Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Concerns and Challenges for Effective Cloud Security

In July 2019, Capital One made news headlines not for achieving another milestone but because it had been breached. Capital One was using AWS cloud services, as many businesses are doing nowadays. The problem stemmed (in part) because Capital One had a misconfigured open-source Web Application Firewall (WAF) hosted in the cloud with Amazon Web Services (AWS).

Building a Better Workflow - Procore and Egnyte for the Construction Industry

Egnyte For Procore from Egnyte on Vimeo The construction industry is a field that requires a tremendous amount of collaboration. On any given day, a superintendent or foreman will read, revise, and share project-specific drawings, RFIs, submittals, change orders, and photos. With Egnyte and Procore, project managers can now review, revise, share, and approve of any needed documents captured by foremen and superintendents.

Protecting your GCP infrastructure at scale with Forseti Config Validator

One of the greatest challenges customers face when onboarding in the cloud is how to control and protect their assets while letting their users deploy resources securely. In this series of four articles, we’ll show you how to start implementing your security policies at scale on Google Cloud Platform (GCP). The goal is to write your security policies as code once and for all, and to apply them both before and after you deploy resources in your GCP environment.

The Top 10 Highest Paying Jobs in Information Security - Part 1

Given a surge in digital threats like ransomware, it is no surprise that the field of information security is booming. Cybersecurity Ventures estimates that there will be 3.5 million job openings across the industry by 2021. Around that same time, the digital economy research firm forecasted that global digital security spending would exceed one trillion dollars.

How Will the CMMC Impact My Business and How Can We Prepare? Part 1 of 3

In June of this year, my colleague Tom Taylor wrote about the DoD’s announcement to instate the Cyber Security Maturity Model Certification (CMMC) and elaborated on the fact that, with the CMMC, the DoD appears to be addressing our customers’ core compliance pain points: Since its announcement in May, the DoD kicked-off a “listening tour” to solicit feedback from the Defense Industrial Base sector, according to the CMMC website.

Hacker prevention: tips to reduce your attack surface

These days it seems that every time you open your favorite news source there is another data breach related headline. Victimized companies of all sizes, cities, counties, and even government agencies have all been the subject of the “headline of shame” over the past several months or years.

GDPR One Year Anniversary: The Civil Society Organizations' View

GDPR is a landmark in privacy jurisdiction. Through its 99 articles, it sets a framework for both businesses and individuals on their rights and responsibilities when it comes to protecting privacy. The most important element in my opinion is that privacy functions a fundamental human right and needs to be protected.

What is CSIRT? What are CSIRT Roles and Responsibilities?

What is CSIRT? CSIRT (pronounced see-sirt) refers to the computer security incident response team. The main responsibility of the CSIRT is to expose and avert cyber attacks targeting an organization. As the number of cyber threats grow each and every day, the importance of having a security team that is solely focused on incident response (IR) is fundamental.

What is the Dark Web?

The dark web is a collection of websites that exist on encrypted darknet, overlay networks that can't be found by search engines or visited with traditional web browsers. Almost all websites on the dark web require special software (like the Tor browser), configurations or authorization to access. One common misconception is the confusion between the dark web and the deep web. The dark web makes up a small part of the deep which, the part of the Internet that is not indexed by search engines.