthcare Employees: 244 HQ Location: San Diego, CA Keely Strong, Director of Operations Complex problems, like delivering high quality mental health services during a pandemic, require creative thinking. Foresight Mental Health began at the intersection of ingenuity and necessity: changing the way people interact with and think about mental health care by creating accessibility through the use of insurance plans and increasing provider availability.


Here Comes 2021: 5 Safe Bets and 5 Long Shot Predictions

As we learned in 2020, vendors predict, and the universe laughs. But this year we polled our experts at Netskope to get their view of the year to come. Here’s how we see 2021 shaping up for networking and security, in the form of some pretty safe bets, and some harder calls. As more organizations consolidate and move away from appliance-based security technologies, IT and security teams will realize the cost savings and operational efficiencies the move to cloud brings.

UpGuard November 2020 product releases and roadmap

Keynote address from our Chief Product Officer about this quarter's latest features, and a sneak peek into our February 2021 product launch. UpGuard's integrated risk platform combines third party security ratings, security assessment questionnaires, and threat intelligence capabilities to give businesses a full and comprehensive view of their risk surface. This quarter alone, UpGuard has released over 30 features to the UpGuard platform, including 6 major releases.

UpGuard Summit opening keynote: Security in 2020

UpGuard co-founder and co-CEO, Alan Sharp-Paul shares UpGuard’s journey in the complex year of 2020 and what the shift to remote work means from a security standpoint. UpGuard helps businesses manage cybersecurity risk. UpGuard's integrated risk platform combines third party security ratings, security assessment questionnaires, and threat intelligence capabilities to give businesses a full and comprehensive view of their risk surface.

Understanding an API Provider's Privacy Policy

Regardless of what industry your company belongs to, you are obligated to think about the privacy of your customers. Not only is it good business, but privacy expectations have been set through regulations like the EU’s General Data Protection Regulation (GDPR), California’s Consumer Privacy Act (CCPA), and many others across the world.


20/20 hindsight shows that foresight wasn't 20/20

In a year marked by unprecedented challenges, we revisit the 2020 cyber security predictions to see which projections held up and which ones didn’t. ’Tis the season. No, we’re not talking about the holidays—Thanksgiving, Hanukkah, Kwanzaa, Christmas, and others. In the world of cyber, ’tis the season for speculation. Every year around this time, experts dust off their crystal balls and tell us what to expect in the coming year.


State of Software Security v11: Key Takeaways for Developers

We recently released volume 11 of our annual State of Software Security (SOSS) report, which analyzes the security activity and history of applications Veracode scanned during a one-year period. Giving us a view of the full lifecycle of applications, that data tells us which languages and vulnerabilities to keep an eye on, and how factors like scanning frequency can impact your remediation time.


SIEM Solutions and Data Protection Compliance

Security Information and Event Management (SIEM) systems are vital to each organization. They transform simple event logs from various applications to detailed, in-depth behavior analysis thanks to advanced visualizations and analytics and sometimes machine learning and AI. They contain a palette of aspects covering the most crucial information security issues.


Peace out this holiday season by securing every transaction against card-not-present fraud

We are about to enter the most wonderful time of the year. As consumers increasingly turn towards online and mobile commerce, are you confident in your card-not-present fraud detection capabilities? 2020 has been a year of great surprise and change. While the global health pandemic has changed how we physically interact with each other, it has also revolutionized how we shop.


Using Open Policy Agent for cloud-native app authorization

How companies like Netflix, Pinterest, Yelp, Chef, and Atlassian use OPA for ‘who-and what-can-do-what’ application policy. In the cloud-native space, microservice architectures and containers are reshaping the way that enterprises build and deploy applications. They function, in a word, differently than traditional monolithic applications.


KubeCon 2020 Highlights and Key Takeaways

The Cloud Native Computing Foundation’s (CNCF) flagship Kubernetes and cloud-native conference went completely virtual this year. KubeCon + Cloud-NativeCon North America took place last week over four days (November 17-21) with many unique sessions and topics. The keynote sessions took place from Wednesday to Friday for 2 hours each. Speaker sessions lasted 45 minutes and covered many different topics. Unfortunately, attendees could only focus on a single session at a time.


Remote Work and Data Security: The Human Factor

If you read our earlier blog, you know Egnyte commissioned a study to better understand how COVID-19 has impacted businesses’ ability to maintain data security and governance with a distributed workforce. The results can be found in our inaugural Data Governance Trends Report. The report offers insights into tools that the 400 IT leaders implemented to help weather the abrupt change, but it also explains the human side of data protection and governance in the age of COVID.


How Sumo Logic's Cloud SIEM Uses MITRE ATT&CK to Develop Content

As cloud applications and services become more and more common amongst organizations, adversaries will continue to evolve their toolset to target and penetrate cloud networks. With the rise in remote employees and teleconferencing, cloud computing for organizations has never been so important. Cloud computing can provide access to resources from all over the world, which is great for both good and bad actors.


The Future of Ransomware: Preparing for the Next Generation of Ransomware Attacks

Ransomware has been the scourge of cybersecurity and may have led to a recent death. Now it soon may get way more dangerous The threats to cybersecurity are constantly evolving. As security teams develop solutions to the threats, malicious actors change their tactics to keep chasing their ill gotten gains. After all, the Game is the Game. And the game keeps changing. In recent years, ransomware has been the weapon of choice for hackers looking for a payday.


Anti-Fingerprint Browsers: What You Need to Know

Client-side technology (such as JavaScript) can be used to create a unique “fingerprint” for a specific device/browser combination, which can be used to modify functionality or detect returning users. Some fraud prevention tools will use fingerprinting to block transactions from browsers that have been previously identified as insecure or involved in fraudulent activity.


4 Emerging SaaS Security Risks to Consider in 2021

Last year, we wrote about the threat landscape we saw on the horizon for 2020 in our SaaS threat landscape post. Focusing on apps like Slack, we honed in on the risks that would matter in 2020. Although our analysis was written well ahead of the COVID-19, some of our concerns were exacerbated as a result of the pandemic. With the pandemic continuing into 2021, we wanted to take the time to review the state of cloud adoption in 2020 and update our threat assessment going into the new year.

Demo: Using Netskope policies to deliver Okta authenticated access to any cloud application

When Okta is integrated with Netskope's Next Generation Secure Web Gateway (NG SWG) it becomes possible to apply strong authentication to any cloud application. This demo shows how Netskope can challenge a user for Okta authentication when they attempt to access an unmanaged cloud application.

Demo: Using Netskope policies to deliver Okta authentication challenges based on risky user behavior

When Okta is integrated with Netskope's Next Generation Secure Web Gateway (NG SWG) it becomes possible to challenge users for authentication when they perform risky activities. In this example, the uploading of sensitive data to a cloud application will trigger an authentication challenge before allowing the activity to complete.

Demo: Netskope preventing data exfiltration to personal devices from cloud apps managed by Okta

When Okta is integrated with Netskope's Next Generation Secure Web Gateway (NG SWG) it becomes possible to apply data protection policies to unmanaged devices accessing managed cloud applications. These policies are typically configured to prevent the downloading of sensitive data from cloud applications to personal or BYOD devices.

A 2019 Visionary in Access Management Is Now a 2020 Leader

Gartner has just published the 2020 Gartner Magic Quadrant for Access Management* report, which includes the latest deep marketplace insights on this rapidly evolving sector. In the 2020 Gartner Magic Quadrant for Access Management, ForgeRock has just been named a Leader. We were scored among highest 3 scores across all use cases in the 2020 Critical Capabilities for Access Management.


SME 2021 Cybersecurity Predictions

With 2020 (finally) coming to a close, It’s that time of year where small and mid-size enterprises (SMEs) reflect on the past year and plan for the future. While no one could have predicted what a wild year 2020 was, we here at Cygilant spent time thinking about the cybersecurity challenges our clients will face in 2021. So here are four predictions that SMEs should prepare for in 2021: Looking to improve your cybersecurity in 2021?


Malware reverse engineering - All you need to know

Among all threats, the one that keeps organizations on their toes is malware. When a system is discovered being infected with malware, organizations want to know how it must have impacted the system, if the threat is ongoing and what data would they have lost to malware. While these are indeed tough questions, reverse engineering helps them tide over these challenges and gives them the edge to take action well in time.


Sporact - A case management tool for CISOs

Organizations with understaffed security operations team and small budgets often find themselves struggling with ways to mitigate cyberattacks. The challenge is even greater since cyberattacks come at machine speeds and are often made using novel, ingenious methods. Such organizations can now seek respite from SOAR - Security Orchestration, Automation and Response.


Questions to Ask Before Investing in a SOAR Platform

The state of enterprise cybersecurity is becoming increasingly complex, thanks to the growing number of malicious threats. According to Gartner, a burst of varied security alarms are terrorizing the cyber landscape. However, there are very few efficient people or processes to help organizations deal with them. In 2017, the research company came up with an innovative and powerful approach to address and deter catastrophic cyber threats to enterprises - SOAR!


How to Test Your Incident Response Plan: Everything You Need to Know

Cyber threats are constantly evolving. All systems, people and processes around us are unceasingly dependant on technology. Even the most sophisticated cyber defense frameworks that seem virtually impenetrable can be breached by unauthorized intrusions. This escalates the need to formulate a steadfast incident response plan and conduct regular tests to assess its capabilities.


Malware Sandboxing 101: The Ultimate Guide

The enterprise security architecture is under constant threat, thanks to the persistent sophistication of evasive malware that has the potential to cripple the cybersecurity framework of businesses. Even the most superior commercial malware analysis tools often fail to recognize and analyze unforeseen intrusions. The reason? - Advanced Persistent Threats (APTs)


XML External Entity (XXE), explained

Web application security has gained a lot of recent interest. The quality and skills of hackers have improved over time. So it’s important for the defenders of an application to strengthen its protections and increase their visibility. Part of doing this is to stay informed about common vulnerabilities. Every year OWASP puts out a list of the top 10 web application security risks. One of these top risks is the XML External Entity vulnerability, aka XXE.


Data Protection in the Age of Kubernetes

Software containers are at the heart of cloud-native business transformation initiatives. Containers are a natural evolution from virtual machines to a more granular and portable application environment in clouds. They are designed to support rapid development and deployment of cloud-native applications in what is called a DevOps model, a set of practices that combines software development and IT operations.


How to Define Your Security Posture, and Why it Matters

Not only do cybersecurity organizations need to deliver the level of security required to protect corporate assets, they also need to align with the strategic goals and objectives of the business. By defining, establishing and managing your organization's cybersecurity posture, you can deliver the results needed for the business to be successful.


From Alan Turing to Future Artificial Intelligences - Reading Security Signals

The notion that the time we are living in now is “unprecedented” is a common one, but historians and philosophers alike will happily note that things are rarely so different that we can’t learn a lot from the past. Despite IT often being dominated by forward-thinking individuals developing novel and innovative new designs, a lot of the problems and potential solutions for IT security are ones that have stood the test of time.


Apple-Notarized Malware: What It Is and How It Affects Mac Users

Malicious actors are targeting Apple. Although Apple introduced a notarization mechanism to scan and prevent malicious code from running on Apple devices, attackers have found ways to circumvent this process. Such Apple-notarized malware constitutes a threat to macOS users. Let us start by exploring what Apple notarization is. We will then discuss some recent examples of Apple-notarized malware and some prevention techniques.


Case Management - SOAR cybersecurity pitfalls to avoid | Anlyz

Gartner predicts that by the end of 2020, 15% of organizations with a security team of more than five security professionals will leverage SOAR. This is primarily because Security Orchestration Automation and Response has transformed cybersecurity case management at enterprises by addressing alert overload and bringing together disparate security systems seamlessly.


Building incident response plan - SOAR cybersecurity | Anlyz

Cybersecurity breaches are at a record high and the trends indicate that the situation is nowhere close to dying out. The past year has seen a surge of attacks on global business giants narrating their experiences and spelling out that expensive resources and tools are not enough to defend an organization from security threats. (Bold, Italics) So, what is it that businesses need to do to ensure that their security system is immune to attacks?


Signs Your Organisation is at Risk of a Ransomware Attack | Anlyz

According to Cybersecurity Ventures, a new organisation is going to be vulnerable to a ransomware attack every 11 seconds by 2021. Behind these rising numbers of ransomware threats are cybercriminals who are increasingly pushing these malicious file-encrypting elements into enterprise systems and networks.


The relevance of Cloud SIEM in 2020 | Anlyz

In the cybersecurity landscape, security analysts are not only fighting malware and cybercriminals on a daily basis but also dealing with large volumes of data overflow from their own networks. In this regard, Security Information and Event Management (SIEM) has been a welcome cybersecurity tool for real-time tracking and investigating security events and log data.


Cybersecurity risks at the time of coronavirus pandemic | Anlyz

Uncertain times have befallen the world right now, with netizens claiming that the present reality is straight out of an apocalypse movie. The coronavirus pandemic is wreaking havoc on the business community, slowing down growth and contributing to economic losses. While social distancing is the only known way to address the growing threat of this deadly disease, it has opened up new challenges related to remote work.


Incident response tabletop lessons - SOAR solutions | Anlyz

To build an exceptional security posture, organizations cannot just implement a case management platform and let it rust. With the evolving threat landscape, security tools and systems need to be checked periodically to test their relevance and to bring the employees up to speed with its functionalities. When a disaster hits, people and processes should be ready to tackle the threat head-on. This makes planning and testing the plan a key element towards the right incident response strategy.


How can SOAR cybersecurity help fight Phishing | Anlyz

In the cybersecurity domain, phishing is not a new matter of concern. In our previous blog posts, we have talked about the rising sophistication of modern threat elements. But the nature of data breaches and malware infections due to phishing has remained the same since the time cybercrime gained momentum. This loosely translates to the fact that there has been a lack of efficient phishing mitigation tools in the disposal of enterprise security teams.


Combating mega data breaches with SOAR cybersecurity in 2020 | Anlyz

According to a study conducted by IBM, the cost of a data breach has increased 12% over the last 5 years. The estimated cost globally is $3.92 million on average. The predictions are even more concerning for small and medium-sized businesses with employees less than 500. For such companies whose average annual revenue does not cross $50 million, losses of $2.5 million on an average can be potentially crippling.


Best Practices of How to Implement SIEM Software | Anlyz

In our previous articles, we have discussed the importance and need for SIEM security software in the landscape of enterprise cybersecurity. SIEM tools have proven to play a significant role in providing real-time analysis of advanced security alerts, log and event data generated by systems and hardware in the company’s IT infrastructure.


Zero-day exploits - malware analysis tools | Anlyz

Did you know that information and sensitive data loss accounts for 43% of the recovery costs after a cyber attack has taken place? According to Cybercrime Magazine, the cybercrime landscape is quickly becoming more profitable than the illegal drug trade! Indeed, data is the new fuel. As per estimates, it is known that enterprises take almost six months to realize that there has been a data breach.


Types of malware analysis procedures | Anlyz

Did you know that 4.1 billion sensitive records were exposed in the first half of 2019 due to data breaches? Poor cybersecurity practices and the lack of awareness about the growing sophistication of threat elements are still the primary reasons for malware intrusions into enterprise systems. Cybercriminals are becoming increasingly efficient in packaging the malicious entities in forms that do not raise suspicion - for instance, an MS Word file or an email attachment.


Five worthy reads: The rise in credential stuffing attacks

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week we explore how credential stuffing attacks are evolving and why they pose a greater threat than meets the eye. Credential stuffing is perhaps the simplest form of cyberattack, but it continues to make headlines despite its lack of sophistication. It has become the attack method of choice for cybercriminals primarily because of its high success rate and ROI.


Hindsight 2020: Revisiting Netskope's Cybersecurity Predictions for the Year No One Saw Coming

2020, as a year, has been anything but predictable, but we’re proud to say we got even a few things right. Here’s a look back at some pretty big trends, a couple of things that sort of happened, and at least one big miss.


What is clickjacking and how can I prevent it?

Cyber attackers are continuously cultivating their methods to evade detection. Now, they can cloak a seemingly innocuous webpage with an invisible layer containing malicious links. This method of attack, known as clickjacking, could cause you to activate your webcam or transfer money from your bank account. In this post, we outline the different types of clickjacking attacks and teach you how to best defend yourself against this application security threat.


Grow your Small Business with Workforce Intelligence

Did you know that collecting data regarding employee behaviors and patterns can help business owners create accurate, efficient business plans? Companies are using workforce intelligence to accurately and objectively build stronger internal organizations using big data. Workforce intelligence uses a combination of artificial intelligence, SaaS tools, analytics, and visual reporting to help employers oversee and manage employees more effectively.


Gamifying cyber security training

At Bulletproof, we know that different people learn in different ways. So when a healthcare provider came to us needing an innovative, engaging way of delivering security awareness training, we stood ready to deliver. The healthcare provider in question was St Andrews Healthcare – providers of specialist care for people with challenging mental health needs. Being a company that works with vulnerable individuals, staff awareness of cyber security is essential.


Calligo joins the world's Top 100 Public Cloud MSPs

Calligo ranked as one of the strongest Public Cloud MSP globally, based on its Microsoft Azure skills and scale, and the standing of its public cloud platform, CloudCore In the third annual global index of Public Cloud MSPs - the top managed IT service providers (MSPs) that support customers on Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP) and more – Calligo has been included at 98th.


Rickard Carlsson on ASW: "Finding vulnerabilities in staging doesn't matter; what matters is what's live."

Rickard Carlsson, CEO of Detectify, recently joined as a guest speaker on the Application Security Weekly Podcast hosted by Mike Shema, Matt Alderman, and John Kisella.They discuss how Detectify’s solution is a game changer by combining the speed of automation and hacker expertise, why you should trust developers with security, and how the modern digital landscape requires even devs to look at the asset inventory. We’ve highlighted some interesting points in the interview.


How to accelerate digital transformation

Digital transformation is a double-edged sword. While it can increase worker productivity, improve customer service, and enhance product offerings it is often not an easy journey; IT teams become stretched as they prepare to deploy new applications and continue to support existing services. The deployment can be challenging for any number of reasons but it can be summarised as expensive and painful.


How SIEM tools are going to be the future of threat detection

Security Information and Event Management (SIEM) in the cybersecurity domain started out as a compliance tool but has now evolved into an advanced threat detection platform for organisations. During the development journey of SIEM tools, there was a brief period when it was considered that SIEM is ‘dead’ but it was not because of the absence of the need for it but because SIEM's fundamental capabilities needed an upgrade.


7 High-Risk Events to Monitor Under GDPR: Lessons Learned from the ICO's BA Penalty Notice

Hello Security Ninjas, Today's IT world is complex and can be challenging for security operations teams. Nowadays, more apps are being integrated and interconnected than ever before. Cloud services and SaaS solutions purchased all throughout the organization outside of the IT department add even more complexity. Communicating to application and service owners the kind of activities that need to be logged and sent to the SOC can be a daunting task.

Myth Busting 101: Challenging stereotypes and grasping opportunities

As women in tech, the stereotypes put upon us – and particularly those we accept, internalise and resign ourselves to can become the mantras of our whole careers. From “not being technically minded enough” to being “unable to cope with the demands of the job”, our gender and ethnicities can dictate the positions we apply for and hold, and how far we’ll climb.
Featured Post

How to Handle a Data Breach Within Your Company

Prevention, they say, is better than cure. Most companies have put in place stringent data security measures to prevent any kind of breach. However, following recent security breaches of tech-savvy giants like Twitter, Target, and Gmail, it's clear that no company is 100% immune to a breach. Therefore, businesses must draw an action plan for handling a data breach should the security and prevention measures fail. Here's a comprehensive data breach response guide every company should implement when the situation calls for it.

Egregor Ransomware Attack Hijacks Printers to Spit Out Ransom Notes

So, you’re a ransomware gang and you want to ensure that you have caught the attention of your latest corporate victim. You could simply drop your ransom note onto the desktop of infected computers, informing the firm that their files have been encrypted. Too dull? You could lock infected PCs and display a ghoulish skull on a bright red background (most ransomware seems to insist upon using a shade of red.


Sitdown with a SOC Star: 11 Questions with SANS Instructor Ryan Chapman

Our “Sitdown with a SOC Star” is back with a bang. This installment catches up with security operations and incident response dynamo Ryan Chapman, who shares passionate and thoughtful stories and views on the field of cybersecurity. Among other things, he pleads for more communication and empathy, champions for increased headcounts and describes why staying social with different teams will come in handy when hell breaks loose.


HIPAA Compliance Checklist

The Health Insurance Portability and Accountability Act (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, is designed to keep individuals’ medical information and health records safe. Healthcare organizations must ensure HIPAA compliance, even — perhaps especially — during the current global pandemic. The Office for Civil Rights (OCR) at the U.S.

Outpost24 webinar - Securing DevOps in Cloud Environments

The Covid-19 crisis has wreaked havoc on software development, with businesses being forced to adapt and ensure DevOps can carry on to the same production levels and speed as before. As IT and development infrastructure move to the public cloud at an unprecedented rate, the shared responsibility of cloud can create severe security challenges in terms of visibility, control and compliance.

Outpost24 webinar - Preventing wireless attacks with device visibility and effective controls

In 2020 we’ve seen a growing number of security professionals become more aware of wireless threats and the majority lack confidence in how to prevent them impacting their business. Join our webinar as we discover the key trends in wireless security from our recent RSA 2020 survey and Internet of Evil Things report. Our wireless expert will explore the different challenges we face in securing our network airspaces and combatting the most common threats by creating more effective classification of risk assessment through automation.

Outpost24 webinar - Risk based vulnerability management: What's in a risk score?

In this webinar we’ll provide expert insights into the limitation of CVSS and what goes into a vulnerability risk score, including vendor by vendor and what we look at to determine the risk of a vulnerability to help security managers prioritize and make better informed decisions for remediation. We will identify the benefits of a risk-based approach, highlighting how this can make vulnerabilities more manageable and streamlining remediation through automation and orchestration.

Outpost24 webinar - Cloud security controls best practice

Watch our recorded webinar to discover the critical cloud security controls when migrating to IaaS and PaaS, plus how to build a rich cloud transformation experience and deliver long term operational benefits. As we strive to have greater controls on cloud risk, how can we spend our time more efficiently to focus on what we don’t own and building a more robust cloud operating model? Cloud Security remains a big challenge and whilst the Cloud Security Alliance (CSA) is celebrating its 11th anniversary in 2020 are we any closer to fully understanding the techniques to ensure complete cloud security coverage.

Outpost24 Webinar: Common Wireless Security Threats and How to Avoid them

The #1 challenge for busy security professionals is how can you secure what you don’t know about? 100% of companies has reported finding rogue consumer devices lurking on their enterprise network, highlighting the risk of airborne attacks. Join our webinar to learn how best to discover full scope of what you own and spot anomalies before rogue devices turn malicious.

Outpost24 webinar: Busting the myths of cloud security

How secure is the cloud and top cloud security threats What’s covered by the cloud service providers and what’s not in the shared responsibility model IaaS security in a nutshell and how to enforce cloud compliance The different native security tools offered by AWS, Azure and Google Cloud Platform and their shortfalls Why security is too important to leave it to the cloud service providers How to manage risk across different service providers in multi-cloud scenarios Guidance for managing ongoing risk assessment across your cloud journey

Outpost24 webinar: reinventing application security testing with Omnicom

Whilst DevSecOps is all the rage, web applications come in many shapes and forms that require different types of security and dependent on the level of criticality. Join our webinar as Paul Scott, Global CISO of Omnicom Group, discuss the risks and perils of different application sources, and Bob Egner, our Head of Product, on how to create a repeatable application security testing process to reduce risk and ensure repeatable business.

The PS5 Launch Breaks The Internet

It’s PS5 launch day and dedicated fans have been queuing all morning to get their hands on the limited number of consoles available. So far, we’ve seen John Lewis, Tesco, Currys PC World, Game and Argos struggle under the enormity of tens of thousands of visitors. John Lewis was offline entirely while those with a queuing system in place found that slowing the flow of traffic alone was not enough to protect retailers from over selling stock.


Healthcare Orgs: What You Need to Know About TrickBot and Ryuk

In late October, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) co-authored an advisory report on the latest tactics used by cybercriminals to target the Healthcare and Public Health (HPH) sector. In the report, CISA, FBI, and HHS noted the discovery of, “…credible information of an increased and imminent cybercrime threat to U.S.


Software Composition Analysis Explained

Open source code is everywhere, and it needs to be managed to mitigate security risks. Developers are tasked with creating engaging and reliable applications faster than ever. To achieve this, they rely heavily on open source code to quickly add functionality to their proprietary software. With open source code making up an estimated 60-80% of proprietary applications’ code bases, managing it has become critical to reducing an organization’s security risk.


What is Zero Trust Security and how can you enforce it?

Zero Trust Security, an alternative architecture for IT security was first introduced by Forrester and was rooted in the principle of 'never trust, always verify'. Zero trust security has come a long way since then. My message for companies that think they haven't been attacked is: You are not looking hard enough." James Snook Each enterprise and individual is at risk today given our huge dependency on the Internet.


3 signs it's time to relook your approach to security operations

Security operations centers monitor and analyze activities on networks, servers, databases, applications, websites, and other systems, looking for anomalous activity that could be indicative of a security incident or compromise. Alert fatigue is a growing concern among information security professionals. If statistics are to be believed, over 79% agree about its negative effects on their teams.


A vulnerability in Sqreen: the attacker's point of view

When Charles reached out to me to disclose this issue, we reacted with one goal in mind: protecting our customers. As such, we built a disclosure schedule and reported the issue privately to our impacted users. After a month, we officially created the CVE and shared details about how we fixed this issue in this article.


Announcing Teleport 5.0 - Unified Access Plane and Application Access

Today, we are announcing the availability of Teleport 5.0. This is a major release for the project with numerous improvements and new features, but the hallmark capability of this version is the Unified Access Plane and Application Access for Developers. For those unfamiliar with Teleport, it is an open source project for giving developers secure remote access to everything they need.


Gravitational Rebrands as Teleport

Dear Reader, Today we are officially announcing that Gravitational is becoming Teleport. As part of the transition, we are launching a new website and moving from to But that’s not the most important part. A much more interesting side of the story is why we are doing this and the new product announcements and the direction we are taking.


Egnyte for Life Sciences: A Unified Platform for Regulatory Compliance, Remote Collaboration, and Data Governance

Today marks the release of Egnyte for Life Sciences, a unified data collaboration platform to serve those advancing the science of health. In recent years, Egnyte’s team of industry veterans has listened closely to companies, customizing solutions to ensure regulatory compliance, improve collaboration, and provide more control over your company’s most valuable asset: data. Regulatory Compliance

Introducing CloudCasa: Kubernetes Backup and Disaster Recovery

Introducing CloudCasa – A Smart Home for Protecting Your Cloud Data. CloudCasa is a Kubernetes (K8s) native and cloud native Software-as-a-Service (SaaS) solution that supports backup of Kubernetes clusters. CloudCasa offers a free service to backup your metadata and resources data to S3 and orchestrate Container Storage Interface (CSI) snapshots on your Kubernetes clusters.

Better Detections and Cloud Coverage with Splunk Enterprise Security 6.4

Security teams are in a difficult position: they continue wrestling with persistent problems, such as overwhelming alert volumes and staff shortages, while confronting new ones driven by the abrupt shift to remote work. For instance, attaining real-time, deep visibility into cloud environments may have been on SOC roadmaps before 2020, but the capability is now a pressing need.


Going Beyond Insider Threats: How to Balance Post-COVID Cybersecurity with Productivity Data for Remote Employees

For many organizations, the past several years have been defined by an unending pursuit of data privacy and cybersecurity. Prompted by a daunting threat landscape, new regulatory standards and increasingly onerous consequences, companies invested millions in securing their digital infrastructure as an all-in attempt to meet the moment.


Securing Kubernetes clusters with Sysdig and Red Hat Advanced Cluster Management

In this blog, we introduce the new integration between Sysdig Secure and Red Hat® Advanced Cluster Management for Kubernetes that protects containers, Kubernetes, and cloud infrastructure with out-of-the-box policies based on the Falco open-source runtime security project. Organizations are quickly growing their Kubernetes footprint and need ways to achieve consistent management and security across clusters.


5 questions every higher-ed security leader should ask

In the day and age of COVID-19 we have witnessed a transformation of the way we work. If I were asked before March of 2020 how long it would take to make the progress in digital and security transformation that we as a society have made in the last 9 months, I would have guessed at least 5 years. The rate of adoption in the face of the pandemic has been unprecedented. Nowhere have the changes required to make remote working come on faster than with education.


Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild

The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource management, agriculture, smart homes and far more.


Bad Bots 101 - Credential Stuffing

In our webinar Bad Bots 101: Credential Stuffing Action, we discuss why these attacks are so difficult for businesses to detect and stop. In today’s blog, we cover some of the salient points explored in the webinar by Netacea’s Head of eCommerce Tom Platt, including the common techniques used by sophisticated bad bots to evade traditional methods of detection.


Which DLP Tasks to Automate - and Which to Do Manually

Just this week, the news broke that a poorly-secured AWS server exposed over 10 million hotel reservation logs from Cloud Hospitality websites, putting the information of millions of guests at risk. As of June 2020, more than 3.2 million consumer records have been exposed in the ten biggest data breaches this year. Organizations in virtually every industry struggle to get data loss prevention (DLP) right due to one big misconception about this important cybersecurity practice.


SASE and the Forces Shaping Digital Transformation Part 3: Government and Industry Regulations, and Global Social and Economic Forces

Regulatory authorities are still trying to catch up with cloud computing let alone the revolution that business digitalization is causing as there is no longer a data center to audit or a firewall log to review.


5 Real-Life Examples of Breaches Caused by Insider Threats

Employees know all the ins and outs of a company’s infrastructure and cybersecurity tools. That’s why we witness hundreds of malicious and inadvertent insider attacks that lead to data breaches and harm companies. Such attacks often lead to financial and reputational losses and may even ruin a business.


Consumers Want Easy Access Not Login Red Tape

We’ve been examining the significant changes in online consumer behavior to ascertain what companies should be doing to help people access the connected world knowing that remote life won’t be going away any time soon. Our first report, ForgeRock New Normal: Living Life Online, provided a look into how the COVID-19 pandemic has permanently changed the way consumers plan to use apps and services.


Automotive threat analysis and risk assessment method

The TARA method provides risk evaluation, assessment, treatment, and planning for identified risks. Learn how to apply this method to the ISO SAE 21434 standard. In our earlier blog posts we covered the ISO SAE 21434 standard, including the organizational cyber security plan as well as the cyber security assurance levels in depth. We will now look at the impact calculation and detailed threat analysis and risk assessment (TARA) coverage within this new standard.


Microsoft 365 Comparison: E1 vs. E3 vs. E5

Microsoft offers three levels of Microsoft 365 for enterprise: E1, E3, and E5. But how do you decide which is most relevant to your business? And are they really only suitable for enterprises? As always, it all depends what you need to achieve. Of course, the key difference between enterprise and standard packages is that only enterprise packages can support more than 300 users within a single organization. But this is far from an absolute rule.


Nature vs. Nurture Tip 1: Use DAST With SAST

When conducting research for this year’s State of Software Security report, we looked at how “nature” and “nurture” contribute to the time it takes to close out a security flaw. For the “nature” side, we looked at attributes that we cannot change, like application size or age. For “nurture,” we looked at application attributes we can change, like security scan frequency and cadence.


Why Cybersecurity Depends on the CDM Integration Layer

When you take a close look at the Continuous Diagnostics and Mitigation (CDM) function at the heart of a successful cybersecurity program, you quickly realize that it all depends on integration. It isn’t that the individual components of the program aren’t absolutely essential. But with cyber-attacks gaining in number and sophistication, the true power of CDM is in the ability to overlay multiple datasets to create a single lens for tracking, assessing, and responding to threats.


5 user behavioral patterns to look out for in a decentralized workspace

Problem: If there are thousands of employees scattered around hundreds of places, how do you keep your organization’s network safe? Solution: You should monitor your employees wherever they’re located, and devise a standard baseline of their behavior through machine learning techniques. By using that information, you can identify anomalies and protect your network from cyberattacks.


What is unified endpoint management? UEM explained

The business world is undergoing its most dramatic shift yet with the adoption of digital assets and workforce decentralization representing a huge business opportunity. These changes have led to added endpoints, or devices connecting to the network, and is enabling this transformation. But managing the volumes of these diverse endpoints and geographic locations has grown in complexity.


Raising email security awareness through gamification

October was National Cyber Security Awareness Month which is an excellent opportunity to invest in a modern approach to email security awareness. Most companies and organizations conduct security awareness training annually, during onboarding, and after an adverse event. The effectiveness of periodic training varies greatly and depends on organizational culture and structure, leading to unexpected or undesired results.


Phishing awareness and phishing training explained

There is no more effective initial attack vector than phishing. With an ability to reach well-within your organization’s logical perimeter all the way down to an individual user’s Inbox with some form of malicious content, phishing has proven to be a challenge to organizations working to maintain a proper security stance. On top of this, phishing attacks have some pretty impressive accolades.


3 Ways to Prepare Your Enterprise's Data Security for a Future of Advanced Attacks

One significant negative implication of technology’s continual evolution is proportional advancement in nefarious internet activities, particularly cyber attacks. The past few years have seen a rising sophistication in cyber attacks at levels never experienced before. The worst fact is that attacks will likely only continue to get more advanced. To fight them, enterprises need to be armed with greater security tools. Legacy approaches to cybersecurity no longer cut it.


CEOs Will Be Personally Liable for Cyber-Physical Security Incidents by 2024

Digital attack attempts in industrial environments are on the rise. In February 2020, IBM X-Force reported that it had observed a 2,000% increase in the attempts by threat actors to target Industrial Control Systems (ICS) and Operational Technology (OT) assets between 2018 and 2010. This surge eclipsed the total number of attacks against organizations’ industrial environments that had occurred over the previous three years combined.

SOC Quarantine Diaries: Relativity CSO Amanda Fennell

Amanda Fennell, CSO of Relativity, provider of e-discovery software, discusses how her security team led the company’s drive to remote friendliness, the importance of empowering the user during the WFH shift, the process of cutting down on the “white noise” of alerts and efforts made to keep SOC morale high and drama free.

Parsley Health's innovative patient care includes protecting PHI with Nightfall

Parsley Health launched in 2015 as a new approach to healthcare: a focus on holistic health with a hybrid care model of online and in-office visits. Members pay a flat monthly fee to gain access to doctors and health coaches that help manage chronic health concerns like hormonal imbalances and autoimmune disorders. With medical care including labs and doctor visits combined with lifestyle coaching and nutrition support, people can have flexible tools to maintain a healthy lifestyle.


Solving alias_method and prepend Conflicts in Our Ruby Agent

One way that we monitor API calls from within our customer’s applications is through our agent. The Bearer Agent hooks into every API call in order to read the request, read the response, and in some scenarios act upon that information. The agent replaces methods in the HTTP clients with instrumented versions that call the original methods.

Webinar: How to affordably scale your college or university cyber team

2020 presents new challenges for IT security teams in higher education. The nature of education is being forced to change and we have to change with it. The traditional campus no longer exists. At the same time, enrollment is down and spending needs to be cut. How is it possible to keep your students and staff cyber secure? This webinar brings together experts from LogPoint, a leading SIEM provider, and Cygilant cybersecurity-as-a-service.

How to "winterize" and secure your eCommerce website for the holidays

With online retailers and shoppers busy focusing on the upcoming holiday shopping season, cybercriminals are on the hunt for unsuspecting victims to defraud. Don’t worry; there’s still time to beef up your eCommerce website security and get a full picture of your attack surface before Black Friday so you can #SellSafe all winter long.


Pharma on the hook: cyberattackers phishing for your secret formulas

It goes without saying that mobility has become the key to productivity for any modern business. This is especially true for the highly competitive pharmaceutical industry. To be the first to bring a ground-breaking treatment or vaccine to market, pharmaceutical organizations need their employees to stay productive whether they’re working on your organization’s premises or not.


Learnings from Sqreen's State of App Sec report: PHP apps are 3x more likely to be exploited

With each passing year, we move more and more aspects of our lives online. The line between the online and the offline is becoming thinner and thinner as time goes by. In this scenario, saying that digital security matters is as true as it is obvious. Getting application security wrong can have dramatic consequences for organizations and individuals. That’s the dilemma of security: it’s both incredibly important to get right and amazingly easy to get wrong. And people do get it wrong.


The First Critical Step to Building the Modern SOC

The new Devo eBook, Building the Modern SOC, presents four evolutionary steps for creating a highly automated and efficient security operations center (SOC) that empowers analysts. This is the first in a series of blog posts that will introduce the four steps and highlight some of the most important concepts.


Styra Simplifies Cloud-Native Authorization with DAS Free and DAS Pro

Styra was founded with the simple premise that policy and authorization needed to be reinvented for the cloud-native environment. In order to secure and manage an exponentially more complex, containerized app development ecosystem, the team first had to build a new way to unify authorization policy at scale. The first step in achieving that was to create Open Policy Agent (OPA).


Full VPC traffic visibility with AWS Network Firewall and Sumo Logic

We’re happy to partner with AWS on their launch of AWS Network Firewall by providing a cloud-native integration that gives customers real-time visibility into network traffic and automated correlated events surfaced by AWS. Too often, virtual private cloud (VPC) traffic is a black box leaving many security operations teams unable to connect potential threats to their broader infrastructure.


Container security on IBM Cloud

If you’re running containers and Kubernetes on IBM Cloud, you can now enable the key security workflows of Sysdig Secure as a service within your IBM Cloud deployments. This makes it easier for you to implement security tools and policies to ensure your containers and your Kubernetes environment are protected and running as intended. The new container and Kubernetes security features are integrated into IBM Cloud Monitoring with Sysdig and offered as an additional service plan.


Kubernetes network policies with Sysdig

Microservices and Kubernetes have completely changed the way we reason about network security. Luckily, Kubernetes network security policies (KNP) are a native mechanism to address this issue at the correct level of abstraction. Implementing a network policy is challenging, as developers and ops need to work together to define proper rules. However, the best approach is to adopt a zero trust framework for network security using Kubernetes native controls.


Stories from the SOC - Multi-layered defense detects Windows Trojan

Malware infections are common and are often missed by antivirus software. Their impact to critical infrastructure and applications can be devastating to an organization's network, brand and customers if not remediated. With the everchanging nature of cyberattacks, organizations need a layered security strategy. They shouldn’t depend solely on a single layer of security to keep them protected.


What Is SCM (Security Configuration Management)?

The coronavirus 2019 (COVID-19) pandemic shifted the cybersecurity landscape. According to a PR Newswire release, the FBI tracked as many as 4,000 digital attack attempts a day during the pandemic. That’s 400% more than what it was prior to the pandemic. In response to these attacks, 70% of CISOs told McKinsey that they believed their security budgets would shrink by the end of 2020 but that they’d be asking for significant increases in 2021.


Don't Let Retail Bots Spoil Holiday Cheer

We’ve all heard about the damage malicious botnets, or bots, can cause. When a bot is used for evil, it can overwhelm an entire website and stop business. We’ve recently seen an upsurge of less obviously destructive bots that have a singular purpose: to buy up your stock of the latest must-have items before your customers do and sell them back to your own customers at a markup. These bots can impact your sales and the great customer experience you’ve worked so hard to create.


Can your security keep pace in a DevOps environment?

There’s a growing need for both security and speed in application development. DevSecOps introduces security earlier in the SDLC to ensure secure code. Comparing the speed of software development today to even just a decade ago is a bit like comparing a bullet train to a bicycle. With CI/CD and DevOps now mainstream, it’s faster by orders of magnitude.


OWASP API Security Top 10 (With examples & fixes)

The OWASP, stands for The Open Web Application Security Project, is a non-profit foundation that works to improve application security by listing guidance such as top OWASP API security vulnerabilities and their prevention. Through community-led projects globally, it is a great source for tools, resources, education & training for developers and technologists to secure the web and mobile applications.


Detectify Security Updates for November 16

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.


Java Crypto Catchup

In 2017, we started a blog series talking about how to securely implement a crypto-system in java. How to Get Started Using Java Cryptography Securely touches upon the basics of Java crypto, followed by posts around various crypto primitives Cryptographically Secure Pseudo-Random Number Generator (CSPRNG), Encryption/Decryption, and Message Digests. We also released a Java Crypto Module for easier dockerization of injectable modules exposing Crypto services via an API.


Before you chew through Compliance, consider trying the CIS Controls

Have you heard of the CIS Controls? Even though they’re not part of any specified GRC (Governance, Risk Management, Compliance) mandate, they could actually be used as the foundation for them all. A light, straightforward hors d’oeuvre before you take on the mega-calorific, piled-high, full-fat platters of the multi-course feast that is a full Compliance standard.

Lookout for Small Business: Secure Your Growing Business with Enterprise-grade Security

Regardless of how many employees you have, your growing business faces the same threats as larger organizations. And you depend on engaging your customers on a personal level to stand out in the crowd. So to preserve that relationship, you need a mobile security solution that protects your data and their privacy.

StackRox integrates with Google Artifact Registry to secure software supply chains on GCP

As the brainchild behind the Borg project – the predecessor to Kubernetes – Google Cloud is at the forefront of enabling the move towards microservices architectures, containerization, and Kubernetes. As the only Kubernetes-native container security solution provider, StackRox is a leader in Kubernetes Security and has partnered with Google Cloud on several fronts to help joint customers secure their cloud-native stack and address their share of the security responsibility.


OpenShift Runtime Security Best Practices

This is part three of our four-part OpenShift security blog series. Don’t forget to check out our previous blog posts in the series: Part 1 - OpenShift security best practices for designing clusters Part 2 - OpenShift networking and cluster access best practices Adhering to best practices for running your workloads in OpenShift is critical to keeping the cluster and all its workloads safe.


Sysdig extends image scanning to Google Cloud's Artifact Registry

In support of modern application development built on CI/CD, containers and open source, Google Cloud launched Artifact Registry (now generally available), a new artifact management solution. Sysdig helps DevOps teams using Artifact Registry confidently secure the build pipeline with comprehensive image scanning that identifies container vulnerabilities and misconfigurations to reduce risk.


7 Challenges that Stand in the Way of Your Compliance Efforts

Compliance is very important to any organization. Organizations have many standards to choose from including PCI, CIS, NIST and so on. Oftentimes, there are also multiple regulations that are applicable in any country. So, organizations need to commit some time and resources in order to apply security standards and achieve compliance. Even so, organizations encounter challenges when it comes to maintaining their compliance with security controls for their workflows, processes and policies.


SEC's Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack

Recently, the Securities and Exchange Commission’s exam division issued a Risk Alert (the “Alert”) where it carried out several targeted cybersecurity investigations. The agency is now concerned with how there’s been an increase in a specific type of hack known as “credential stuffing.“ This cyberattack involves using stolen credentials to log into web-based systems and issue the unauthorized transfer of client funds.

CloudCasa Backup and Restore

Welcome to CloudCasa! Watch this demonstration to learn how easy it is to backup and restore your Kubernetes clusters. This free Backup as a Service is powered by Catalogic Software. CloudCasa was built to address data protection weaknesses in Kubernetes and cloud native infrastructure, and to bridge the data management and protection gap between DevOps and IT Operations.

The North Face resets passwords after credential-stuffing attack

An undisclosed number of customers of outdoor clothing retailer The North Face have had their passwords reset by the company, following a credential-stuffing attack. The company has revealed that on October 9, 2020, it became aware that hackers had used usernames and passwords stolen from a third-party website to gain unauthorised access to customer accounts.


Successful Ransomware Attacks on Education Sector Grew 388% in Q3 2020

The number of successful ransomware attacks on the education sector increased 388% in the third quarter of 2020. According to Emsisoft, the education sector reported 31 ransomware incidents in Q3 2020. That’s a 388% increase over the 8 incidents that occurred in the previous quarter. Nine of the 31 ransomware attacks disclosed in the third quarter of the year involved data exfiltration, a tactic which has become common with ransomware gangs over the past year.


3 Alert Sources That Will Keep Your SOC Busy and Welcome Automation in 2021

With the work-from-home shift showing little signs of letting up and new IT spending habits taking shape, organizations should prepare themselves now for an adjustment in security strategy in 2021. The obvious ramifications of remote work from a security operations perspective has meant an increase in threats, as well as a doubling down of the cloud-first mentality which has helped organizations maintain business as usual and nimbly react to new WFH dynamics. What does 2021 hold?


Common Cloud Computing Security Issues and How to Mitigate Them

Securing your cloud environment effectively is no easy task. What cloud security issues should you be prepared for? What are the most serious security risks? Which best practices are most effective at keeping your data safe? In this article, we will explore the two primary cloud models and the principal security concerns you will face when using each model.


Here Comes TroubleGrabber: Stealing Credentials Through Discord

“TroubleGrabber” is a new credential stealer that is being spread through Discord attachments and uses Discord messages to communicate stolen credentials back to the attacker. While it bears some functional similarity to AnarchyGrabber, it is implemented differently and does not appear to be linked to the same group. TroubleGrabber is written by an individual named “Itroublve” and is currently used by multiple threat actors to target victims on Discord.


Calligo is "Highly Commended" in the MSP of the Year category at the 2020 CRN Channel Awards

Out of 8 finalists, Calligo wins the Highly Commended prize for the most hotly-contested category Last night, at the CRN Channel Awards 2020 virtual awards event, Calligo was awarded the Highly Commended prize in the MSP of the Year category. The overwhelming theme of the event was the contribution of the technology industry, and of course resellers and MSPs in particular, in keeping the UK moving throughout the turmoil of 2020.


Online purchase scams spike since the start of COVID-19, reports BBB

Scams occurring during online purchases have spiked since the start of the pandemic, as reported in new research conducted by the Better Business Bureau (BBB). Around 80.5% of consumers who reported this type of scam this year lost money, compared to 71.2% in 2015. Online purchasers scams have been among the three riskiest scams for the past three years but the situation has become significantly more severe in 2020.


Siemplify Joins MVISION Marketplace as an Inaugural Member and Preferred SOAR Partner: What This Means for You

From grabbing the latest social media app to landing a vacation rental, the trend of online marketplaces is rapidly accelerating and even reshaping industries. And the reason is simple: These inventory hubs are convenient and improve both the customer – and seller – experience. Not to be left behind, marketplaces have also become fashionable in the competitive security space, as providers seek to deliver integrated experiences across diverse solutions.


Scalper Bots Target Retailers for PS5 and Xbox Series X

Scalper bots, also known as inventory hoarding bots, are the bots that thrive on supply and demand. These malicious bots are used to target merchandise that is typically in high demand or limited supply, buying it and selling it on for a tidy profit. The key thing here, is that scalper bots can make purchases extraordinarily quickly, much faster than any genuine user can.


What should retailers expect from the 2020 holiday season?

No one could have predicted how 2020 would unfold, particularly for the retail industry. While some high street stores, including major brands, have been forced to close, other retailers have navigated surges of consumers heading online and fueling the eCommerce industry like never before. The holiday period is vital for retailers, with trading figures from November to December able to make or break a businesses’ annual profit margin.


SASE and the Forces Shaping Digital Transformation Part 2: Organizational Culture & Adversaries and Threats

At the convergence of digital transformation, an industry-wide focus on SASE, and the effects of the continuing COVID-19 pandemic, there are key forces that security practitioners need to be aware of and operate within. This is the second blog in a series of three detailing these forces and how security leaders and practitioners can adapt to them in a digitally transforming, SASE-enabled world. This blog covers the forces of Organizational Culture and Adversaries and Threats.


Top cyber security stats you need to know for 2021

Bulletproof has released its Annual Cyber Security Industry Report 2021, where we look at the security challenges facing businesses in 2021 and discover what organisations can do to stay ahead of the hackers. In this blog we highlight 4 key findings from the report and explore what they mean for business’ security in 2021 and beyond.


How to cyber security: Gotta go fast ... but why?

DevSecOps allows organizations to deliver applications at a high velocity using iteration and automation to better serve customers. Velocity is one of the pillars of DevSecOps. Through the magic of automation, DevSecOps teams can achieve impressively short timespans between when developers make changes in code and when those changes are deployed.


White Box Testing Guide

The ultimate objective of any software developer is to create performant, secure, and usable applications. Realizing this goal requires every application to be tested thoroughly. Testing is therefore a critical aspect of creating robust applications. It’s what ensures the developed software meets the desired quality expectations. This blog examines one of the vital testing methods: white box penetration testing.

LogSentinel Next-Generation SIEM

LogSentinel SIEM is a cutting-edge next-generation Security Information and Event Management (SIEM) system offering simplicity, predictability, and innovation like nobody else on the market. By leveraging the latest innovations in technology like #blockchain and machine learning, it helps organizations of all sizes and industries to eliminate their blind spots and reduce the time and cost of incident detection and investigation.

From Nestaway: Automating Security Operations - Detecting and Permanently Blocking Abusive Clients

Today, we’re featuring a blog post from Nestaway that was originally posted in Nestaway Engineering on Medium. Automating Security Operations is a tough task but can make life of a Security guy very easy. At NestAway, our security team tries to automate each and every possible task. This article will address how we at NestAway automated blocking of abusive clients using AWS-WAF and Sqreen.


Beyond Certification: Rethinking Training for Security Analysts

When we talk about training security analysts, you probably immediately think about earning certifications such as CFCE or OSCP. This year’s Devo SOC Performance ReportTM found that among survey respondents who don’t consider their SOC to be a high performer, only 31% of those organizations have a defined program for training analysts. While practical skills are vital in the SOC, they’re not the end-all, be-all of reaching the next career level.


What is CNCF's CKS Exam and What is Covered?

The CKS is the third Kubernetes based certification backed by the Cloud Native Computing Foundation (CNCF). CKS will join the existing Certified Kubernetes Administrator (CKA) and Certified Kubernetes Application Developer (CKAD) programs. All three certifications are online, proctored, performance-based exams that will require solving multiple Kubernetes security tasks from the command line.


The Netflix streaming model can obviate your employee's computer security

Someone you don’t know walks into your office and sits down at a computer. Maybe that computer is a corporate desktop assigned to a mid-level manager or to a member of your IT department. Maybe it’s a personally owned laptop used by a contractor. That unknown person plugs a USB dongle into that computer, installs some software (typing in the correct password, if requested), runs that software, and walks away. No problem, right?


Avionics Safety and Secured Connectivity: A Look at DO-326A/ED-202A, DO-355 and DO-356

One of the major improvements that the avionics industry is undergoing is an Internet of Things (IoT) upgrade. And this is inevitably affecting how airlines approach aircraft safety. From the beginning, safety has been paramount to the aviation industry. But while it is a welcome innovation, the incorporation of IoT devices in aircraft comes with attendant challenges that are not unrelated to cybersecurity risks. Safety for aircraft no longer rests upon physical security.


Preparing for PCI DSS 4.0: what you need to know

The PCI DSS is a minimum set of requirements designed to help organisations protect customer cardholder data, minimise fraud, plus prevent, detect and respond to cyber-attacks. All organisations that accept and/or process credit card payments are required to undertake an annual PCI DSS audit of security controls and processes, covering areas of data security such as retention, encryption, physical security, authentication and access management. Version 3.2 of the PCI DSS was introduced in 2016.


New to Identity Governance? Here's What to Look for in a Modern Identity Governance Solution

You likely have an identity governance and administration (IGA) solution in place to address data privacy and regulatory requirements. “Identity governance” refers to identity needs like access request approvals and certifying user access levels, and “administration” refers to the back-end user account provisioning processes in place to meet those needs.


What the Twitter Hack Says About Your Company

Cyber threats are a feature of our everyday digital life. Most of us have been the victim of one of these attacks, even if we are unaware. The larger hacks make it into the public consciousness, like Equifax, Ashley Madison, Capital One, and more, but we rarely hear from Silicon Valley tech companies. While not infallible, companies like Twitter or Facebook are still not held to strict standards for customer safety.


Protecting remote endpoints

Although businesses have been tasked with addressing a number of remote assets associated with off-site resources such as a sales force that’s often mobile, the number of remote endpoints has grown exponentially. The laptops and mobile devices needed to facilitate working from home full-time for a large percentage of their workers given recent global events has exploded.


Attackers vs. Hackers - Two *Very* Different Animals

The cybersecurity industry is more well-informed than most, but even so, misconceptions arise and spread, helped along by the fact that the rise in cybersecurity incidents has led to substantial “pop culture” intrigue with all things cybersecurity. One of the more harmful of these misconceptions is the conflation of “hacker” and “attacker,” terms which are treated as interchangeable. They’re not.


Protecting PHI in Slack: Nightfall adds DLP (and value) to Perry Health

Pan Chaudhury created Perry Health in 2017 to streamline healthcare delivery. He and his co-founders envisioned a digital health tool to assist healthcare providers in managing chronic conditions like diabetes and hypertension by coordinating care and communication. Perry Health supports better healthcare outcomes by monitoring and engaging with patients when they’re not in the doctor’s office.


Shadow APIs are Putting your Business at Risk

How many APIs does your organization rely on? A 2020 study by Slashdata found that 89% of developers use APIs, and the vast majority are using third-party APIs. These numbers aren’t unique to specific markets either. Regardless whether you are a software-first company, or offering a more tangible service, APIs are a vital part of modern infrastructures. Relying on APIs saves time, resources, and allows businesses to experiment in ways that otherwise would be hard to justify.


The roles and responsibilities that lead to better software security initiatives

If a project or initiative is going to be successful, it needs a plan spelling out what to do and how to do it. But that’s not enough. Somebody, or a group of somebodies, has to be in charge of getting it done. They have to own it. That’s the case with software security initiatives (SSIs), which are the focus of the Building Security In Maturity Model (BSIMM), the annual report by Synopsys.


OWASP Top 10 Application Security Risks (With Examples & Recommendations)

OWASP stands for The Open Web Application Security Project. It is a non-profit foundation that works to improve application security for software. Through community-led projects globally, it is a great source for tools, resources, education & training for developers and technologists to secure the web and mobile applications. Read our article to learn more about the OWASP top 10 vulnerabilities with examples.


Common Nginx misconfigurations that leave your web server open to attack

Nginx is the web server powering one-third of all websites in the world. Detectify Crowdsource has detected some common Nginx misconfigurations that, if left unchecked, leave your web site vulnerable to attack. Here’s how to find some of the most common misconfigurations before an attacker exploits them. Nginx is one of the most commonly used web servers on the Internet due to it being lightweight, modular, and having a user-friendly configuration format.


Getting Security and Development on the Same Page Through ZeroNorth's New Defect Density Dashboard

Today, ZeroNorth introduces its new defect density dashboard to help security leaders engage with development leaders more effectively through a common framework that aligns software vulnerabilities with software quality. I will get to what this means in a second, but first, let’s start with a brief explanation of what defect density is. Defect density is a standard industry metric that measures the number of defects confirmed per 1000 lines of software code.


In the Financial Services Industry, 74% of Apps Have Security Flaws

Over the past year, the financial services industry has been challenged with pivoting its operations to a fully digital model, putting the security of its software center stage. Despite the unanticipated pivot, our recent State of Software Security v11 (SOSS) report found that the financial services industry has the smallest proportion of applications with security flaws compared to other sectors, along with the second-lowest prevalence of severe security flaws, and the best security flaw fix rate.


The Federal Office Has a New Look: Here's How to Keep it Secure

A Government Business Council report from September of this year found 63% of federal employees are fully remote, with many expecting to remain that way for at least the next six months. In this new reality, mobile devices have become a critical lifeline. But the mobile phones and tablets that keep us efficient and effective also open our organizations up to new risks against which existing security does not defend.


OpenShift Networking and Cluster Access Best Practices

This blog post is part two of a four-part blog series where we discuss various OpenShift security best practices for The concept of zero-trust security has emerged to address the new security challenges of cloud-native architecture. These challenges include: Microservice architecture creates a more extensive network attack surface. To address this issue, administrators and developers will have to ensure both external networks and internal software-defined networks are securely configured.


Denmark's Largest Utility Company Accelerates Incident Response

As Denmark’s largest power, utility and telecommunications company servicing 1.5 million customers, Norlys understands the need for fast response to security alerts. When the company first started, the Norlys security team built their own log analytics and incident response capabilities from the ground up. This homegrown approach presented challenges, including manual workflows, too many repetitive tasks and difficult-to-maintain processes.


CybersecAsia Awards 2020 recognizes ManageEngine for its leadership in cybersecurity

ManageEngine’s Log360 was recently honored with the CybersecAsia Award for the Best User and Entity Behavior Analytics software application. The award certifies the important role, and the innovative technology brought to the table by Log360 over the past two years. Elevated cybersecurity risks currently experienced by organizations have driven the sudden adoption of the cloud and increased workforce mobility.


What is a virtual CISO?

Organization’s today host a wide range of information that, due to its external value to competitors, nation-states, or cybercriminals, needs to be properly protected. The role of a Chief Information Security Officer (CISO) is to establish and maintain the organizational strategy and execution to protect its sensitive and valuable information assets and surrounding technologies.


SecTor 2020, Canada's Biggest Cybersecurity Event: Day Two

Even though SecTor had to be entirely online this year due to our unusual international circumstances, there have been plenty of excellent talks from many experienced cybersecurity professionals. The talks took place over the course of two days, October 21st and 22nd. Last time I covered the talks I attended on day one. Interestingly enough, the talks all had to do with threat detection and analysis. Maybe that’s just what I’m fixated on these days.


What is Policy Compliance? Four Tips to Help You Succeed

Policy compliance within the information security space can be an exhausting concept to wrap our heads around. Writing a policy document, publishing it to staff and then staying hands-on to ensure it is followed in perpetuity is easily seen as an arduous, if not an impossible, task. Policies set the basis for every successful information security initiative.


On Demand Webinar: Introducing Wandera Private Access

On 28 October Suzan Sakarya and Alex Dove introduced our latest solution, Wandera Private Access. Here’s the full webinar with a quick breakdown of the session. The workplace continues to transform. Cloud services are being increasingly adopted and in the light of the global pandemic, the need for remote workers to collaborate effectively has climbed corporate priorities.


Splunk Data Stream Processor & Splunk Phantom - The Need For Speed

What is the benefit of combining the power of Data Stream Processor (DSP) and Splunk Phantom? I will give you a hint - the answer involves speed and extensibility. In today's security landscape, speed to detect and mitigate security attacks or outages is of the utmost importance. A slow response to a security incident can have a detrimental impact to your organization's bottom line.

How manufacturers can mitigate mobile phishing risks and accelerate innovation

As your manufacturing organization transforms to Industry 4.0, mobile and cloud remain strategic for reinventing your operations. Not surprisingly, malicious actors have taken note of how reliant we all are on mobile devices. From their perspective, mobile phishing is often the cheapest way to compromise an individual or a manufacturing operation.

CISA Strategy for 5G Security and Resilience

In August 2020, the Cybersecurity and Infrastructure Security Agency (CISA) released its strategy to ensure the security and resilience of 5G infrastructure in the United States. Roughly every 10 years, the next generation of mobile communication networks is released, bringing faster speeds and increased capabilities.


5 Best Tools for Secure Data Transfer

In 2018, it was estimated that more than 20 million people share files each day across a variety of platforms. Since the rise of remote work, that number has only skyrocketed. Every time your business shares a file internally, with a business partner, or to the public, the risk of that data falling into the wrong hands increases.


Employee Monitoring For the Remote Workforce

Remote work has become increasingly popular over the last several years. But in 2020, the number of remote workers grew exponentially as a result of the coronavirus pandemic. Even though the lockdowns have ended, many companies have allowed their employees to continue working remotely. According to Gallup, 33% of workers in the U.S. are working remotely all the time and 25% of workers are working remotely at least some of the time.


Weekly Cyber Security News 06/11/2020

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24.. I have always wondered what would happen if they were to call a victim with a little more clout. Shame the police advise to not actually engage with them, and as the comments go, where is the fun in that? I would probably go with the advice after personal experience.


Full-Tunnel vs Per-App VPN vs Dynamic Split-Tunnel

Remote access services that tunnel traffic, such as SDP or VPN, have different ways of encrypting and routing packets. At the broadest level, is all data encrypted or is only some? And if only some data is being encrypted how do we define which should be? This form of remote access directs all traffic from the device through an encrypted tunnel to the corporate data center.


INETCO Recognized as a Leader in Payment Fraud Detection Solutions by Welp Magazine

Fraud is something that occurs every day across a variety of industries, causing trillions in losses each year. Hardest hit are the financial services and banking industries. In a recent article, Welp Magazine shared its top 13 picks for the best fraud detection startups. INETCO was extremely happy to be featured as a part of this list – selected for its innovative product and exceptional growth strategy.


Top 5 WFH Security Risks - and How to Avoid Them

IT leaders are being kept up at night by one big worry: the increased risk of a data breach due to more employees working remotely. Forty percent say this is their top concern when it comes to remote work. And with good reason. Remote work, especially when accelerated by events like COVID-19 pandemic, compels employees to work on unsanctioned devices, apps, and networks, increasing the attack surface for bad actors, and leaving few checks in place for careless behavior that leads to data leaks.


Detecting Data Exfiltration Via the Use of SNICat

I used to have a cat who loved ice cream. I think I may have given her some as a kitten, and from then on, anytime that she saw someone eating ice cream she would do her best to try and steal some from them. And even if she didn’t really seem to enjoy a particular flavor, she still seemed driven to try and steal that person’s ice cream. Like my cat stealing ice cream, bad guys are constantly trying to target organizations and their data for nefarious purposes.


Port scanner 101: What it is and why should you use it

In today’s complex network infrastructure comprised of diverse resources, devices, and users, port scans represent a significant amount of network traffic. Crackers and hackers alike use port scanners to discover port vulnerabilities that can become attack vectors to malicious outcomes. In this post, we discuss the fundamentals of port scanning, and why you need to deploy an effective port scanner software on your network right now.


What is a Cloud Access Security Broker? CASB explained

A common component of modern cybersecurity infrastructure, a cloud access security broker (CASB) is technology that provides monitoring and mitigates risks from employee use of cloud services. CASBs were initially developed to fill a gap in cloud security visibility left behind by traditional firewalls, next-generation firewalls, and early secure web gateways, which struggled to identify instances of the unapproved use of cloud services, otherwise known as shadow IT or rogue IT.


Best data security practices when offboarding employees

In times long gone, disgruntled former employees could only do so much damage to your company, and relatively little at all to your data security. In the fast-moving world of the 21st century, however, it’s a different story. Costly data breaches and devastating thefts have been undertaken in recent years by dissatisfied staff members released from their job duties.


The Importance of Data Classification for Data Loss Prevention

Data loss prevention (DLP) tools and processes help ensure that critical data is not accessed by or tampered with by unauthorized users. The underlying technology that can make or break your success in data loss prevention is data classification. This article explains how data classification affects the success of your data loss prevention measures.


SASE and the Forces Shaping Digital Transformation Part 1: Businesses Strategy and Information Technology Ops

At the convergence of digital transformation, an industry-wide focus on SASE, and the effects of the continuing COVID-19 pandemic, there are key forces that security practitioners need to be aware of and operate within. This is the first blog in a series of three detailing these forces and how security leaders and practitioners can adapt to them in a digitally transforming, SASE-enabled world. This blog covers the forces of Business Strategy and Information Technology Operations.


Managing Compliance and Security in a Remote World

'Times they are a-changin' was a song performed by Bob Dylan many decades ago, but the words ring true now more than ever. The Covid-19 pandemic has had serious repercussions on the healthcare ecosystem and has shaken up the global economy. The pandemic has also forced millions to work remotely from their homes. According to analyst firm Gartner Inc., amid Covid-19, 88% of enterprises shifted to remote working for their employees.


Prilex Brazilian Threat Group

This blog summarizes the findings of an investigation into the current status of the Brazilian threat group known as 'Prilex' who came to prominence in late 2017 and early 2018 for their ATM jackpotting and point-of-sale (POS) terminal attacks. Whilst the group were believed to have been active since 2014, a distinct absence of 'chatter' and reporting of their activity since 2018 seemingly suggested that the group had ceased operations.


LogPoint Integrated with Cygilant SOCVue Platform Dashboard

One major challenge for organizations of any size is siloed data. While it may cause inefficiencies in some departments, for cybersecurity it is a big threat. When tools are all producing data, logs, etc and reporting in various places, it is hard for teams to manage and improve their security posture. That’s why today I’m pleased to announce that the LogPoint SIEM now integrates with the Cygilant SOCVue platform.


Fact vs Fiction: Cybersecurity for SMEs

We’ve rounded-up the following statements around cybersecurity for small and mid-sized businesses (SMEs) that our team common hears – and we’ll tell you whether they’re fact vs. fiction. Fiction! Nearly one-third (28%) of data breaches in 2020 involved small businesses, according to Verizon Business 2020 Data Breach Investigations Report (DBIR). Today’s increasingly complex and connected cloud environment has led to a spike in SME cyberattacks.


Cyber security assurance levels in the automotive supply chain

With the ISO SAE 21434 standard for road vehicles coming soon, learn the role cyber security assurance levels play in your road vehicle safety program. Automotive cyber security standard ISO SAE 21434 specifies requirements for cyber security risk management of road vehicle electrical and electronic systems, including their components and interfaces. It covers engineering for concept, development, production, operation, maintenance, and decommissioning.

Driving the Cybersecurity Agenda with the C-Suite and Boards

Veracode CEO Sam King joins the Advanced Cyber Security Center, the Boston Globe’s Jon Chesto, MassMutual CISO Jim Routh, and State Street CTRO for a fireside chat about the strategic role the C-suite and corporate boards play in cybersecurity. Sam describes why communication between the board, the C-suite, the CISO, and the security team must be frequent to add value from both a governance and compliance perspective.

Achieving Application Security in Today's Complex Digital World

Application security is an essential part of the software development lifecycle, and getting it right should be a top priority in today’s ever-evolving and expanding digital ecosystem. Application security is the practice of protecting your applications from malicious attacks by detecting and fixing security weaknesses in your applications’ code.


Five takeaways from "The Changing Role of the Security Engineer" at Sqreen Summit

On October 29th, we held the inaugural Sqreen Summit, a virtual event on the future of application security, the latest from Sqreen, CISO priorities in 2021, and the changing role of the security engineer. In this post, I wanted to share some highlights and takeaways of that latter breakout session: The Changing Role of the Security Engineer. It’s well worth a watch, and you can do so on-demand here.


What is eBPF and How Does it Work?

About a year ago, a friend of mine decided to build an EVM (Ethereum Virtual Machine) assembler in Rust. After some prodding from him, I began to help by writing unit tests. At the time, I knew very little about operating systems and started to read about lexical and symbolical analyzers. I was quickly in way over my head. What I did retain, however, was a newfound appreciation for the OS as a whole. So, when he started raving about eBPF, I knew I was in for a treat.

The Need for Data Speed: The secret to how E Global secures the end-to-end customer experience

Interested in exploring how Mexico’s largest electronic payments processor consistently secures the end-to-end customer experience while processing more than 13 million credit and debit card transactions each day? We invite you to join Ander Murillo Zohn, Deputy Director of Big Data Technologies at E-Global, and Stacy Gorkoff, VP of Marketing and Channel Development at INETCO, for a 45-minute webinar as they discuss the secret to using real-time data to achieve the best customer experience possible.

Prevent a Pfizer-like PII Data Breach in Google Cloud

In the long saga of systemic PII data breaches, Pfizer is the latest victim. Personally identifiable information, or PII, is any data that could potentially identify a particular person. Examples of PII information include a full name, address, identifiers like driver’s license numbers, bank account numbers, or email addresses. In the 2020 fall season, Razor, a gaming hardware manufacturer, lost thousands of customer PII records.


What is network security? Network security technologies explained

The modern-day organization is under constant pressure to remain operational and profitable. Both of these pressures are put to the test by cybercriminals daily, who attempt to infiltrate, compromise, navigate, and ultimately act in a threatening manner that can have negative repercussions to productivity, ability to transact, customer privacy, brand reputation and bottom-line revenue.


Building a Security Alliance with Your Cloud Partners

As more infrastructure is moved to the cloud, there are many opportunities to reconsider your security stance and relationships to build ever stronger and more secure IT solutions whilst reducing your security costs. In this post, I’m looking to explore some ways that you can build out your alliances to be better prepared and battle-worthy on the digital security war front.


Cloud security series: What are the most common cloud security challenges?

In the second of our three-part series, we highlight the most common cloud security challenges. When migrating infrastructure and services to the cloud it is vital to establish a clear strategy to avoid new security risks. As moving to the cloud can vastly widen the attack surface, it’s important to check whether current security controls will still be effective when migration is complete.


Leaky Chats: Accidental Exposure and Malware in Discord Attachments

Did you know that Discord attachments are publicly accessible? Did you know that even after deleting an attachment, the link to download the file is still active? In this edition of our leaky app series, we cover how sharing attachment links in Discord can cause accidental public exposure of data. We will also look into the malware abuse case of threat actors using Discord as a malware-hosting platform.


How to Secure System Administrator's Privileged Accounts: 7 Best Practices

System administrators hold the key to your organization’s cybersecurity. However, sysadmin accounts can pose risks to your company. On the one hand, their elevated access rights are targets for hackers and malicious users. On the other hand, there’s a risk of administrators themselves abusing their privileges. In this article, we explore the types and responsibilities of sysadmins and define the risks related to their work.


Mastering Compliance in M365 Cloud Office Environments

With the explosive growth of Microsoft 365, many companies are suddenly experiencing content sprawl at an unprecedented rate. What is content sprawl? It’s when your employees create unstructured content (files, chats, video) in the course of their workday, which then gets stored in multiple repositories, like SharePoint and OneDrive. Accelerate that in the context of a remote workforce, and you suddenly have content sprawling all over the place.


Mind the Permission Gap

A few weeks ago, researching another topic, I posed a question - Which domain within the security ecosystem has struggled to move the needle over the past few years? After trawling through a multitude of annual breach analysts reports (Verizon Breach Report, M-Trends, et al., I concluded that “identities accessing cloud infrastructure” was an irritatingly tough nut to crack.


Turning Data into Proactive Security

With cloud computing growing at a phenomenal rate across the world, shifts in consumer behavior towards digital services are resulting in evolutionary changes for the banking, financial services and insurance industry. Cloud-based banking, for example, is regarded as a catalyst for business transformation and a turning point in financial services. Cyber safety, however, has become a key concern holding back cloud adoption in many organizations.


The Importance of Privacy-Focused Monitoring In Light of COVID-19 Work Disruption

The COVID-19 pandemic has increased the already-robust adoption rates for employee monitoring software. Prominent publications, including The Washington Post and The New York Times, have reported on this trend, and they have documented employees’ general unease about the practice. Indeed, even before employees were relegated to their homes, many were uncomfortable with the idea of invasive and unbridled digital oversight.


Alert AA20-302A: Federal agencies warn about ransomware attacks targeting hospitals

A cybersecurity bulletin was released by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) on October 28, 2020. The three agencies have issued a high-level warning about an increased, imminent threat of ransomware attacks in the healthcare sector. The cybercriminal group behind the TrickBot, Ryuk, and BazarLoader malware is now targeting U.S. hospitals and healthcare providers.