Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security operations and large-scale conferences have more in common than you'd think: too much noise, too many tools, and insufficient clarity. Both can leave you overwhelmed with information as you sort through one acronym or bold claim after another, only to end up with more questions than answers. RSA Conference is no exception. Booths are packed with AI promises and buzzwords, but there’s little visibility into how anything works.

Security measures aren’t keeping pace with the rate at which new technology is going to market. One of the fastest-growing segments of technology, the Internet of Things (IoT) — which includes webcams, smart thermostats, wearable health trackers, and other smart objects — is capturing the industry’s attention and growing rapidly. By 2030, the number of connected IoT devices is expected to grow to 40 billion.

Supply chain attacks, particularly those targeting continuous integration/continuous delivery (CI/CD) pipelines, are on the rise. It’s easy to think of these attacks as something that only happens to others, but the reality is that your organization is part of the supply chain too. Whether your company develops software for internal use, offers it as part of a service to your customers, or sells it as a product, you’re exposed.

In a recent and sophisticated cyberattack, the Akira ransomware group leveraged an unsecured Linux-based webcam to infiltrate a corporate network. By exploiting this overlooked IoT device, the attackers successfully bypassed traditional Endpoint Detection and Response (EDR) solutions, ultimately encrypting network shares and causing widespread damage.

Cybersecurity frameworks often feel as exciting as tax codes and instruction manuals, useful but not exactly captivating. Yet, the MITRE ATT&CK framework has managed to capture the attention of security professionals worldwide by mapping out adversary tactics, techniques, and procedures (TTPs). Many organizations don’t operationalize MITRE ATT&CK’s potential fully, using the framework in predictable ways. But it doesn’t have to be that way.

AI is transforming industries at an unprecedented pace. From generative AI tools revolutionizing creative work to AI assistants reshaping enterprise workflows, one thing is clear: this technology is no longer a nice-to-have; it’s a must-have. But what about DevSecOps - the teams tasked with safeguarding our modern apps and infrastructure and ensuring their reliability?

Cyber threats are relentless, sophisticated, and growing. To stay ahead, you can no longer treat threat intelligence as an optional tool—it’s the backbone of a proactive, defense-ready strategy. Threat intelligence feeds bring crucial insights to security teams, from high-level trends to detailed indicators of compromise (IoCs). But no single feed can capture every potential threat. Threat landscapes evolve rapidly and adversaries employ diverse techniques and targets.

As small and mid-sized businesses (SMBs) across Asia adopt cloud technologies to accelerate growth, securing your cloud infrastructure becomes a significant challenge. The complexities of managing cloud environments, regulatory compliance, and ensuring real-time threat detection require robust solutions that are both scalable and cost-effective.

It wasn’t too many years ago that only large-scale organizations and enterprises were compelled to worry about cybersecurity. They were the primary targets for malicious actors, and so they seemed to be the only ones thinking about defense. But just like most things, that has completely changed. Small and medium-sized businesses are just as vulnerable to cyberattacks. Without the size and resources to bring security in-house, most turn to managed security service providers (MSSPs) for help.

Palo Alto Networks acquired IBM QRadar SaaS assets, leaving several organizations in limbo and uncertain about the future of their security information and event management (SIEM). Security teams grapple with a complex and potentially disruptive transition as Palo Alto Networks pushes and even mandates migration to its relatively new XSIAM platform.