February 2021

Fixing the "Human Error" Problem

Last year, Verizon’s data breaches report showed that “human error” was the only factor with year-over-year increases in reported incidents. The average cost of data breaches from human error stands at $3.33 million, according to IBM’s Cost of a Data Breach Report 2020. Even big companies and government entities have fallen victim to data breaches caused by human error.

What is Social Engineering?

The phrase “social engineering” sounds innocuous — but, this approach to hacking threatens organizations of all sizes. Social engineering may be an unfamiliar term, but the attacks that fall under this category are well-known. For instance, phishing attacks and ransomware attacks have seen massive increases in the last year. By some estimates, ransomware is up 700% and phishing campaigns are up over 200%.

How to prevent supply chain attacks by securing PAM

The SolarWinds supply chain attack against the US Government was the largest and most sophisticated breach in history. A post mortem operation is still underway and with every stage of its progression, cybersecurity experts become increasingly flabbergasted at the INNOVATIVE complexity of the techniques used. But despite nation-state's efforts to conceal their tactics, they left some highly-valuable clues about their methods that could be leveraged to sharpen supply chain attack defenses.

How to prevent supply chain attacks with an Assume Breach mentality

Supply chain attacks are on the rise, yet few businesses are equipped to face this threat. This could be due to a growing despondency towards cybersecurity in light of the SolarWinds attack. If the nation-state hackers were sophisticated enough to bypass highly-secure Government agency critical infrastructures, how could any organization prevent a supply chain attack? The answer is a change of mindset - don't assume a supply chain attack might occur, assume it will occur.

Security operations center, Part 2: Life of a SOC analyst

In the first part of this blog series, we saw a brief overview of what a security operations center (SOC) is and how it operates. In this part, we’ll take a look at the typical activities that SOC analysts carry out every day to protect their organization from constantly evolving cyber threats and the skill sets that come in handy in effectively carrying out their duties.

Weekly Cyber Security News 26/02/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Got a Mac? Lots of Macs? OK, then have this nice warm feeling that someone cares enough to give you a nice surprise sometime down the line. What to place bets on how nice that present will be?

The SolarWinds Hack: What Went Wrong With Missing Alarms and How To Fix It

A few days ago, on February 23, the US Senate Intelligence Committee held a hearing with executives from SolarWinds, FireEye, CrowdStrike and Microsoft about the SolarWinds hack. It’s worth listening in full, but we want to focus on one particular aspect described by the participants – the malware shutting down endpoint monitoring agents.

Java configuration: how to prevent security misconfigurations

Java configuration is everywhere. With all the application frameworks that the Java ecosystem has, proper configuration is something that is overlooked easily. However, thinking about Java configuration can also end up in a security issue if it is done in the wrong way. We call this misconfiguration. Security misconfiguration is part of the infamous OWASP top 10 vulnerability list and has a prominent spot on place 6.

How Shutterstock Implemented DevSecOps from the Ground Up

Learn how Shutterstock’s Director of Product and Application Security, Christian Bobadilla, built security into the development culture of Shutterstock from the ground up. Christian will share his experience working with developers on embedding security throughout the SDLC, reducing vulnerabilities in their cloud native applications, and ultimately embracing a new security culture. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

ENISA Releases Guidelines for Cloud Security for Healthcare Services

The healthcare sector is undergoing digitalization and adopts new technologies to improve patient care, offer new services for remote patients and reach operational excellence. The integration of new technologies in the complex healthcare IT infrastructure creates new challenges regarding data protection and cybersecurity.

Selecting the Best SOAR Solution Series: Throw the (Play)book at 'Em! (Part 4)

Welcome to Part 4 of our series examining how to select the best security, orchestration, automation and response (SOAR) solution for your business. In Part 1, we defined what SOAR platforms set out to do at their core. In Part 2, we listed the key core competencies that you can expect to find in a SOAR solution. In Part 3, we dove into one of those core competencies: case management. Part 4 will focus on the bread and butter of the SOAR category: playbooks.

Information Security Policy: Must-Have Elements and Tips

Organizations often create multiple IT policies for a variety of needs: disaster recovery, data classification, data privacy, risk assessment, risk management and so on. These documents are often interconnected and provide a framework for the company to set values to guide decision-making and responses. Organizations also need an information security policy. This type of policy provides controls and procedures that help ensure that employees will work with IT assets appropriately.

How to Securely Manage Your Shift to the Cloud

All organizations want to take advantage of the cost savings, operational efficiency, and improved capabilities that a shift to the cloud provides. But having the right protections in place is key to make sure not only your users are protected, but that your sensitive data is also protected. Especially as workforces become increasingly remote, improved functionality and cloud security are both must-haves for any organization.

What matters most: VA scans or pen tests

All sources agree that cyber crime is increasing year on year, putting businesses small and large at increasing risk. Attacks jumped by 31% during the height of the 2020 pandemic alone, and is predicted to cost the global economy over $10 trillion by 2025. In order to stay ahead of the hackers, savvy enterprises are stepping up their security scanning regimes by using vulnerability scanning and penetration tests to uncover security flaws.

Penetration testing methodologies, frameworks & tools

There is no doubt how regular penetration tests are an essential part of the vulnerability management process to reduce risks. It is important to ensure penetration tests are efficient and to do so, the use of correct penetration testing methodologies is an essential component. A methodology in this context defines the logic using which various test cases are carried out to assess an asset’s security. Let’s start with the basics first and then move on to the topic.

Announcing the First-Ever Veracode Hacker Games

“Destroying things is much easier than making them.” This quote from The Hunger Games rings true in software; developers spend months perfecting their innovative applications only to see it all crumble at the nimble fingers of a speedy cyberattacker. So how do you beat them? Improve your secure coding know-how early on and keep it sharp. More than half of organizations in North America provide developers with some level of security training annually, or less often.

Setting Up an Effective Vulnerability Management Policy

Considering the continuous increase in cybersecurity attacks targeting large organizations over the past few years and regulations like PCI DSS, HIPAA, NIST 800-731 – to name a few – it’s no surprise that enterprise investment in vulnerability management is on the rise. Detecting, prioritizing, and remediating security vulnerabilities in today’s rapidly evolving threat landscape is no small feat.

Preventing SQL injections in PHP (and other vulnerabilities)

If you’ve been around web development for a while, you’ve almost certainly heard the term “SQL injection” and some terrifying stories about it. PHP, like many other languages, is not immune to this type of threat, which can be very dangerous indeed. But, luckily, protecting your websites from SQL injection and other similar threats is something you can take tangible steps towards.

When Your Organization Should Adopt Centralized Logging

Most security pros know the value of log data. Organizations collect metrics, logs, and events from some parts of the environment. But there is a big difference between monitoring and a true centralized log management. How can you measure the effectiveness of your current logging solution? Here are four signs that it’s time to centralize log management in your organization: This post is based on content from the new Devo eBook The Shift Is On.

Using OPA with GitOps to speed cloud-native development

Devops teams are flocking to GitOps strategies to accelerate development time frames and eliminate cloud misconfigurations. They should adopt a similar ‘as-code’ approach to policy. One risk in deploying fleets of powerful and flexible clusters on constantly changing infrastructure like Kubernetes is that mistakes happen. Even minute manual errors that slip past review can have substantial impacts on the health and security of your clusters.

Tales from a Social Engineer - Romance Scams

Internet dating is a great thing. No longer are you reliant on bumping into that future special someone in a bar, at the workplace, or in the local coffee shop. As humans, our world has never been so connected, our reach so vast and now even finding love the same is true. Firstly, let’s just start by accepting internet dating is a thing and has been a thing before the world went into various states of lockdown, it has been around pretty much since the widespread use of the internet itself.

What Is Metasploit?

In this quick guide for cybersecurity professionals, we’ve invited some of our favourite security experts who have previously worked with Metasploit to explain why this tool is so valuable for conducting effective penetration tests and network reconnaissance tasks. Our first expert Michael Roninson, Security Expert at Cerber Tech gives a brief overview of this tool and how to use it in his response below;

SIEM for SMEs: Five Myths Debunked

Many people, when reviewing their security strategy, ask the question "is SIEM suitable for my organization?" And for a long time, the answer was "no unless you are a large multinational". The price, the complexity and the hard-to-get value made SIEM a category suitable only for the big corporations with large security teams and budgets. While these used to be correct, that's no longer the case. And the problems that SIEM solves, related to reducing cyber risk, preventing insider threats, covering compliance requirements- are all problems that SME/mid-market organizations have as well.

Quantifying CyberRisk- Solving the riddle

In the late 1990’s and early 2000’s there was a concept that was bandied about that was coined “Return on Security Investment” or ROSI. Borrowing from the common business term Return on Investment (ROI) where a return on a particular investment (capital investment, personnel, training etc.) could be quantified, the cybersecurity industry attempted to quantify a return on security investment.

10 Database Security Best Practices You Should Know

According to Risk Based Security’s 2020 Q3 report, around 36 billion records were compromised between January and September 2020. While this result is quite staggering, it also sends a clear message of the need for effective database security measures. Database security measures are a bit different from website security practices. The former involve physical steps, software solutions and even educating your employees.

How SOAR Helps Service Providers Meet MSSP Challenges, Featuring Forrester Research [Video]

The modern SOC is a hybrid SOC, featuring a blend of in-house and outsourced professionals. For the latter group, security operations is their business, and MSSPs have discovered that SOAR technology provides a slew of benefits, including process consistency, speed and efficiency for analysts, and client collaboration and transparency.

A Guide to VPN Security

Many people are familiar with VPNs in the context of trying to stream TV shows for free. A VPN can make it seem like you’re in a different country by displaying an IP address in Europe or the US, for instance. Appearing to be in New York while traveling in the Netherlands gives you access to sites like Netflix, Hulu, and HBO Max — but the advantages of VPN security go beyond streaming the latest TV shows.

Cloud and Threat Report: Shadow IT in the Cloud

The number of cloud apps being used in the enterprise increased by 20% in 2020, when the COVID-19 pandemic caused a sudden and dramatic shift to remote work for knowledge workers worldwide. Individuals, teams, and organizations all turned to cloud apps to help address some of the new challenges of remote work. The increase in the number of cloud apps was led by an increase in consumer and collaboration apps, the fasting spreading of which included Discord, Zoom, Lumin PDF, and…Xbox LIVE?

Analysis of an attack on automotive keyless entry systems

The convenience of keyless entry systems can come at a price: your security. Learn how key fob hacks happen and why proactive security measures are a vital part of stopping them. With increased connectivity capabilities and larger and more complex software in automotive systems, modern vehicles are becoming more susceptible to cyber security attacks.

Meet Your New CPSO: The Next Generation of Product Security

Over the past ten years, rising security breaches within leading companies have continually reinforced the need for a chief information security officer, or CISO, to protect critical things like IT systems, brand reputation, revenue and even stock prices. As a result, many boards and other invested figures currently demand a higher level of accountability and focus for managing cyber-preparedness, threat prevention and executive reporting, all of which the CISO must provide.

Dangers of Only Scanning First-Party Code

When it comes to securing your applications, it’s not unusual to only consider the risks from your first-party code. But if you’re solely considering your own code, then your attack surface is likely bigger than you think. Our recent State of Software Security report found that 97 percent of the typical Java application is made up of open source libraries. That means your attack surface is exponentially larger than just the code written in-house.

Top Three Threats Facing US Government Employees Amid Telework

We’re all familiar with what happened in 2020. Amid the coronavirus pandemic, organizations worldwide were forced to send their workforces home. Along with the private sector, federal, state and local government agencies and departments across the United States implemented telework programs. Now that we’ve been living with telework for a year now, I wanted to understand how it has affected the government sector.

Public vs Private Cloud Security: A Simple Explanation

(Guest Post) There is no worse feeling than the heartache you get after recording your child’s milestones, only for the mobile phone to start warning that the internal storage is running low. Or maybe you cannot function without music, and you have been downloading so many songs that both your internal storage and memory card are full. Most people would rush to delete some of the songs, but you should not have to decide between two of your favourite artists because you are not one of them.

Defense Department Cybersecurity: All Ahead on Zero Trust

With the Defense Department’s quick and successful pivot to a remote workforce last Spring via its Commercial Virtual Remote (CVR) environment, it proved that the future to fully operate from anywhere in the world is now. Gone are the days of thousands of civilian employees heading into the Pentagon or other installations everyday. However, with this new disparate workforce comes increased risks for network security. As my colleague Bill Wright expertly noted last Summer.

Sysdig contributes Falco's kernel module, eBPF probe, and libraries to the CNCF

Today, I’m excited to announce the contribution of the sysdig kernel module, eBPF probe, and libraries to the Cloud Native Computing Foundation. The source code of these components will move into the Falco organization and be hosted in the falcosecurity github repository. These components are at the base of Falco, the CNCF tool for runtime security and de facto standard for threat detection in the cloud.

How Network Engineers are Reclaiming Their Time

Speak with networking ops and engineering leads anywhere, and you’ll hear what I frequently hear: “The way my team actually spends their time is the opposite of how they feel they could best spend it.” The passion they have for their team and the network they keep running is clearly at odds with a frustrating feeling that they can’t get ahead.

SecureAPlus Premium Add-Ons

Add-Ons for SecureAPlus Premium, it lets you beef up multi-PC management and Windows offline security with two new optional Add-Ons: Policy Add-On gives access to policy creation which defines how SecureAPlus is configured which can then be rolled out via the SecureAPlus Portal to individual or groups of PCs. It also gives you tools to maintain a central whitelist and implement a whitelist request approval system that can all be managed from the convenience of the SecureAPlus Portal.

SecureAPlus Antivirus for Android

Protect against mobile threats and beyond. SecureAPlus Antivirus for Android combines multiple antivirus engines in the cloud to protect your mobile device against the latest threats. SecureAPlus Premium users gain access to features that become extensions of their desktop security no matter where they are in the world. SecureAPlus Antivirus for Android is made by SecureAge Technology.
Featured Post

Using Technology to Keep Compliance Costs Down

Regulatory compliance is overwhelming for any company without the right tools. Think of multinational financial firms that have to comply with laws in multiple jurisdictions where they operate. Thus, as various governments continue to implement programs to lower regulatory burdens on businesses, company leaders know there's a need to cut down on regulatory compliance costs. Luckily, technology can help cut compliance expenses without cutting regulations-related oversights and protection.

Cybersecurity and online gaming: Don't be a victim

Theresa Lanowitz collaborated on this blog. The proliferation of technology and internet connectivity has made it possible for people to seek out most things online, and gaming and gambling are not exceptions. In addition to online video games, social media, music, and video streaming, there are also online casinos and gambling for real money. Well, for gambling in the USA there are state laws to mind, but in some states online gambling is permitted.

Bot Protection Beyond CAPTCHA

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is designed to prevent bots or spam attacks from accessing a webpage. Traditionally users were tasked with typing text from a simple image, but over time CAPTCHA has evolved into more complex images and voice recognition in response to the increasing sophistication of attacks.

5 Identity and Access Management Best Practices

Stolen credentials are among the biggest threats to data security across industries, accounting for around 90% of data breaches. The identity and access management market — consisting of expertise, identity access management tools, and software, and training — is predicted to grow from about $10 billion in 2019 to over $22 billion by 2024. Here’s what you need to know about this increasingly important aspect of data security.

Nightfall simplifies data security & HIPAA compliance for SimpleHealth

SimpleHealth takes their company name to heart. They are a reproductive tele-health company, focused on building thoughtful and impactful services that enable patients to own their reproductive health journey. Today, the core vertical is an online birth control prescription and free home delivery service.

Cloud Threats Memo: Hard Times for ARM-based Mac M1 Processors

The Cloud Threats Memo is a weekly series from Paolo Passeri, digging into a recent cloud threat and highlighting how Netskope can best help mitigate it. Just a few months after their debut in November 2020, the new ARM-based Mac M1 Processors have already attracted the unwanted attention of cybercriminals with two adware samples, the details of which have been revealed over the past few days.

How to prevent supply chain attacks with the Zero Trust Architecture

The SolarWinds supply chain attack has rocked the business world, stirring a whirlwind of supply chain security evaluations. The pernicious effects of the SolarWinds cyberattack (which is likely to take months to fully comprehend) reveals an uncomfortable truth causing stakeholders globally to reconsider their business model - vendors introduce a significant security risk to an organization.

How to cyber security: Containerizing fuzzing targets

Fuzzing can be dangerous. After all, you’re trying to break things. In fuzzing, you deliver deliberately malformed inputs to software to see if the software fails. If it does, you’ve located a vulnerability and can go back to the code and fix it. It’s an excellent, proactive method for software development organizations to fix security weaknesses. And it should be no surprise that fuzzing is also the preferred method for attackers who want to locate zero-day vulnerabilities.

How to perform a cyber security risk assessment? Step by step guide.

Taking cyber security risk assessment out of the equation, risk assessments are nothing new to the world. Industries such as nuclear, aerospace, oil, agriculture, military and railroad have long-established processes to deal with risk. Continuous risk assessments are performed by food, medical, hospital sectors to control risks affecting their environments.

What is symmetric and asymmetric encryption? Examples & Use cases (including top mistakes)

Encryption is the process of converting plaintext data into an alternative form known as ciphertext. However, only authorised users can decipher the ciphertext back into clear-text to access the information. There are two types of encryption in widespread use, i.e. symmetric and asymmetric encryption. These names symbolise whether the same key can be used for encryption and decryption processes. These two terms: Encryption and cryptography, are often used interchangeably.

Message Authentication Code (MAC) Using Java

This is the seventh entry in this blog series on using Java Cryptography securely. Starting from the basics we began diving deeper into various basic cryptographic primitives such as Cryptographically Secure Random Number Generator, symmetric & asymmetric encryption/decryption & hashes. After taking a brief interval, we caught-up with cryptographic updates in the latest Java version. Skip to the TL; DR

XSS Attack Examples and Mitigations

Cross-site scripting (XSS) is an attack that allows JavaScript from one site to run on another. XSS is interesting not due to the technical difficulty of the attack but rather because it exploits some of the core security mechanisms of web browsers and because of its sheer pervasiveness. Understanding XSS and its mitigations provides substantial insight into how the web works and how sites are safely (and unsafely) isolated from each other.

Snyk IaC scanning enhancements include Azure and AWS infrastructure as code

Recently I wrote about Infrastructure as Code (IaC) and how Snyk’s IaC scanning can help catch issues in your templates before they make it to provisioning. Our engineering team continues to expand the breadth of our IaC scanning policies to better protect your platforms from vulnerabilities and issues.

How Effective is Threat Hunting for Organizations?

In recent years, threat hunting has become much more widely adopted, but today the definition of threat hunting is still quite a controversial topic. Threat hunting is the art of finding the unknown in your environment, going beyond traditional detection technologies, with active cyber defence activity, proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.

Sysdig achieves Red Hat Vulnerability Scanner Certification

Image vulnerability scanning is a critical first line of defense for security with containers and Kubernetes. Today, Red Hat recognized Sysdig as a certified Red Hat security partner based on our work to standardize on Red Hat’s published security data with Sysdig Secure.

SOCstock 2020 | The Grooviest Event for Security Operations Professionals

Enjoy this sizzle reel recapping the inaugural SOCstock. Dubbed “the grooviest event for security operations,” SOCstock is a world-class virtual event featuring renowned and respected infosec speakers providing attendees with the very latest security operations trends, research and best practices. But it isn't just about what was happening on stage. SOCstock also features funky swag, far-out contests, talented entertainers and more (no mud involved).

Incorporating SOAR into Zero Trust and MITRE ATT&CK: A Conversation With Forrester Research

What happens when two revered security frameworks get a dose of SOAR? Forrester's Joseph Blankenship and Dr. Chase Cunningham join Siemplify CMO Nimmy Reichenberg to assess the role that automation & orchestration play in the Zero Trust and MITRE ATT&CK models.

Public Documents and Attack Reconnaissance | UpGuard Summit February 2021

The most frequently used types of documents are often the least monitored, and most vulnerable to opening the door to a cyber attack. Join UpGuard's VP of CyberResearch, Greg Pollock, as he discusses these problems and more. Greg gives us insights into UpGuard's recent into public document vulnerabilities.

Panel Discussion on Third Party Risk Management | UpGuard Summit February 2021

Third Party Risk Management (TPRM) is a relatively new area of focus for a lot of companies. As the world becomes more and more connected, all companies, no matter their size or location, have a responsibility to be aware of any risks to their business , including any risks that vendors might bring across as part of that working relationship. Join world leaders in cybersecurity as they discuss the need for implementing strong Third Party Risk Management programs to maintain good security posture.


As security practitioners, we all have things we want to be able to tell our CISO’s. We need to tell them we need more money, more headcount, we need to be able to tell them their baby (security program) is ugly. Everyone wants the ear of a CISO for the dollars they control. We just want their ear to help them understand what’s really going on in the industry and in their organization.

I Wish Someone Had Squished That Phish

It’s long since been established that it’s not if a breach will occur in your enterprise, it’s when. Are you prepared for that response? As Dave Kennedy, CEO of TrustedSec once asked a Brrcon audience, “If all you had was Sysmon, could you still do a successful IR?” Best practices are only best if you actually practice them. Along with Robert Wagner, Staff Security Specialist at Splunk, we’ll talk about ways to get your teams to their fighting weight when the bad guys sneak in through the basement.

Security Spotlight: Ryan Kovar

Splunk is home to some of the best security minds that this industry has to offer. Once a month we’ll take a deep dive and have a chat with one of those minds. First up, Distinguished Security Strategist and co-creator of the Boss Of The SOC, Ryan Kovar. With 20 years of experience in the security space, we’ll have a lot to chat about over the course of an hour.

4 Key Cybersecurity Trends Confronting Canada's Electric Sector

Digital attackers are increasingly targeting energy organizations including those that support national electric grids. As reported by Morning Consult, security researchers found that utilities worldwide had suffered a recorded 1,780 distributed denial-of-service (DDoS) attacks between June 15 and August 21, 2020. That’s a 595% year-over-year increase.

10 step guide: How to be GDPR compliant

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world, yet few organizations are completely compliant with its statutes. Complacency is dangerous territory. Non-compliant entities could be fined up to £18 million or 4% of annual global turnover (whichever is greater). This post clearly outlines the standards set by the GDPR and provides a checklist to help organizations remain compliant.

3rd Party Security an Achilles Heel

It is common and intuitive to think that a security manager is responsible for the protection of their own team and organization. Spending the company’s resources on the security of another organization may sound unreasonable. However, recent events in the retail industry teach us otherwise. Today more than ever, as 3rd-party risk is gaining speed, executives are exposed to threats from unexpected directions and involving new weak points.

Detectify security updates for February 22

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

Case Study - Electronic Gift Card Fraud Investigation Uncovers Contractual Risks

Having closed brick-and-mortar operations on March 16, 2020 for safety reasons, the nearly overnight shift to a purely e-commerce revenue model brought uncertainty. However, a rapid uptick in online sales provided a sense of relief, albeit short-lived. Our client became concerned when a closer look at the online transactions revealed an unusually large volume of electronic gift card purchases made using their private label credit card.

How to choose a Software Composition Analysis (SCA) tool

Whether you’re a developer or a security engineer, Software Composition Analysis—or SCA for short—is a term you will start to hear of more and more. If you haven’t already, that is. The reason for this is simple. Your company is increasingly relying on open source software and containers to develop its applications and by doing so is introducing risk in the form of security vulnerabilities and license violations.

Review and Approve Part 11-Compliant Regulated Documents with Egnyte for Life Sciences

Life sciences teams are more decentralized than ever, yet the need for speed persists. Even before the pandemic, the ability to bring together quality, clinical, and regulatory personnel to hit project timelines is what separated successful projects from those that languished. The pandemic added another barrier to an already complex venture.

Are Your IT Infrastructures Up to Date with the Cybersecurity Compliance Laws in 2021?

It’s an unfortunate fact that cybersecurity is rarely the foremost of concerns among small- to medium-sized businesses. However, investing in cybersecurity is becoming even more important as these organizations undergo digital transformation. It may seem like there are more important priorities on which a small business could focus, but putting your company and your customers at risk of a cyberattack can have huge consequences.

5 Ways a SOAR Solution Improves SOC Analyst Onboarding

The depressingly depleted talent pool in the information security profession is what typically draws most of the attention when personnel and skills challenges are raised, but less talked about is the length of time it takes to backfill a position. Industry group ISACA has found that the average cybersecurity position lies vacant for up to six months, with positions like security analyst one of the most difficult to find suitable candidates for (partially because of issues like burnout).

The 2021 Security Playbook for Remote-first Organizations

The sudden shift to remote work in 2020 exposed companies to a variety of new security challenges. Start off 2021 right by reviewing the seven most crucial areas of security for emerging remote-first organizations. Continue reading below or feel free to download a copy of this playbook. We’ll also include our free Post-COVID Security Checklist as a reference you can keep in your back pocket.

Understanding Cloud as an Attack Vector

In December, Netskope Threat Labs presented our work, “Cloud as an Attack Vector,” at the 23rd International AVAR Cybersecurity Conference. The Association of Antivirus Asia Researchers (AVAR) is a non-profit organization with members from 17 countries and facilitates knowledge sharing, professional development, networking, and partnering for cybersecurity experts and organizations. Ours was one of 27 presentations from 14 different countries featured at the conference.

Brexit Update: What The Trade Deal Means for UK Businesses

As you may be aware, prior to the end of 2020 there was a lot of debate about what would happen to GDPR on 1st January. Given that the trade negotiations went down to the wire, we were all left in the dark until the deal was done on Christmas Eve. But what are the main headlines from this deal and, more importantly, what do they mean for UK businesses?

AppSec Bites Part 3: Has the New Virtual Reality Created Opportunities for AppSec?

Over the past several months, many organizations have had to shift their operations to a fully digital platform. This sudden shift was more challenging for some industries, like government, than other industries, like technology. And aside from having to adapt to fully remote operations, many organizations were also subject to tighter budgets, forcing them to become more efficient.

A Path to Proactive Security Through Automation

The sheer number of cyberattacks launched against organizations every year is massive and growing. If you’re a security analyst working in a SOC or security team, tasked with defending your organization, that means you’re getting bombarded by many more attacks than the recorded numbers above would suggest. These attacks translate into security alerts — fired from your various security tools — that you must investigate and resolve.

Extending CyberSecurity Beyond The Office Perimeter

The traditional office has now morphed into a hybrid model where most employees work remotely. The shift to remote work isn't entirely new. Between 2005 and 2018, there was a 173% increase in the US remote workforce. This trend spiked significantly in 2020 when roughly 88% of organizations worldwide encouraged remote work to flatten the COVID-19 spread. Join Dr. How corporate office perimeters continue to evolve in real-time as the world changes Latest threats to organizations in and out of the office in the new year

Working with Scan Results Using the Veracode Visual Studio Extension

In this video, you will learn how to download, import, and view Veracode scan results using the Veracode Visual Studio Extension. You will also learn how to mitigate findings discovered during the scan in Visual Studio. When the Veracode scan of your application scan has completed successfully, you can download the scan results to your local machine using the Veracode Visual Studio extension or directly from the Veracode Platform. You can also use the Veracode Visual Studio Extension to propose mitigations for flaws discovered in your application during scanning.

Trade-based Money Laundering and Assets Tracing: Increased Risks and Hurdles Faced by Corporations

Stefano Demichelis, Managing Director in the Business Intelligence and Investigations team at Kroll, a division of Duff & Phelps, recently spoke at a webinar organized by LegalPlus Asia. In this webinar, he shared his views on trade-based money laundering (TBML) and the implications for corporations.

What is Active Directory

The simplest definition of Active Directory is that it is a directory service for Windows operating systems. But what does this actually mean? What is Active Directory used for? How can you manage it? Whether you are a new system administrator who wants to learn Active Directory basics, such as its structure, services, components and essential terminology, or a seasoned administrator looking to find new best practices and improve your skills even further, this eBook has something for you.

Dangerous defaults that put your IT environment at risk: IT security under attack

In this blog in the “IT security under attack” series, we wanted to shed some light on an unfamiliar and seldom discussed topic in IT security: the default, out-of-the-box configurations in IT environments that may be putting your network and users at risk. Default settings, and why the initial configuration is not the most secure

Industrial Remote Access: Why It's Not Something to Fear

Increased uptime? Check. Better access to outside expertise? Check. Improved first-time-fix rate? Check. These are just some of the benefits of industrial remote access. Yet many customers are reluctant to embrace remote access. Not only that, but incidents such as the breach at the Oldsmar water utility might increase organizations’ reluctance to use remote access.

ICYM: 4 SaaS Security Lessons to Keep Top of Mind in 2021

At the end of 2020, we hosted a webinar alongside Sisense’s Chief Security & Trust Officer, Ty Sbano titled Securing Best of Breed SaaS applications in 2021. The discussion focused on reviewing the most important security trends of last year and how that should inform security programs this year. As 2021 continues to progress, these are the 4 trends and lessons we think are worth keeping in mind.

CISO Insider S1E6 - CISO Insider Season 1 recap

At Nightfall, we believe in the power of learning from those who have done it before. That’s why we created CISO Insider — a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.

How Your Organization Can Eliminate Entitlement Creep

Organizations are facing increasing pressure to provide employees and contractors with the right access to the right applications and systems at the right time. But how can they do this with their existing, manually-driven Identity Governance and Administration (IGA) solutions and processes? How can security and IT professionals address the needs of the new remote workforce and its demands for access to new cloud applications and services?

Host-based Intrusion Detection System - Overview and HIDS vs NIDS

Although a business appears to make every effort to protect its assets, there is still no security guarantee. Hackers being fully aware of this uncertainty, tend to take complete advantage by tricking users or bypassing restrictions of the technology products in use, allowing them to acquire complete access. Such perils have given rise to the necessity of having a proactive approach towards cyber security to identify, prepare and respond to events.

For DevSecOps to Happen, Everyone Must Be Looking at the Same Data

To achieve DevSecOps, as the term implies, the Development, Security and Operations teams must work together to address the needs of the modern enterprise—secure applications, constantly evolving, delivered at speed. For this to happen, all these teams must be working from the same data set—a single source of truth for all the metrics that relate to application security risk—in order to make informed strategic business and operational decisions.

The Rise of Software Supply Chain Attacks

Software supply chain attacks are back in the news. Last week, security researcher Alex Birsan executed a novel attack against Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, and Uber by leveraging a design flaw in automated build and installation tools. Along with the recent SolarWinds breach, this most recent attack is renewing attention on software supply chain security.

Running a coding dojo at Sqreen

At Sqreen, we take training seriously. We’ve always given Sqreeners access to conferences and run community learning events in our Paris office, but, of course, the current health crisis has meant in-person events are no longer possible. To keep up our training standards during these times, and because our ProdEng team is now located in more places, we decided to run our first virtual coding dojo.

Digital Identity Verification: Paving the Way to a Secure System

As we look forward to restarting our normal lives in the ‘new-normal’ post the pandemic, we are looking to digital channels and devices to bridge the gap between what was done ‘in-person’ and what we can do safely from home. This is necessary for the financial services industry where consumers and businesses alike must move most of their operations online.

10 best practices to build a Java container with Docker

So, you want to build a Java application and run it inside a Docker image? Wouldn’t it be awesome if you knew what best practices to follow when building a Java container with Docker? Let me help you out with this one! In the following cheatsheet, I will provide you with best practices to build a production-grade Java container. In the Java container example, I build using these guidelines, I will focus on creating an optimized secure Java container for your application.

Top 5 SIEM trends of 2021 and how Elastic Security solves them

Security information and event management (SIEM) systems are centralized logging platforms that enable security teams to analyze event data in real time for early detection of targeted cyber attacks and data breaches. A SIEM is used as a tool to collect, store, investigate, and report on log data for threat detection, incident response, forensics, and regulatory compliance.

CrowdStrike and Humio are now delivering customers the most advanced data platform at unrivaled speed and scale.

We founded Humio with the vision of enabling engineering teams to easily collect all of their data in real time and at scale to proactively manage anomalies and recover quickly from various incidents. But we knew we had to bring a modern, advanced approach to log management to meet the current and future needs of customers.

Shielding your Kubernetes runtime with image scanning and the Sysdig Admission Controller

Implementing image scanning on a Kubernetes admission controller is an interesting strategy to apply policies that need Kubernetes context, and create a last line of defense for your cluster. You are probably following the image scanning best practices already, detecting vulnerabilities and misconfigurations before they can be exploited. However, not everything you deploy goes through your CI/CD pipeline or known registries. There are also third-party images and, sometimes, manual deploys.
Featured Post

5 Tips for Building a Culture of Security Among Remote Employees

In one of our previous posts, we highlighted the importance that making security a part of your organizational culture played in keeping your remote workforce secure during the COVID-19 pandemic. But what does that entail? In this post, we're going to flesh out key steps that security teams and their leadership should take in order to make a strong culture of security a reality within their organizations.

Cyberattack on Florida's water treatment plant: What it means to global organizations

The recent news of a cyberattack on a water treatment plant carried out by a remote perpetrator came as a shock to organizations around the world. Earlier this month, an unauthorized threat actor had remotely accessed the plant’s control systems via TeamViewer and used it to increase the amount of sodium hydroxide (lye) in water to dangerously higher levels.

What is an incident response plan? Reviewing common IR templates, methodologies

In today’s threat landscape, it’s no longer if an incident will happen, it’s when. Defending your organization and having a plan for what to do if an incident occurs is more critical than ever. And frankly, the benefits of having an incident response plan are quantifiable. Ponemon’s Cost of a Data Breach Report compared organizations boasting robust security Incident Response (IR) capabilities with those that do not.

Coming to Life: A Detailed Tutorial on Building Your First ATT&CK Procedure

The MITRE ATT&CK framework is a universally accepted knowledge-base of tactics, techniques and procedures designed to organize and display how adversaries attack real-world assets. Blue teams use ATT&CK to better understand the multitude of new (and old) attacks and map those to their internal tools and systems.

How to Perform a Data Protection Impact Assessment (DPIA)

Conducting a data protection impact assessment (DPIA) or privacy impact assessment (PIA) is a complex and challenging task. Nevertheless, it’s critical to do. Data privacy concerns have become a significant focus across all industries, and for good reason: data is at higher risk than ever before. In its 2020 Q3 Data Breach QuickView Report, Risk Based Security revealed that 36 billion records were exposed during the first three quarters of 2020.

Emotet is down but its legacy remains: lessons learned

First identified in 2014, Emotet evolved from a niche banking Trojan into what was classified this year by Europol as one of the most prevalent strains of malware in the world. The sheer scale of Emotet’s impact on organisations means that its disruption by authorities in early 2021 ranks as one of the most significant takedowns in cyber security history.

Modernizing Your Data Protection Strategy

Sharing data is the basis for all business processes and what drives operations and productivity. Today, more than 50% of organizations’ data is in the cloud and the typical enterprise now deploys more than 2,400 cloud applications. Concurrently, data protection remains the nexus between cloud apps, web services, and an increasingly larger number of remote users in support of modern business initiatives.

Cloud Threats Memo: Surprising Findings from Q4 2020 Phishing Trends Report

The Cloud Threats Memo is a weekly series from Paolo Passeri, digging into a recent cloud threat and highlighting how Netskope can best help mitigate it. The Anti-Phishing Working Group has recently released its Q4 Phishing Trends Report 2020, which analyzes the top phishing attacks and other identity theft techniques, as reported by the members of the group.

People-centric Security for Remote Workers

In striving to make sure in-office and remote employees’ work is secure, organizations often rely on technology-centric approaches. Although user monitoring tools and other cybersecurity solutions do their jobs, they still can’t affect employee behavior and fully secure remote work. To engage remote employees into cybersecurity, organizations are now shifting to a human-centric approach.

You Should Be Automating Your Data Flow Map

Mapping and cataloging personal information collected from users is time-consuming. It is error-prone, and relies on hunting down information from multiple departments. For many teams, creating an accurate data flow map will be the hardest part of completing GDPR Article 35's data privacy impact assessment (DPIA) or any privacy impact assessment (PIA). Even for smaller businesses with limited departments and fewer software offerings, determining how data exists and how it moves can be a challenge.

Calligo acquires US-based Decisive Data to accelerate Data Insights Services

Today, Calligo announces the acquisition of Decisive Data, a pioneer in data analytics, data science and visualization. This is a significant acquisition for Calligo as it not only increases the resources and capabilities of our Data Insights team, but it also creates the most capable, accessible and compliant data insights service for modern businesses.

Why A DevOps Champion Might Look Like a Security Hero

In general, people value results. They value things they can see and use. And they especially value things that make their daily work easier. This is why the DevOps process was created in the first place. DevOps is all about collaboration and getting quality applications out the door quickly; it’s about doing things precisely because they produce certain positive results.

Extensibility and the Snyk API: our vision, commitment, and progress

At Snyk, we strongly believe in empowering developers to take ownership of security. Developers are the builders of today and ultimately hold the keys to successfully securing their code. Only a developer-first approach, one that combines developer-friendly tooling together with guidance by security, can help organizations traverse the path to better-secured applications.

Threat Hunting With ML: Another Reason to SMLE

Security is an essential part of any modern IT foundation, whether in smaller shops or at enterprise-scale. It used to be sufficient to implement rules-based software to defend against malicious actors, but those malicious actors are not standing still. Just as every aspect of IT has become more sophisticated, attackers have continued to innovate as well. Building more and more rules-based software to detect security events means you are always one step behind in an unsustainable fight.

How the COVID-19 pandemic has changed IT & Security

While the COVID-19 pandemic has disrupted business models around the world, the adoption of modern application and cloud technologies continues to grow. This year’s Continuous Intelligence Report by Sumo Logic provides an inside look into the state of the modern application technology stack, including changing trends in cloud and application adoption and usage by customers, and the impact of COVID-19 as an accelerant for digital transformation efforts.

5 Security & Productivity Hacks for Home Businesses

These are anxious times for small and medium-sized businesses (SMBs). According to the U.S. Chamber of Commerce, 70% are concerned about financial hardship due to pandemic-related disruptions, and more than half are worried about having to close permanently. At the same time, SMBs are tasked with personnel management in an increasingly distributed and frequently fraught environment where employees are stressed and burned out. Collectively, it’s a sizable challenge for SMB leadership.

How The Dark Web Continues to Threaten Businesses

The Internet is a massive space. Seven days a week, millions of web sites, files, and servers run 24 hours a day. Even so, it is just the tip of the iceberg that we surf and the visible websites that can be accessed using search engines such as Google and Yahoo. The Deep Web, which makes up approximately 90 percent of all websites, is underneath the ground. This hidden network is so massive that it is difficult to figure out at any given time how many pages or sites are currently involved.

The Root of Your AWS Insecurities

The AWS root account can do anything in your account, and it follows that it should be protected with tight security controls: However, while analyzing root account configuration and use in 915 accounts from 153 production environments over four months, we found that: We will now look at the data in more detail to understand more of the nuances and learnings, including the tradeoffs and the presumed “why’s” behind the problems.

Don't let AppSec tool overload slow down your development

Application security testing tools help developers understand security concerns, but having too many tools can do more harm than good. Good tools are essential for building just about anything. But maybe that needs a bit more clarification: Not just good tools. They also have to be the right tools. Because the old cliché, “if all you have is a hammer, everything looks like a nail,” is a warning that using the wrong tool can mess everything up.

Vuln of the Month: CVE-2020-10148 SolarWinds Orion Authentication Bypass

Every week, our global community of hand-picked Detectify Crowdsource ethical hackers submit new vulnerabilities that we make available to our users as automated security tests. In the new series Vuln of the Month, we deep-dive into an especially interesting vulnerability that was added to our scanner in the past month. First up: CVE-2020-10148, SolarWinds Orion Authentication Bypass. In January, Detectify added a security test for CVE-2020-10148, SolarWinds Orion Authentication Bypass.

Evaluating MySQL Recursive CTE at Scale

Egnyte is a unified platform to securely govern content everywhere. We manage billions of files and petabytes of content. One of the core infrastructure components powering such a scale is called MDB or metadata database. It is a cluster of hundreds of MySQL instances storing billions of metadata records. It stores information about files, versions, folders, custom metadata, and their relationships.

Creating a Fraud Risk Scoring Model Leveraging Data Pipelines and Machine Learning with Splunk

According to the Association of Certified Fraud Examiners, the money lost by businesses to fraudsters amounts to over $3.5 trillion each year. The ACFE's 2016 Report to the Nations on Occupational Fraud and Abuse states that proactive data monitoring and analysis is among the most effective anti-fraud controls.

How Logging Eliminates Security Blindspots to Better Identify Threats

The digital landscape continues to grow increasingly complex, and security risk and operational costs rise as digital transformation accelerates. According to research by McKinsey and Company, more than 70 percent of security executives believe that their budgets for fiscal year 2021 will shrink. In this environment, modern logging management technology provides the visibility security teams need to efficiently and cost-effectively manage risk.

The what, why, and how of using network IP scanners in IP-centric IT infrastructures

A simple command-line interface (CLI) ping will give you details about your target IP address. However, you may have to input the ipconfig command, and then the arp-a command to fully discover the status of an IP, and this is just for one IP address. Now imagine doing this for an IP block of 300 IPs, or even 50 IPs, or doing the same task periodically to manage your IP pool of thousands of addresses and their metrics. Seems like an Herculean task for any network admin!

CISOs report that ransomware is now the biggest cybersecurity concern in 2021

As the number of remote working arrangements rose substantially in the last year, cybercriminals were quick to take advantage of these new opportunities. Spam and phishing emails increased in number even more rapidly than telecommuting, and company cybersecurity officers found themselves struggling to keep up. Phishing emails often came with a sinister sidekick - a ransomware attack.

Cybersecurity Challenges for the European Railways

The European Union Agency for Cybersecurity (ENISA) released in November 2020 its “Cybersecurity in Railways” report to raise awareness about the cybersecurity challenges facing Europe’s railways. The report identifies the current cybersecurity status and challenges as well as proposes cybersecurity measures to combat these challenges and enhance the sector’s security posture.

How Joining a Professional Community Can Supercharge Your Career and More

When I was a software developer, I never joined any dev communities. I didn’t see the point. I also worked evenings as a professional musician and mostly spent time within the music community and sports groups I was a part of. I spent time with my dev friends at work; I didn’t understand why I would want to know devs with whom I didn’t work. I was a senior dev.

Business Continuity: How to Plan for the Worst

If the last year has taught us anything, “hope for the best and plan for the worst” should be the new mantra of business owners and IT professionals. No one could have predicted the global pandemic that wreaked havoc on industries and businesses around the world; yet, those companies with a business continuity plan were far better off than those without one.

7 data leak prevention tips for 2021

A news feed isn't complete if it isn't peppered with data breach news. Every day prestigious businesses are falling victim to a pernicious threat expected to cost the world $10.5 trillion annually by 2025. The key to overturning the formidable upward data breach trend is to prevent the events that could potentially develop into data breaches. All data leaks need to be identified and remediated before they are discovered by cybercriminals.

IIS vs Apache: Which is the Best Web Server?

If you host a website, chances are good that you are running either Apache or Internet Information Services (IIS). Depending on the data source, they are two of the most common web server platforms, comprising a virtual triumvirate with Nginx for control of the market. They each also have their passionate supporters and haters. In fact, IIS vs. Apache flame wars are many times really spillover or proxy tirades of ‘Microsoft vs. Linux’.

Role of security in SaaS | SaaS Security Checklist

Software as a Service, also known as SaaS, is a cloud-based service model where a subscriber uses the software via an internet browser. This software could be anything from a simple application such as MS Word to complex business applications such as SAP. All the software tech stack or backend components are located on external servers maintained by the SaaS provider. Before diving into security in SaaS applications, let’s go through basics.

LogSentinel partners with DataAssure to expand its presence in Greater China and Taiwan

15th February 2021 Naarden, The Netherlands – LogSentinel, the innovative next-generation SIEM provider, and DataAssure, a successful value-added provider and integrator of data assurance, data protection, cybersecurity solutions, have announced their partnership to help organizations in Greater China and Taiwan to prevent data breaches and achieve the security posture they need to stay protected in the current challenging work-from-home environment.

Cyber Risk in the Boardroom - Addressing the 2021 Threat Landscape

A new year typically brings a renewed sense of optimism; however, 2021 brings with it promises of unparalleled challenges for board members as their role in cyber risk oversight and increasing organizational resilience has never been more important. Over the course of 2020, as organizations shifted already overburdened staff to build capacity to support remote working, threat actors aggressively exploited weaknesses exposed in the transition.

Common Criteria Certification: What Is It, and What Does It Mean for Tripwire Enterprise?

The Canadian Centre for Cyber Security performs evaluations on common IT products and releases a report called “Common Criteria Certification.” This process allows for organizations to review an evaluation without needing to set up and configure an IT product that they would like to test. Tripwire Enterprise v8.8.2.2 was recently evaluated and passed the certification.

Facade of Security

In the past few months, Cyberint has observed a series of suspicious PDF files mentioning different retail brands, scanned to an anti-virus repository. Seeing as the files were flagged as malicious by the repository, Cyberint’s working assumption is that the retailers were mentioned in order to lure their employees or customers into opening the files.

Teramind vs. InterGuard | 2021 Feature Comparison

Teramind and InterGuard, both are highly regarded as powerful employee monitoring platforms for the modern workforce. Both of them have strong activity monitoring, productivity analysis and reporting features. Especially, after the recent refresh of its UI, InterGuard has been able to up its game in user friendliness – a big factor for this kind of software. On the other hand, Teramind is already known for its intuitive, award-winning interface.

Employee Productivity Solution For Remote Workers

Remote work gives employees the opportunity to avoid lengthy commutes and work more flexible schedules. It also allows employers to reduce overhead costs and hire from a larger pool of applicants since employees no longer need to live locally to qualify. But of course, there are some downsides to remote work as well. There are far more distractions at home, so many remote workers find it difficult to stay focused during work hours.

Weekly Cyber Security News 12/02/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Three quite interesting articles this week. The first is unsettling, if it wasn’t for someone spotting it in progress and was able to counteract the activity, who knows what might have happened. The question is then, who did it?

Preventing SQL injections in Ruby (and other vulnerabilities)

This post’s topic is very straightforward: SQL injection, Ruby flavored. More specifically, how you can protect your Ruby application against SQL injections—and other common security threats. Ruby is a wonderful language for beginner coders to start with and scale to large, distributed Web and Desktop applications. It has an accepting and helpful community. Also, it strives to keep itself up to date to match the needs of developers.

The Kubernetes API Server: Exploring its security impact and how to lock it down

Organizations are increasingly turning to Kubernetes to manage their containers. As reported by Container Journal, 48% of respondents to a 2020 survey said that their organizations were using the platform. That’s up from 27% two years prior. These organizations could be turning to Kubernetes for the many benefits it affords them.

Redscan analysis of NIST NVD reveals record number of critical and high severity vulnerabilities in 2020

The report is based on an analysis of more than 18,000 Common Vulnerabilities and Exposures (CVEs) logged to NIST’s National Vulnerability Database in 2020. It reveals that well over half (57%) were rated ‘high’ or ‘critical’ severity – the highest recorded figure for any year to date. Our analysis also looks beyond severity scores, detailing the rise of low complexity vulnerabilities as well as those which require no user interaction to exploit.

Hairpinning: The Dirty Little Secret of Most Cloud Security Vendors

In more than one conversation with large enterprise clients, we’ve heard the networking and infrastructure leaders responsible for managing the organization’s global WAN jokingly refer to themselves as the “Chief Hairpinning Officer” or CHO. At first blush, this provides a laugh.

Three Open Source Software Security Myths Dispelled

Used by developers around the world, open source components comprise 60%-80% (and likely more) of the codebase in modern applications. Open source components speed the development of proprietary applications, save money, and help organizations stay on the cutting edge of technology development. Despite the widespread adoption of open source components, myths persist about its usage. The following are the top three concerns associated with open source use.

Sqreen's architecture through the ages: part three

Welcome to part three of the Sqreen architecture through the ages series. In case you missed it, here is part one, and here is part two. In this third and final entry to the series, I’m going to discuss how we leveled up the Sqreen backend to handle the growing scale of users and of the Sqreen team, and the journey we took moving from a self-contained product to a proper platform. That will catch you up to the present of where Sqreen is today, from an architecture-perspective.

Security Trends for Managed IT Service Providers

The global managed security services market was valued at $19.4 billion in 2017 and is forecast to reach $46.1 billion by 2023 at a CAGR of 14.9%. There has been an upward trend seen in the need for threat-intelligence by several sectors today. Due to an increased requirement to fight against the advanced threat landscape, customers today expect managed IT service providers and MSPs to adopt advanced security technologies to detect better and anticipate potential threats well in time.

Budgeting in cybersecurity - Can businesses afford it?

Creating an annual budget is challenging because business owners must consider all expenses in the coming year. Apart from ensuring that everyone is paid, and taxes are taken care of, cybersecurity should be one of the most important factors to consider. Even though there are many methods businesses can use to prevent cybercriminals from stealing information, hackers are always inventing new ways of breaching closed systems.

Using Strategic Choices to Ensure Continuous and Effective Cyber Security

Organizations are overwhelmed by the choice of cyber security tools in the market. They need to balance prioritizing and remediating vulnerabilities with managing their secure configurations. What’s more, many organizations are using hybrid clouds where they need to protect assets that are hosted both on premises and in the cloud. This complexity requires a thoughtful approach to cyber security.

Stopping Ransomware in Its Tracks With SOAR, Featuring Forrester Research [Video]

Ransomware is unlike most threats security teams face because it is virtually impossible to prevent and uses native processes, built into your trusted operating systems, to rapidly spread. So considering the speed and extent by which ransomware can topple an organization, what is the best approach for addressing this seemingly existential threat? We asked Forrester Research’s Joseph Blankenship and Chase Cunningham to share insights as part of a four-part series with Siemplify.

How to Build an Insider Threat Program [10-step Checklist]

An efficient insider threat program is a core part of any modern cybersecurity strategy. Having controls in place to detect, deter, and respond to insider attacks and inadvertent data leaks is a necessity for any organization that strives to protect its sensitive data. It’s also required by many IT regulations, standards, and laws: NISPOM, NIST SP 800-53, HIPAA, PCI DSS, and others. In this article, we’ll share best practices for developing an insider threat program.

Eight must-have features in an IAST solution

Selecting the perfect IAST solution for your organization’s needs can be difficult. Learn about the eight must-have features of any good IAST tool. Interactive application security testing (IAST) has quickly gained momentum in the application security (AppSec) space. According to Gartner, there was a 40% increase in inquiry volume around IAST in 2019. Why is IAST one of the fastest-growing AppSec tools?

Security Defender Insights: Improving security visibility in the remote-work reality

This edition of Detectify Security Defenders Insights focuses on best practices on how not to lose security visibility in 2021: For many small to mid-sized tech organizations, security visibility is an increasing challenge. 2020 was the true catalyst to their tech transformation from all in-house to suddenly working from home. This meant a pressured effort to make sure security was top-of-mind especially now that everyone was literally out-of-sight.

75% of Apps in the Healthcare Industry Have a Security Vulnerability

In light of the current pandemic, our healthcare industry has been challenged like never before. Healthcare workers heroically stepped up to the plate, caring for those in need, while the industry itself digitally transformed to keep up with the influx of patient data and virtual wellness appointments.

5 Best Practices for Security Logging in the Cloud

Logs are critical for detecting and investigating security issues. They also provide essential visibility into business operating environments. Many organizations, when they are small and just starting out, can get away with using a local log server and storage to collect data. Almost all security teams start off with this kind of on-premises logging approach. Most teams use an open-source, homegrown solution for this type of short-term, small-scale log analytics.

OPA + Styra DAS free up time and resources for a CRM solution

Let’s say you were going to plan a security project. (Almost any project, really.) The following might be a pretty solid list of goals to aim for: That’s a pretty solid list - and might even read like “too much to ask for.” Yet, it’s exactly what SugarCRM received after deploying Styra DAS to manage Open Policy Agent (OPA) for Kubernetes guardrails.

Top 5 Construction Technology Trends to Watch in 2021

The construction industry is not unfamiliar with disruption. In 2008, the Construction Engineering Index plunged 68 percent. Firms that survived the financial crisis that year faced severe margin pressure – dropping from 5 percent in 2007 to 1 percent by 2010. The industry had to act fast and looked for more innovative ways to cut costs and boost profitability. The industry had to act fast and looked for more innovative ways to cut costs and boost profitability.

DoD's Cyber Posture: A Focus on Automation

The importance of the security of the Department of Defense’s (DoD’s) networks is no secret (well, of course a lot of it is secret!). This is evidenced by the Department’s IT/cybersecurity budget request that annually tops $40 billion dollars. Last year’s IT and Cyberspace Activities Budget Overview perhaps said it best.

Here's How Employee Monitoring Software Makes Remote Teams Secure

More than 80% of small and medium-sized businesses (SMBs) view IT security as a top business concern, and 75% of corporate executives rank cybersecurity enhancements as a pressing issue in the year ahead. For many, this means adapting to a long-term remote workforce by empowering employees to be productive and secure from any location. In response to last year’s pandemic, 85% of CISOs reported sacrificing cybersecurity to enable remote work. Now, it’s time to revive those capabilities.

Runtime security in Azure Kubernetes Service

Runtime security for Azure Kubernetes Service (AKS) environments requires putting controls in place to detect unexpected and malicious behavior across your applications, infrastructure, and cloud environment. Runtime threats include things like: Even if you’re taking advantage of tools like container image vulnerability scanning, Kubernetes pod security policies, and Kubernetes network policies with AKS, not every risk will be addressed.

The Case for SOC Automation: A Conversation With Forrester Research

In the first of a four-part video series hosted by Siemplify, two experts from Forrester Research examine the inherent value of automation for security operations teams, collaboration challenges intensified by remote working and why infosec talent shortage may have more to do with an excess of security tools than a dearth of skilled personnel.

Cyber Security in 2021: Confident Detection and Response

As the volume and sophistication of cyber threats grow, it’s imperative that companies have the ability to rapidly detect and confidently respond to a variety of threats. Devon Ackerman, Head of Incident Response for Kroll’s Cyber Risk practice in North America shares how security leaders feel their organizations are inadequately resourced to run a mature detection and response program.

Cyber Security in 2021: Beware Increased Assault on Endpoints

The COVID-19 pandemic rushed security teams to find ways to support a largely remote workforce, changing the cyber threat landscape with increased opportunities for criminals to exploit vulnerabilities in the work from home environment. Jason Smolanoff, Global Cyber Risk Practice Leader at Kroll, outlines his one big thing for 2021 when it comes to cyber security: the increased assault on endpoints, which will force information security professionals to gain full visibility into a variety of devices and systems now operating outside of the company network.

Forward Fix: Streamlining and Scaling Automation Workflows

Technical Solutions Architect Glen Turner showcases how Forward can help solve enterprise automation problems. Enterprise IT organizations are promised speed, effectiveness, and efficiency through network automation, but rarely receive it. Foward Enterprise can help. Foward gives you effective network automation through collecting/parsing network state information, normalizing it into a vendor-agnostic data model, and exposing the model for workflow.

What is cybersecurity testing? Reviewing testing tools, methodologies for proactive cyber readiness

This article was written by an independent guest author. Your organization may boast all the best cybersecurity hardware, software, services, policies, procedures and even culture. If this is the case, you’re way ahead of the curve. But no matter how confident you are about your overall cybersecurity posture, how can you really know? Knowing is where cybersecurity testing comes in.

Zero Trust policies - Not just for humans, but for machines and applications too

Hackers are continually finding more and more pathways into an organization’s internal environment. Not only is access widely available, it can also be alarmingly simple. Rather than having to actively hack systems, hackers often just log in using easily-obtained or compromised user identities and credentials.

Jeff Bezos Moves On, But Amazon Prevails as a Revolutionary Catalyst for Change in the Online User Experience

Congratulations to Jeff Bezos and the entire Amazon team on their incredible accomplishment of building the most highly valued company on the planet and revolutionizing the face of retail as we once knew it. I am confident that Jeff will successfully tackle even more interesting challenges and projects during the next phase of his career. His announcement last week prompted me to reflect on Amazon’s pioneering work in the areas of ecommerce, cloud computing, supply chain and logistics.

How Emerging AppSec Solutions Can Actually Boost Your ROI

Historically, investments in application security (AppSec) have been seen as financial black holes, with never-ending cost and complexity. And yet, they are a necessity in today’s software-driven world, where getting high-quality products to market quickly is what counts. Companies looking to retain and build a thriving customer base must produce excellent and secure software, no matter what.

Preventing SQL injections in Python (and other vulnerabilities)

Python is a wonderful language, ideal for beginners, and easy to scale up from starter projects to complex applications for data processing and serving dynamic web pages. But as you increase complexity in your applications, it can be easy to inadvertently introduce potential problems and vulnerabilities. In this article, I will highlight the easiest to miss that can cause the biggest problems, how to avoid them and tools and services that help you save time doing so.

Top 10 Ruby security best practices

Do you know those things that are simultaneously incredibly important to get right but incredibly easy to get wrong? That makes for an explosive combination. One such thing happens to be one of the hardest areas in software development: security. Security is hard no matter the language or platform. Today, we’re here to talk specifically about security best practices in Ruby.

SaaS Design Principles with Kubernetes

It seems like nowadays, every company is a SaaS company. We’ve even begun stratifying by what is sold, replacing the “software” in SaaS to whatever the product’s core competency is, search-as-a-service, chat-as-a-service, video-as-a-service. So, when we, at Teleport, set sail for the cloud after years of successfully navigating on-prem software, we came in with a different set of experiences.

Using OPA for multicloud policy and process portability

How Open Policy Agent allows developer teams to write and enforce consistent policy and authorization across multicloud and hybrid cloud environments As multicloud strategies become fully mainstream, companies and dev teams are having to figure out how to create consistent approaches among cloud environments.

Learn About CloudCasa - Kubernetes and Cloud Native Data Protection for Free

Would your team benefit from a simple and easy to use Kubernetes backup service that does all the hard work for you to backup and protect your multi-cloud, multi-cluster, applications and cloud native databases? A cloud-based service so easy to use that even developers won’t mind managing backups?

Teramind vs. Veriato | 2021 Feature Comparison

An apples to apples comparison between Teramind and Veriato is difficult because they follow slightly different approaches when it comes to bundling product features and offerings. We’ve chosen the two most similar employee monitoring packages between the two solutions to compare. Teramind’s package, called Teramind UAM packs all the features you would expect from a modern employee monitoring solution like monitoring, recording, detection and activity control.

Getting started with Kubernetes audit logs and Falco

As Kubernetes adoption continues to grow, Kubernetes audit logs are a critical information source to incorporate in your Kubernetes security strategy. It allows security and DevOps teams to have full visibility into all events happening inside the cluster. The Kubernetes audit logging feature was introduced in Kubernetes 1.11.

Five reasons why the supply chain is the weakest link in your cybersecurity

While cybersecurity is a major concern for all tech-enabled businesses, it is more so for the supply chain where hand-off happens from raw materials to delivery of a product or service. All the functional areas are potential touchpoints where cyber-attacks can happen.

Best Practices for Securing Modern Cloud Native Applications with ActiveCampaign CISO

The benefits of cloud native development are undeniable – from rapid deployments to scaling operations. However, modern cloud native applications both solve and introduce new security risks at each layer of the application. Join Chaim Mazal, ActiveCampaign CISO, as he shares his experience in the cloud native space and offers tips for others. Mazal will discuss how he transformed ActiveCampaign’s security approach at each layer of stack – including 3rd dependencies, containerization, and infrastructure as code. Join us to learn the key strategies and unique insight for securing cloud native applications.

1Password Developer Fireside Chat: Introduction to Rust Macros

Senior Developer, Nathan West, shares an introduction to Rust macros, and discusses token trees, metavariable types, and pattern repetition. He’s joined by 1Password Co-Founder Dave Teare, Senior Developers Matias Bueno, Mathieu Letendre-Jauniaux, and Ricky Hosfelt, along with Senior Staff Developer Mitchell Cohen in the first installment of the 1Password Developer Fireside Chat series.
Featured Post

Six trends in operations management for 2021

2020 was an extremely challenging year for businesses in every industry and in every country across the world. Even those organisations that were able to find a way to continue to operate successfully through the pandemic found that their ways of working were impacted - often negatively - by Covid-19.

Amazon Addresses Best Practice Secrets Management with AWS Secrets Manager

Data breaches are becoming increasingly common, and one factor driving this escalation is the fact that today’s IT systems are integrated and interconnected, requiring login information from multiple parties and services. In response, Amazon Web Services has launched the AWS Secrets Manager, a service designed to help organizations get a handle on these “secrets” by storing and accessing them in a secure way.

Accelerate Compliance of NIST SP 800-63-3 with ForgeRock

No matter how much security and interoperability it brings, the thought of ‘compliance’ always brings a resigned sigh. Yet, from the U.S. Federal Government (Fed) to state and local governments and educational institutions (SLED), complying with guidelines and standards is a must not only for security but for interoperability and cost reduction.

Calligo wins twice at the Digital Jersey Tech Awards

2021 is off to a stellar start for Calligo. At the Digital Jersey Tech Awards 2020 virtual awards evening, Calligo was announced as the Digital Growth Business of the Year for its achievements throughout last year, while Julian Box was named the Digital Leader of the Year. Calligo was named Digital Growth Business of the Year because of its growth in five key areas: UK expansion A fourth acquisition was also completed in 2020, this time in the UK.

Detectify security updates for February 8

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

OWASP Top 10 Cheat Sheet

In recent times, hacks seem to be increasingly prevalent, not to mention severe. What’s more, it doesn’t matter whether you’re a small player or a big name corporation such as LinkedIn or Yahoo! If you develop web-based applications, there’s the strong possibility that your application is vulnerable to attack. Not sure why someone might attack your application?

White Hat, Black Hat, and Grey Hat Hackers: What Do They Do, and What Is the Difference Between Them?

Picture this: a young person is in a dark room. The only thing visible is their figure, as it is just barely lit by the blinding LEDs of their computer screen. They type furiously on an ergonomic keyboard as thousands of lines of neon green monospace text fly across the screen. Click-clack-click-clack-click-clack.

ValidCC Shuttered - Another one bites the dust

On January 28, 2021 the dark web community was informed that “ValidCC”, one of the leading marketplaces for compromised payment card details, was unexpectedly closing its services for good. This happened less than a month after “Joker’s Stash”, another popular dark web payment card marketplace, announced its retirement.

Sensitive Data and Examples | GDPR Personal Data

This is your go-to reference for examples of sensitive data, definition and GDPR personal data including how to identify, classify and protect sensitive data. Highlights It is now easy to access information relating to an individual from the north pole to the south pole with a fast-moving world. You have ever wondered how your personal information is protected or even handled?

Part One: The Rise of Scalper Bots

Scalper bots are designed to automatically purchase online goods. Generally, they do this by adding a product to a cart and completing the checkout process far faster than any human could hope to do so. They exploit vulnerabilities in websites to purchase goods before they are even listed as available to the usual human users of a website. Those using scalper bots have a huge advantage over non-bot users when it comes to purchasing limited-quantity items.

Biggest Cyber Attacks of 2020 & What We Can Learn From Them

There’s no doubt that the internet has made almost every element of our lives easier. Virtually everything now has an online presence, from multi-national social media goliaths to your local bakery. Though this has its advantages, it also creates risk. Convenience comes at a cost, and all too often consumers and businesses alike don’t pay enough attention to cyber security until it’s too late.

Weekly Cyber Security News 05/02/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Most of us after almost a year of regular lock-downs are experiencing cabin fever. In some cases it erupts in quite interesting ways – such as this one. I very much doubt it is a hacker, most likely an employee trying to release ‘tension’.

AppSec Bites Part 2: Top 3 Things to Consider When Maturing Your AppSec Programs

When it comes to maturing an AppSec program, there are several best practices that can help you get started. In part two of our AppSec podcast series, Tim Jarrett, Director of Product Management at Veracode, and Kyle Pippin, Director of Product Management at ThreadFix, share the top 3 things they’ve learned from organizations that have successfully matured and scaled their AppSec programs.

The Importance Of Security Logs For GDPR Compliance

GDPR enforcement (and therefore fines) has been on the rise recently. And after the initial “compliance on paper” that many consultants offered, it’s time to address the cybersecurity aspects underlying GDPR. We have previously addressed the logging requirements of GDPR and now we are going to review the “why” in addition to the “what”.

Using SIEM for Regulatory Compliance: Importance, Best Practices, Use Cases

Why is SIEM Important for Regulatory Compliance? A security information and event management (SIEM) system can improve the security of your business’ computer network with real-time automation, monitoring, logging and event alerts. By leveraging SIEM Software, your security team is able to track events concerning your company’s information security, such as potential data breaches, helping you to react in a timely manner.

Consistency, Efficiency And Security: Three Priorities For The 'Anywhere Workforce' In 2021

The efficacy of remote work has been debated for decades. Now, as companies begin pursuing a post-Covid-19 reality, the debate is finally settled. According to some of the most prominent companies in Silicon Valley, including Google, Facebook, Twitter and Apple, the answer is a hybrid model. Rather than being dogmatic and dichotomous about workplace arrangements, these companies find value in a hybrid model that includes a flexible mix of on-site and remote teams.

Intrusion Prevention Systems explained: what is an IPS?

The goal of every cybersecurity strategy is to stop cyberthreats before they have a material impact. This has resulted in many organizations seeking to be more proactive in their response to potential threats by employing solutions to detect and prevent specific types of cyberattacks by monitoring for the earliest indicators of attacks found within network traffic.

Rooting out the cybersecurity risk in your CI/CD pipeline

When it comes to productivity, agility, and efficiency - continuous integration/continuous delivery (CI/CD) pipelines are great. When it comes to ensuring cybersecurity, they leave a lot to be desired. In fact, and especially given the popularity of CI/CD pipelines now, securing continuous environments might turn into the most important security challenge of the next decade.

CISO Insider S1E5 - "There's no one way to be a CISO" with Ross Young

At Nightfall, we believe in the power of learning from those who have done it before. That’s why we created CISO Insider — a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.

Turla - high sophistication Russian-nexus threat group

Believed active since 2004, if not much earlier, Turla is a high sophistication Russian-nexus threat group with espionage and intelligence gathering motivations targeting organizations worldwide. We have wrote about them in the past here. Known by many security vendor assigned names over the years including Turla Team, Uroburos and Venomous Bear, this bulletin provides an overview of Turla-attributed threats as observed over the past six months.

Best-of-Breed Cybersecurity Technologies: What does this really mean?

For security professionals, the term “best-of-breed” is used at length to describe the latest and greatest technologies. Often seen as a buzz word, how do you tell if something is truly best-of-breed? In a haystack of cybersecurity vendors, how do you find the needle? That’s why today I ask: so what? I’ve heard it before, I’ve said it before, so what do we really mean by best-of-breed technologies? Cygilant is a cybersecurity services company.

Cyberattacks & Remote Work: Services to Secure Your Endpoints

The requirement to secure endpoints has been increasing for the last few years. When the pandemic hit, those endpoints spiraled beyond many security professionals’ wildest dreams. But as our partner SentinelOne said: “Security fell to the backburner because a.) organizations assumed this would be short-lived, and b.) they figured they could circle back to security once everything was up and running.” So while security fell to the backburner, malicious actors seized the opportunity.

What is PCI Compliance? Requirements, Maintenance and Fines

PCI is an information security standard for organisations that handle credit card transactions. It includes any entity that processes, stores or transmits credit card information. This standard is mandated by major credit card companies – Visa, Mastercard, and American Express – and administered by Payment Card Industry Security Standards Council (PCI SSC).

Gray Box Testing Guide

In order to develop stable and secure applications, you need to inspect and verify that your software performs as expected. The most common approaches to testing software are white box testing, black box testing, and gray box testing. While white box testing and black box testing have their pros and cons, gray box testing combines the two testing approaches in an attempt to overcome their deficits.

Understanding the DSCI Security Framework

In the times when data breaches and cybersecurity incidents have become everyday news, the world requires entities which can enhance thought leadership in the field of cybersecurity. And thankfully, there are some bodies which are exactly working to strengthen the privacy and security culture in the cybersecurity landscape.

Preventing SQL injections in Go (and other vulnerabilities)

Go has taken the programming world by storm. When it recently passed its ten-year anniversary, estimates suggested as many as 2 million people use the language. As that number continues to grow, common mistakes have emerged that can lead to bugs and security vulnerabilities. In this article, I will address some of them so you can arm yourself with the knowledge to write more robust, secure Go applications, and avoid SQL injections and other security issues.

Open Policy Agent Graduating in the CNCF proves need for cloud-native authZ

We’re really excited to announce that Open Policy Agent (OPA) is now a graduated project in the Cloud Native Computing Foundation (CNCF)! OPA joins projects like Kubernetes, Envoy, Prometheus, Fluentd (and ten others) that the CNCF recognizes for achieving broad adoption by the cloud-native community and maturity in its development processes. As the creators of OPA, we couldn’t be prouder!

The latest Docker Build show features new Snyk & Docker workshop

2020 was a busy year for Docker and Snyk! In the same year, we announced (and released) Snyk-powered vulnerability scanning within Docker Desktop and Docker Hub. We expect 2021 to be bigger as we grow these products and release Snyk-secured Docker Official Images.

Top 4 Security Pain Points in Office 365 and their Solutions

According to research by Spanning Cloud, a lack of expertise is one of the most significant issues with the company's Office 365 security and compliance strategy. When referring to Microsoft Office 365 security pain points, it is necessary to understand that the lack of security features in Office 365 is not the issue. The learning curve that follows with these features, is.

Securing the modern IT environment: Log everything to see everything

It’s often said that complexity is the enemy of security. Unfortunately, the enemy is getting stronger. As enterprises accelerate their digital transformation, the IT environment grows increasingly complex. In turn, security risks and operational costs increase. The key to cutting through the complexity and achieving clarity can be found in log data. But it requires enterprises to rethink their approach to log management.

How Internal Audit Can Raise the Bar on Fraud Risk Management

In a recent webinar, speakers from Kroll and Institute of Internal Auditors (IIA) Hong Kong discussed the findings from a global IIA/Kroll fraud risk survey. The findings of the research include perceptions of the effectiveness of a fraud risk management program in organizations, including prevention, detection and response; the tools used in the fight against fraud; instances of fraud versus perception; the tone from the top; and resourcing for successful fraud risk management in an organization.

CyberSocial IV '21 and Over: A 2020 Threat Intel Recap & Look Ahead

The New Year is here - but what does the future hold for the world of cybersecurity and threat intelligence? Aylea Baldwin, Threat Intelligence Lead, Reddit Jonathan Couch, SVP Strategy, ThreatQuotient Justin Henkel, Director, Cyber Threat Intelligence, CME Group Kurtis Minder, Chief Executive Officer, GroupSense

New 5G consumption trends demand a new approach to security

We are in the midst of unprecedented transformation – both business transformation and technical transformation. From a technology perspective, 5G will change where and how we harness compute power and promote unforeseen product and service innovation. Once 5G attains critical mass with a robust ecosystem, it will touch nearly every organization, promising new revenue potential across a myriad of industries.

What our attack surface study says about top retail applications

Retail and ecommerce web applications are big targets for hackers. Attack surface assessment is important to help build a complete risk profile of web applications and combat opportunistic hackers looking for vulnerabilities to exploit. Here’s how the biggest online retailers fare against the most common application attack vectors

ZenGRC Named 2021 Governance, Risk and Compliance Emotional Footprint Award Champion

SAN FRANCISCO – February 4, 2021 – Reciprocity announces today that ZenGRC, the industry-leading information security risk and compliance solution, was named 2021 Governance, Risk and Compliance Emotional Footprint Award Champion by Info-Tech Research Group’s SoftwareReviews. The Champion designation is awarded to the vendors that receive top user scores.

Best Server Monitoring Software Tools

If you don’t know the state of your network and server health every second of the day, you’re like a blind pilot inevitably headed for disaster. Fortunately, the market now offers many good tools, both commercial and open source, for network and Windows Server monitoring. We’ve put together a list of best open source, free and paid Windows Server monitoring tools that have proven their value in networks of many sizes.

Cloud DLP and Regulatory Compliance: 3 Things You Must Know

It’s well-established that a data breach is an extremely costly event. By some estimates, a data leak can cost a small to medium-sized business more than $7.68 million per incident. Compliance regimes may seem burdensome, but the goal of these policies is to prevent a devastating data breach that can bankrupt a business and cause myriad problems for consumers.

Looking ahead to infosec's biggest challenges in 2021

The Nightfall blog is a resource for information security professionals to learn more about the challenges we face in the industry. Every week, Nightfall publishes news and insights from the world of cloud security to help you stay current with the cybersecurity world and better prepare for threats before they become serious problems. In January, we hosted two additional infosec leaders on the CISO Insider podcast: Compass CISO J.J. Agha and LifeOmic Chief Legal Officer Lisa Hawke.

This is the Year We Strengthen Cybersecurity Through Collaboration

Cybercrime pays no regard to international borders, and effectively fighting cybercrime is a process that has always relied upon countries collaborating and sharing data. As geopolitical manoeuvres have cast uncertainty around some of our established mechanisms for collaboration, many in this sector have felt a degree of trepidation heading into this year.

How to Compare Workforce IAM and IGA Providers

Without question, comparing workforce identity and access management (IAM) and identity governance and administration (IGA) providers is a massive undertaking. The stakes are high to meet digital transformation requirements, support and secure a remote workforce, and be prepared for future disruptions. And, sadly, ramifications of a poor IAM and IGA purchase decision live long.

What the CPRA Means for the CCPA

In the fall of 2020, voters in California approved the California Privacy Rights Act (CPRA). Touted as California Consumer Protection Act (CCPA) 2.0, the CPRA is more an addendum and expansion of CCPA rather than an entirely new law. Think of it as an update that fixes unclear parts of the previous law and adds new systems to better handle the existence of the law itself. As there are a few “breaking changes”, the 2.0 moniker is pretty apt for those in the software world.

How to integrate automated AST tools in your CI/CD pipeline

The benefits of application security (AppSec) tool integration in the continuous integration/continuous delivery (CI/CD) pipeline are greater the earlier (the “further left”) you perform them in the process. Development organizations are continuing to shift left to implement security earlier in the CI/CD pipeline. But software security group leaders need to know where AppSec tools should go in the CI/CD workflow, and their purposes in different phases.