Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When you engage in a security incident investigation, you need to quickly sift through vast quantities of data. In that moment, tracking your attacker, containing the attack, and identifying the root cause are the activities that matter most. However, in an attack’s aftermath, the digital recovery process and post-incident paperwork becomes your new nightmare.

‍The Cybersecurity Maturity Model Certification (CMMC) is a cyber program and security framework used by the US Department of Defense (DoD) to measure firms’ cybersecurity maturity. All DoD contractors working with the federal government must comply with this program by 2025. CMMC compliance demands that DOD contractors pass an external CMMC assessment carried out by an approved CMMC Third Party Assessment Organization (C3PAO) for all but the lowest level of CMMC certification.

A third-party data breach refers to a data breach that has occurred through a third-party company. In a third-party data breach, the vendor or supplier’s system has been compromised and used to steal data that belongs to you. A third party can be defined as an organization with which your organization has entered into a business relationship to provide goods, access, or services for your use.

Generative AI capabilities continue to make their way into every organization, with increasingly useful ways of helping employees and contractors be more productive. This includes advancing how fully automated vulnerability remediation works, and with the power of generative AI, is able to take into account unique environments and uses in real-time.

In today's rapidly evolving cloud landscape, managing permissions and ensuring robust security controls are essential for organizations utilizing Amazon Web Services (AWS). AWS Identity and Access Management (IAM) is crucial in managing permissions to access AWS resources. While IAM provides granular control over permissions, AWS IAM permissions boundaries offer additional security and flexibility for fine-tuning access controls.

For those responsible directly or indirectly for the cyber defense of their organizations, June 2023 is proving to be an extremely challenging month. In this month alone, vulnerabilities were discovered in various appliances, ranging from CVE-2023-27997 impacting FortiGate devices to CVE-2023-35708 impacting MOVEit Transfer software as well as the exploitation activity discovered of Barracuda appliances via CVE-2023-2868.

Unstructured data is a prime target for ransomware attacks, making it crucial for organizations to protect and manage it effectively. Currently, it is estimated that 80-90% of all data generated falls into the unstructured category, consisting of files and objects. Organizations rely on unstructured data to store sensitive information, intellectual property, and other invaluable corporate assets.

GraphQL has become a popular choice for building APIs in recent years. In projects using Typescript and Apollo Client, such as Rubrik’s, it is very helpful to map GraphQL schema to types and interfaces and one of the most popular tools for generating these types and interfaces based on a GraphQL schema is Apollo Codegen.

Implementing the principle of least privilege at scale in AWS requires careful planning and a systematic approach. Here are some steps to help you achieve this.