Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Talking About the CISO Mental Health Crisis

For the past 20 years, I’ve served as CISO for companies across different sectors. In this role, I have shouldered responsibility for protecting each organization from a wide swath of rapidly developing cybersecurity threats. I have also learned firsthand how much stress security leaders face day-to-day. Recent conversations with my peers have shown stress in cybersecurity is an industry-wide problem. The CISO role is one of the most stressful in any organization.

Navigating Change Results - The CISO and CTO View

The Results are In Diverse approaches, but consistent cost savings. Our latest research shows European CIO and CISO intentions and practices at a time of huge security and networking change. See the key findings, dig into the results and hear analysis of what it all means directly from our EMEA CISO Neil Thacker and VP Vice President, Sales Engineering, EMEA/LATAM, Andy Aplin. What does network and security transformation mean in practice for teams, budgets, skills and suppliers? View our video & infographic for the key headlines – then request our Ebook for the full picture.

Cloud Threats Memo: Why Multi-Factor Authentication is a Must-Have

Despite the growing interest in cloud accounts by opportunistic and state-sponsored actors, too many organizations fail to implement basic security measures to protect their cloud apps, such as multi-factor authentication (MFA) for administrators and users. This is the concerning finding of a report recently released by Microsoft, according to which just 22% of Azure Active Directory customers implement strong authentication mechanisms such as MFA or passwordless authentication.

What Are Azure AD Custom Security Attributes?

Microsoft released a valuable new Azure feature in December of 2021: custom security attributes. This feature is still in preview. Custom security attributes enable organizations to define new attributes to meet their needs. These attributes can be used to store information or, more notably, implement access controls with Azure attribute-based access control (ABAC). Azure ABAC, which is also in preview, enables an organization to define access rules based on the value of an object’s attribute.

How to Protect Cloud Workloads from Zero-day Vulnerabilities

Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces. When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis, but even if they’re able to identify all impacted areas, the patching process can be cumbersome and time-consuming. As we saw with Log4Shell, this can become even more complicated when the vulnerability is nearly ubiquitous.

Sysdig Secure - When cloud provider security services are not enough

The benefits of cloud computing are causing the adoption of cloud services by companies of all sizes to increase each year. The reduction of operating costs, time to market, ease of use, and reliability are some of the most significant benefits. However, the shared responsibility model must be taken into consideration. Cloud breaches are already everywhere and it doesn’t look like they’re going to slow down anytime soon.

A Malicious Package Found Stealing AWS AIM data on npm has Similarities To Capital One Hack

In the latter part of December 2021, WhiteSource Diffend detected the new release of a package called @maui-mf/app-auth. This package used a vector of attack that was similar to the server side request forgery (SSRF) attack against Capital One in 2019, in which a server was tricked into executing commands on behalf of a remote user, thereby enabling the user to treat the server as a proxy for requests and gain access to non-public endpoints.

NewEdge, You've Come a Long Way Baby

Just over three years ago, Joe DePalo joined Netskope as Senior Vice President of Platform Engineering. He had most recently led the infrastructure design and build-out at AWS, the world’s largest public cloud, and prior to that, engineering and operations for one of the largest content delivery networks (CDNs) at Limelight Networks.