One of the great things about Kubernetes is that it completely separates authentication and authorization. Authentication (Authn) meaning the act of identifying who the user is and authorization (Authz) meaning the act of working out if they’re allowed to perform some action. This can be thought of in terms of a Passport and a Visa.
With all the Russian election hacking scandals in the news during and after the 2016 Presidential election, curiosity consumed me to architect and run an experiment to see if I could monitor changes in the threat landscape in either Moscow, Russia or Washington D.C. during the 2018 U.S. midterm elections.
Insurance companies know how to insure their clients’ homes, cars, and businesses, but they may find it difficult to ensure that the information they collect remains secure. While the insurance industry focuses on risk-based analyses for premiums, it needs to focus internally and use those same risk management processes for securing customer information.
With the evolution of technology comes new approaches to solving problems. Sometimes a new approach fixes the problem; sometimes it creates new ones. The good thing is as folks who work in fast-paced, high-tech environment, we information security professionals are great at quickly analyzing the new technologies and applying them to our daily lives. …Or so we thought!
Today at Think 2019 we’re announcing our intent to work with IBM to support the Sysdig Cloud-Native Intelligence Platform on IBM Cloud Private and IBM Multicloud Manager. By supporting IBM Multicloud Manager and IBM Cloud Private, Sysdig will help IBM customers accelerate the transition to cloud architectures.
Supervisory Control Data Acquisition Systems (SCADA) communicate with industrial control systems (ICS) to provide manufacturers monitoring and analysis in real-time. However, the SCADA systems, established initially in the 1960s, cannot keep pace with the speed at which cybercriminals evolve their threat methodologies. Understanding risk assessment in the manufacturing industry means recognizing the concerns specific to these technologies.
Faced with challenges such as the persistent cybersecurity skills gap, lack of 24x7 security coverage, increasing security threat pressure, and the cost and complexity of in-house security operations, many organizations are turning to outsourcing of cybersecurity processes and systems.
Earlier today, CVE-2019-5736 was announced regarding a runC container breakout. Given the high CVSS rating of 7.2, it is imperative to quickly patch your systems.
So how do you marshal the resources that you need to implement effective supply chain security? Borrowing from the same motivation techniques that we use to keep ourselves going to the gym, I recommend a combination of sex appeal (highlighting attractive benefits), pain avoidance (highlighting the painful risks) and recruiting allies (finding support within and outside of your organization).
