Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cybersecurity assessment.
You work hard to produce quality applications on tight deadlines, and like every other development team out there, that often means relying on open source code to keep projects on track. Having access to plug-and-go code is invaluable when you’re racing the clock, but the accessibility of open source libraries comes with a caveat: increased risk.
Last month, members of the Elastic Security team hosted a threat hunting capture the flag (CTF) event at BSides SATX. We provided the community with an environment to learn and practice threat hunting with our team, and cultivated new relationships with attendees. By sharing information with security practitioners, we can help prepare them to defend their organization’s data from attack through knowledge transfer.
Free and open source software (FOSS) components have become the basic building blocks of our software products, helping today’s developers build and ship innovative products faster than ever before. Many developers tend to forget that while open source licenses are free, they still come with a set of terms and conditions that users must abide by.
As the COVID-19 pandemic rages on, many educational institutions have been forced to shift their on-campus classes to online classes. Various EdTech platforms have also launched free classes that have prompted students to try their hands on digital education. With more students turning to online learning than ever, these platforms have emerged as a lucrative target for cybercriminals.
The Cybersecurity Framework (CSF) was developed by the National Institute of Standards and Technology (NIST), a division of the U.S. Department of Commerce. This framework was created through collaboration between various private-sector and government experts to provide high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes.
5G is here and changing the way business is done. With this comes an increase of devices to take advantage of low latency and high bandwidth that will allow businesses to truly transform. Because of those devices, the attack surface is also rapidly expanding and will increase opportunities for bad actors. This new wave of endpoints presents both a business opportunity and a business risk. The need for proper endpoint protection is more important today than ever before!
It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us. If you don’t believe me, just take a look at the news. Last month, Virginia-based cybersecurity firm GRIMM announced that they had found a vulnerability that affects many Netgear home WiFi routers. The cause? Outdated firmware that allows remote users to access the administrative systems in these routers.
I sometimes wish someone with gravitas had said, “There is no content without security.” That would have looked good coming from Churchill or Lincoln. But their lack of foresight about content services doesn’t diminish a very important fact, one that carries its own brand of import: the importance of security and governance for a company’s critical data.
