As I’m writing this blog, malicious actors are actively exploiting vulnerabilities in the Microsoft Exchange Server software. These were zero-day exploits, which means that even organizations that were diligent in their patching were vulnerable. So far the estimates are that more than 60,000 organizations have been compromised.

The purpose of every security team is to provide confidentiality, integrity and availability of the systems in the organization. We call it “CIA Triad” for short. Of those three elements, integrity is a key element for most compliance and regulations. Some organizations have realized this and decided to implement File Integrity Monitoring (FIM). But many of them are doing so only to meet compliance requirements such as PCI DSS and ISO 27001.

As enterprises fast track cloud adoption plans without security considerations, we’ve seen the dangers of cloud misconfigurations and how it continues to cost millions in lost data and revenue for failure to comply. In this blog we’ll explain how to spot the telltale signs and secure your clouds with adequate Cloud Security Posture Management (CSPM).

IT teams live in dynamic environments and continuous integration/continuous delivery has been on high demand. In the dynamic environment, DevOps and underlying technologies such as containers and microservices, continue to grow more dynamic, and complex. Now, just like DevOps, observability has become a part of the software development life cycle.

Cloud API logs are a significant blind spot for many organizations and often factor into large-scale, publicly announced data breaches. They pose several challenges to security teams: For all of these reasons, cloud API logs are resistant to conventional threat detection and hunting techniques.

The Cybersecurity Excellence Awards honor individuals, products and companies that demonstrate excellence, innovation and leadership in information security. Awards are given out based on a combination of the strength of individual nominations and a popular vote by members of the information security community. We were winners in the following categories: We also received a silver award in the Best Cybersecurity Company – Europe category.

Compliance management ensures that an organization’s policies and procedures align with a specific set of rules. The organization’s personnel must follow the policies and procedures to ensure compliance with the set of rules. These rules are based on legal, regulatory, and industry standards.The goal of the compliance management program is to reduce an organization’s overall risk of non-compliance with the legal, regulatory, and industry standards that apply to the business.

In 2013, the U.S. President, Barack Obama, passed an order to boost cybersecurity. The order required the development of a risk-based cybersecurity framework for managing cybersecurity risks for essential infrastructure services. A framework was later developed through an international partnership between small and large businesses spearheaded by the National Institute of Standards and Technology (NIST). Here is a look at the NIST Cybersecurity framework and why it is essential.

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

Amazon’s AWS Systems Manager, better known as SSM to long-time AWS users, was announced at the end of 2017, replacing the similarly named EC2 Systems Manager that had launched a year prior. Similar to other AWS products, System Manager provides a broad spectrum of features instead of a focused and opinionated product.