Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Well, it’s that time of year again. With the new year comes new predictions. Sometimes it seems that these posts can simply be a cut-and-paste job from year to year. I’m going to do my best to avoid that here. Let’s take a look back on some of our past predictions.

In the digital world, where countless users communicate, share data, and engage in diverse activities, determining the origin and actions behind these interactions can be quite challenging. This is where non-repudiation steps in. Coupling other security factors, such as delivery proof, identity verification, and a digital signature, creates non-repudiation. This guarantees that the parties involved in the transmission are unable to renounce the execution of an action.

At Netskope, we have a long history of supporting customers in the US Federal Government. For example, the US Patent and Trademark Office (USPTO) recently chose Netskope to help with its cloud-first security initiatives, building out their entire SASE architecture. Today, we’re thrilled to announce two major developments to make it easier to acquire and implement Netskope in US federal agencies and the contractors that support them.

In the current cyber landscape, adversaries commonly employ phishing as the leading technique to compromise enterprise security. The susceptibility of human behavior makes individuals the weakest link in the security chain. Consequently, there is an urgent need for robust cybersecurity measures. Phishing, which capitalizes on exploiting human behavior and vulnerabilities, remains the adversary's top choice. To counter this threat effectively, ongoing education and awareness initiatives are essential.

The SAP GRC (Governance, Risk Management and Compliance) Framework is a collection of enterprise software applications that help organizations control access and prevent fraud across the enterprise. At the same time, they can minimize the time and cost of compliance with internal and external regulations. The SAP GRC framework comprises the SAP Access Control and SAP Cloud Identity Access Governance solutions.

The Sysdig Threat Research Team discovered techniques that allowed the AWS WAF to be bypassed using a specialized DOM event. Web Application Firewalls (WAFs) serve as the first line of defense for your web applications, acting as a filter between your application and incoming web traffic to protect against unauthorized or malicious activity. In this blog post, we will analyze one of the most commonly used Web Application Firewalls, the AWS WAF, and explain ways that allowed it to be bypassed.

My team and I were on a call with a customer who saw a critical need to secure access to his company’s cloud service provider (CSP) containers. Our conversation comes to mind often, because it reflects the fast-evolving nature of privileged access and what it takes to secure it in today’s complex IT environment. As we spoke, the customer stood out to me as a forward-thinking leader. His job: protect and enable an enterprise that is no stranger to the cloud.

After serving as its steward for over a decade, Trustwave has agreed to transfer the reins of the renowned open-source web application firewall (WAF) engine, ModSecurity, to the Open Worldwide Application Security Project (OWASP). This landmark move promises to inject fresh energy and perspectives into the project, ensuring its continued evolution as a vital line of defense for countless websites worldwide.

Many organizations have adopted IP address allowlisting for their corporate cloud applications as an added layer of security. Many sanctioned cloud applications and web services enforce access restrictions based on the source IP address of incoming traffic. To establish a connection with these remote SaaS services, your traffic must originate from a particular IP address that is pre-registered. Any traffic originating from different IP addresses will be denied access by these remote applications.

This blog is part of a series about how to use Vanta and AWS to simplify your organization’s cloud security. To learn more about how to use Vanta and AWS, watch our Coffee and Compliance on-demand webinar. ‍ Amazon Web Services, or AWS, is one of the most popular cloud providers for organizations today — providing one of the most flexible and secure cloud environments available.