It seems that the most popular topics in cybersecurity for the last year has been zero trust as well as the convergence of Information Technology (IT) and Operational Technology (OT). These developments are good, as they signal some positive motion towards better overall security. Some of the current risks are worth noting, with a forward glance to protecting specific industries such as oil and gas production plants.

The third annual Devo SOC Performance ReportTM shows that working in a security operations center continues to be painful. Based on an independent survey of more than 1,000 global cybersecurity professionals commissioned by Devo and conducted in September 2021, the report examines current SOC trends and challenges.

With drones now capable of massive cluster displays at events like the Olympics opening ceremony, and being used in sectors like healthcare, what role does cybersecurity play in making these devices safe? In this month’s episode of the Cybersecurity Sessions podcast, Andy talks to drone pilot and experienced cybersecurity expert Frank Jones about the emerging technology of drones, their growing list of use cases and how important security is in their wider adoption.

Effective software supply chain risk management requires security measures throughout the entire supply chain. Risk management is a well-understood part of business. Personified, risk management would be a dusty, gray man with a gray beard who asks questions that make you uncomfortable. Risk management is about understanding threats to your business and figuring out how you will deal with them.

SOAR use cases come in all shapes and sizes, but almost all of them rely on threat intelligence to determine the risk posed by the various indicators in the event. Our two new community playbooks leverage Splunk Intelligence Management (previously TruSTAR) to gather intelligence about indicators and enable rapid manual response by an analyst within a single prompt.

The onslaught of the COVID-19 pandemic brought about many changes and disruptions in cybersecurity. Organizations globally shifted to remote work scenarios to enable their employees to work from the comfort of their homes. Since this was a sudden decision, many organizations lacked resources to ensure security while users were operating from locations across the world. These redefined security perimeters provided leeway for bad actors to perform cyberattacks.

Even if you tried VERY hard to enjoy a quiet weekend, chances are that this plan was interrupted at least once by the new Log4Shell zero-day vulnerability that was disclosed on Friday (December 10, 2021). The new vulnerability was found in the open source Java library log4j-core which is a component of one of the most popular Java logging frameworks, Log4J.

Styra Declarative Authorization Service (DAS), both SaaS and self-hosted, as well as Open Policy Agent (OPA), are not affected by the Log4j security vulnerability. The newest Apache Log4j Java-based logging utility vulnerability (CVE-2021-44228) was disclosed to Apache by Alibaba's Cloud Security Team on November, 24 2021 by Chen Zhaojun and published on December, 9 2021.

Cybercriminals are continuously finding new ways to steal sensitive information. Having robust network security measures in place is now more important than ever — and network authentication is part of the solution. There are various authentication technologies available that can add an extra layer of protection to prevent security lapses, and each one offers a unique solution. This post will highlight the most common methods for network authentication and answer the following questions.