Privileged Access Management (PAM) is a subset of Identity and Access Management (IAM) that specifically addresses controlling access for users who work with the most sensitive systems and data within an organization, such as IT, information security and DevOps personnel. Among other tasks, PAM enforces the principle of least privilege, which grants users the minimum level of systems and data access they need to do their jobs.

On February 18, CISA has added the recently published Palo Alto Networks CVE-2025-0108 to the list of known exploited vulnerabilities. To date, according to GreyNoise, there are over 25 known distinct public sources attempting exploitation. Unmitigated, this vulnerability can lead to significantly weakened network defenses and open doors for data leakages, financial compromises, and ransomware down the road.

There was once a famous advertising tagline used in TV commercials. "But wait, there's more!" This line was used to sell knives that could cut through a soda can and stay sharp enough to slice a tomato, but now there is a more up-to-date situation where the line is still applicable. "You bought Microsoft 365, great!

The way we think about data security is changing. Organizations need to protect sensitive information while still making it accessible for innovation and business growth. But as cyber threats grow more sophisticated and regulations become more stringent, security teams face a major challenge. This is where Data Security Platforms (DSPs) come in—they provide a unified approach to safeguarding data, ensuring compliance, and reducing complexity.

Software supply chain security risks are mounting. As noted in Veracode’s State of Software Security (SoSS) report, organizations of all sizes are drowning in security debt, and a large portion of the critical debt can be attributed to third-party vulnerabilities.

Today's buyers are doing their homework—they want to know they can trust your business before they commit. According to Vanta’s latest State of Trust report, nearly 65% of companies say their customers, investors, and suppliers increasingly require proof of compliance before making a purchase. ‍

Organizations benefit from the speed of the cloud, but with great power comes great responsibility. An inadvertent cloud misconfiguration can leave the door open to bad actors. While cloud configuration issues most often stem from human error or lack of awareness, they are unfortunately a leading cause of data breaches.

Vulnerability management in the cloud is more challenging than ever. Security teams are drowning in vulnerability alerts, asked to deal with them quickly even as the list continues to expand. What they lack is a clear path to remediation. Legacy tools flood teams with critical alerts, while offering little guidance on which fixes will be most impactful. Vulnerability management isn’t just about identifying the biggest risks — it’s about taking decisive action.

Since 2008, the CIS Controls have been through many iterations of refinement and improvement leading up to what we are presented with today in CIS Controls version 8.1. CIS Controls reflect the combined knowledge of experts from every part of the ecosystem (companies, governments, and individuals). The controls reflect consideration by people in many different roles, such as threat analysts, incident responders, solution providers, policy-makers, and more.

In December 2024, Malaysia passed its Data Sharing Bill 2024, a new piece of legislation aimed at streamlining data-sharing across federal government agencies. This bill promises to revolutionize how data is managed, shared, and secured within Malaysia's government, fueling a more efficient, innovative, and secure public sector.