Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2022

What to Automate First in Your SOC - Intro to Torq Webinar Series

Automation can transform how security teams operate, but knowing where to start can be the most difficult part. At Torq, we help teams make these decisions every day. Using our no-code automation platform, security teams can be up and running with their first workflow in as little as a few hours. The secret to making it work is our template library. This 45 minutes webinar will show you how to begin an automation program from scratch, using Torq.

Building a secure CI/CD pipeline with GitHub Actions

GitHub Actions has made it easier than ever to build a secure continuous integration and continuous delivery (CI/CD) pipeline for your GitHub projects. By integrating your CI/CD pipeline and GitHub repository, GitHub Actions allows you to automate your build, test, and deployment pipeline. You can create workflows that build and test every pull request to your repository or deploy merged pull requests to production.

How to Prevent Out-of-Bounds Document Sharing with Egnyte

Every day, your users access dozens of documents they need to do their jobs. However, many users fail to take basic steps to protect sensitive documents from leaving the organization. In sports, when a team loses the ball out of bounds, they have to go on defense. The same thing happens in business when you lose critical documents.

10 Data-Centric Use Cases for better and more advanced CAD data protection

In this extensive two-part blog series, we try to present an exhaustive list of all the HALOCAD data-centric use cases that offer better and more advanced CAD data protection. Computer-Aided Design (CAD) is used to accomplish preliminary design and layouts, design details, and calculations, creating 3D Models, creating and releasing drawings, as well as interfacing with analysis, marketing, manufacturing, and end-user personnel.

Celebrating one year of Rapid Scan Static

As we celebrate the first anniversary of Rapid Scan Static, we look back at the growth of our new SAST engine. In June 2021, Synopsys officially released Rapid Scan Static, a feature of Code Sight™ SE and Coverity® by Synopsys and powered by the Sigma scan engine. Rapid Scan Static reduces the noise and friction for developers by providing fast results that enable them to take action earlier in the software development life cycle (SDLC).

Why We Collect Data From 12 Countries

At SecurityScorecard, we're collecting data from 12 different countries. Here's why: Some countries, industries, and organizations are beginning to deploy deception technologies to misrepresent their security hygiene. If you're trying to gather information on the Chinese infrastructure from outside, e.g., your data set will appear sparse because China blocks the view. But if you collect information from outside and inside of China and triangulate the different discrepancies, you get a more accurate representation.

What is Cache Poisoning?

Network security is of the utmost importance when it comes to protecting servers. An organization's servers contains a lot of sensitive data (e.g., clients’ personal data) that can greatly harm your business in the blink of an eye if compromised. One of the most common yet often undetectable ways the security of your servers can be compromised is cache poisoning. It is crucial to be aware of what cache poisoning is, how it works, why it is so dangerous, and how you can prevent becoming a victim.

9 Best Data Leak Detection Software Solutions

Data leaks are a popular attack vector for cybercriminals. They’re considered a shortcut to accessing valuable sensitive data without needing to carry out sophisticated cyber attacks. Once an attacker discovers a data leak, they can exploit it immediately. Organizations must be vigilant against internal and third-party data leaks. Otherwise, they risk leaving an instant pathway to costly data breaches exposed.

Secure Software Development - SDLC Best Practices

With all the remote works, online businesses, and digital lifestyle, applications (software) have become an integral part of our lives. In contrast, the growing rate of data breaches and cyber-attacks exploiting minor glitches in application functionality has diverted attention to application security which is still underrated in the era of phenomenal technological advancement.

Stories from the SOC - Detecting internal reconnaissance

Internal Reconnaissance, step one of the Cyber Kill Chain, is the process of collecting internal information about a target network to identify vulnerabilities that can potentially be exploited. Threat actors use the information gained from this activity to decide the most effective way to compromise the target network. Vulnerable services can be exploited by threat actors and potentially lead to a network breach. A network breach puts the company in the hands of cybercriminals.