Bring your own device (BYOD) describes the practice of using a personal device such as a smartphone or tablet to conduct business on an organization's network or with its data. Organizations constantly walk a tightrope with their BYOD policies to balance employee productivity and satisfaction against the effective management of cybersecurity risks.
Maximizing the value of your application security (AppSec) analytics not only provides a window into whether or not you’re meeting security requirements but also it helps you prove your ROI. That can be a challenge for a lot of organizations – when stakeholders are not close to the data, they may miss milestones like hitting goals for reducing security debt or even how much AppSec program has matured by data.
A critical vulnerability in Instagram’s Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. The security hole, which has been patched by Instagram owner Facebook, could be exploited by a malicious hacker simply sending their intended victim a boobytrapped malicious image file via SMS, WhatsApp, email or any other messaging service.
API gateways have become a standard component in modern application architectures. The gateway exposes application APIs to the Internet and serves as a logical place to enforce policy. This is a two-part series about enforcing API authorization policies in Apigee with Okta as the identity provider (IdP).
Containers have become very popular with DevOps as a way to increase speed and agility. However, with recent reports of hackers utilizing vulnerabilities in Docker container images to compromise hosts and launch malicious containers – how can we identify this at the time of development to prevent security costing us later?
TLS is the most important protocol for secure communication with web sites and cloud services. Any vendor with ambitions in the SASE (Secure Access Service Edge) market has to be able to proxy TLS at scale. That requires considerable sophistication in terms of designing the computing and networking infrastructure for a SASE “security cloud,” but it also requires attention to the details of TLS itself.
Not too long ago, the desktop computer was the primary computing device for enterprise employees. With the rise of mobile endpoints like smartphones, laptops and tablets, employees are connecting to corporate networks from a wide variety of places and devices. Today, especially with the popularity of the WFH (work from home) model, managing the multitude of mobile devices is more complicated than ever before. The statistics tell a sobering tale.
IDC recently published the IDC MarketScape: Worldwide Managed Security Services 2020 Vendor Assessment, in which primary author Martha Vazquez and team studied 17 organizations that offer MSS globally. The report provides a comprehensive look at the top MSSP vendors, including AT&T Cybersecurity, and how managed security services are evolving to meet the needs of customers today.
Earlier this month, the Federal Energy Regulatory Commission (FERC) published a joint report entitled “Cyber Planning Response and Recovery Study” (CYPRES) in partnership with the North American Electric Reliability Corporation (NERC) and eight of its Regional Entities (REs) in order to review the methods for responding to a cybersecurity event.
