New technologies often require changes in security practices. What is remarkable about containers and Kubernetes, is that they also provide the potential for enhancing and improve existing security practices. In this post, I will share a model that we use at Nirmata to help customers understand security concerns and plan Kubernetes implementations that are secure.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. It’s been a while since we had reports of a Node.Js module repo tainting, this time though, it appears that its Ruby’s turn to suffer along with Google scoring an own goal. Trust in the code library supply chain shows once again that mistakes can have a wide ranging impact. I don’t have any solutions. Does anyone?
Vulnerability Management is a much-talked-about practice in the IT security industry. Whether it is the debate on vulnerability scoring, how to implement a suitable vulnerability management program based on your own resources or even trying to convince leadership a vulnerability management solution alone won’t solve all your cybersecurity issues, the debate is still strong.
Cyber space is continuously evolving and so are the attack techniques employed by the attackers to harm a business, whether financial or reputational. With the increased malicious activities on the internet, cyber security is not a 9-to-5 job anymore. It requires continuous security monitoring of your organization’s technical infrastructure so that even if a security incident occurs, it is contained immediately and mitigated without causing large-scale damage to the organization.
Being a compliance manager can sound tedious to a lot of people. When people think about compliance, they often think in terms of checking boxes on audit forms. However, compliance management is more like putting together a puzzle without having the cover picture. Compliance issues come from a variety of regulations and industry standards, often overlapping while sometimes being disconnected.
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
You would be hard-pressed these days to remain ignorant of the growth of ransomware incidents experienced by organizations large and small. We’ve seen a ton of press around these events, from CryptoLocker to WannaCry. The impact of this type of malware is newsworthy.
Picture this. You are a young and thriving architecture and engineering firm with over 160 employees in 13 offices across the US. You handle national rollouts for some of the most recognizable restaurants, big box chain retail stores, banks, and grocery stores.
Your reputation is one of the most powerful assets you can have as a successful businessperson. Having a reputation for honesty and quality can be the key to locking down major clients or building a standing in a fledgling market. Alternatively, having a poor reputation can be detrimental to the point of completely running you out of business.
Some believe that “whatever can be automated, should be automated” and in general benefits include faster production, consistency in product and quality, rolling back from failures and all allowing employees to focus on more creative and analytical tasks. The same can be said for the automation of quality assurance and security of developer coding and programming.
