Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Automation workflows add a lot of value to an organization’s day-to-day operations. At a minimum, they streamline the execution of complex, multi-step processes, thereby allowing people to focus on higher-value tasks. On top of that, automation workflows can provide valuable insights through the metrics that they gather – including the number of requests, the date and time they were requested, the time it took to complete each request, who made the request, and much more.

As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function in an organization, it is possible to “geek out” on some of the information in these official papers.

Headline grabbing vulnerabilities, like SolarWinds and Log4Shell, target management software and end hosts, but if you search for “most exploited vulnerabilities” on Google, you will quickly learn that some of them directly target network and security devices as well as server load balancers. These are the 3 most exploited CVEs in the last couple of years: Would you be surprised to learn that network device operating systems can be vulnerable to security flaws like any other software?

A common question we receive is: should security orchestration, automation and response (SOAR) replace security information and event management (SIEM)? While the two technologies share some common components, they serve different purposes. As security teams look to modernize their security operations center (SOC) to meet the demands of cloud environments, automation is the key priority. To that end, it’s vital to understand the roles of both SIEM and SOAR.

The terms "IT security network" and "cyber security network" are often used interchangeably, but there is a big difference between the two. An IT security network is focused on protecting your organization's computer systems and data from unauthorized access, while a cyber security network is designed to protect your entire organization from cyber attacks, including those that target your physical infrastructure.

Emotet, one of the most pervasive and destructive botnets in use today, first appeared in 2014. Despite its age, Emotet is still going strong and shows no signs of disappearing anytime soon.

Security and productivity are two key areas of priority for any business leader. With the current trends in cybersecurity and remote work, companies want to provide access to capabilities that the digital workforce needs, with minimal impact on their experience and minimal risk. In the search for a good balance between data security and productivity, is cybersecurity awareness training enough? Some even find it a challenge.

Organizations can create a level of greater trust between digital businesses and their customers by using sophisticated bot management solutions, as we understand from a recent Gartner ® report. ‘Don’t Treat Your Customer Like a Criminal’, by Gartner analysts Tricia Phillips, Jonathan Care and Akif Khan, is available for a complimentary download from the Netacea website until 31st July 2022.

From day one, Snyk’s vision has been to enable development and security teams across the world to develop fast while staying secure. A key component of this vision is ensuring our customers feel confident in using our developer security platform. This is why we place the utmost importance on keeping our customers’ data safe and helping them address their security and compliance requirements.

When we think of “authentication” for our applications, most of us think of user registration, a login form, and resetting passwords. Our concerns begin and end there. But as we dive deeper and our security and compliance requirements change over time, we have to consider new password hashing algorithms, blocking bots, multi-factor authentication, and external identity providers. What started as a clear, concise set of requirements became an ever-growing list.