Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

At Rubrik, we are on a mission to Secure the World’s Data and we consider product quality a top priority. In this blog, we will talk about the automated test strategy we follow at Rubrik to ensure the best quality products for our customers. Before we deep dive into our test strategy and the process we follow, let’s quickly understand what product quality means and why it’s important to our organization as well as our customers.

The escalation of international legislative interest in regulating the software supply chain has led to an increasing likelihood that tools such as software bills of materials (SBOMs) and AppSec solutions will become essential for companies doing business in the public sector or in highly regulated industries. However, the process of building and enforcing effective regulations presents challenges as well.

Many countries across the globe are realizing the importance of the right to privacy in the digital era. The GDPR, the data privacy legislation for the European Union, came into force in 2018 and became the guiding star for an array of privacy laws. The Digital Personal Data Protection Act (DPDPA) by the Indian government is the latest privacy law aimed at protecting individuals’ privacy while ensuring hassle-free business operations.

Researchers at Truesec are tracking a phishing campaign that’s distributing the DarkGate Loader malware via external Microsoft Teams messages. “On August 29, in the timespan from 11:25 to 12:25 UTC, Microsoft Teams chat messages were sent from two external Office 365 accounts compromised prior to the campaign,” the researchers write.

If you want to visualize how data flows across your connected applications, you can think back to that childhood game of Chutes and Ladders (also called Snakes and Ladders). As a kid, the board felt like a confusing grid that had the weirdest, seemingly arbitrary connections between blocks. In your modern digital environment, your Application Programming Interfaces (APIs) fulfill the same role that the ladders and chutes/snakes fulfilled, connecting disparate blocks across a larger whole.

Web cache poisoning is a cyber attack that wreaks havoc on unsuspecting websites. It exploits vulnerabilities by caching mechanisms that web servers, proxies, and content delivery networks (CDNs) use, compromising data integrity. Malicious actors can use cache poisoning to deliver malicious payloads, tamper with sensitive information, or redirect users to fraudulent websites. In this article, we’ll comprehensively explore web cache poisoning attacks and how they work.

Finding deeply hidden and unexpected vulnerabilities early in the development process is key. However, time to invest in proactive tests is limited. Prioritizing speed over security is common. Our new AI-assistant CI Spark closes this gap and enables both speed and security. CI Spark makes use of LLMs to automatically identify attack surfaces and to suggest test code. Tests generated by CI Spark work like a unit test that automatically generates thousands of test cases.

Organizations need to protect themselves from the risks of running their business over the internet and processing sensitive data in the cloud. The growth of SaaS applications, Shadow IT and work from anywhere have therefore driven a rapid adoption of cloud-delivered cybersecurity services. Gartner defined SSE as a collection of cloud-delivered security functions: SWG, CASB, DLP and ZTNA. SSE solutions help to move branch security to the cloud in a flexible, cost-effective and easy-to-manage way.

Every organization handles security differently, based on their needs and internal structure—but in some mid-sized and large companies, both the chief information officer (CIO) and the chief information security officer (CISO) are involved. This can set up a CIO vs. CISO standoff. Indeed, historically, the relationship between the CIO and CISO has been described as adversarial but ever-evolving.

It seems everyone is concerned about cybersecurity these days, and the investor community is no different. Shareholders are reading the headlines—ransomware attacks, data breaches, infrastructure disruptions—and they are wondering how these incidents could impact the companies that they invest in. Shareholders are about to get a lot more information from companies in the months ahead. In July 2023, the U.S.