Keeping Secrets Out of Logs: Strategies That Work
tl;dr: There's no silver bullet for keeping secrets out of logs, but if we put several "lead bullets" in the right places, we have a good chance of success.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Understanding Cybersecurity for SCADA
Industrial facilities increasingly rely on interconnected systems to improve operations. As they implement these technologies into their legacy environments, they create new cybersecurity risks within previously isolated Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) by connecting them to public internet-facing applications.
APIs: The Silent Highway for Sensitive Data
Think about how your banking app connects to payment processors or how your healthcare provider’s system shares records securely – APIs have become essential for modern digital interactions, enabling applications to communicate and share data effortlessly. However, this convenience comes at a cost: APIs often handle vast amounts of Personally Identifiable Information (PII), making them prime targets for API data exfiltration.
Unlock Seamless Log Shipping via Integration with Microsoft Sentinel
In today’s security landscape, visibility and real-time insights into your organization’s data are critical for effective threat hunting and incident management. To meet these needs, Netskope has developed a native integration with Microsoft Sentinel using the Codeless Connector Platform—allowing organizations to easily stream all CASB alerts, DLP incidents, and threat logs into Microsoft’s cloud-native SIEM.
Intro to Cisco Secure Application in Splunk AppDynamics
Welcome to this in-depth introduction to Cisco Secure Application in Splunk AppDynamics. In this video, I’ll walk you through how Cisco Secure Application seamlessly integrates with your existing Splunk AppDynamics APM agents to provide real-time security monitoring. We’ll first review the high-level architecture of Cisco Secure Application, and then I’ll show you how to use the Cisco Secure Application dashboard to monitor the security status of applications, business transactions, libraries, vulnerabilities, attacks, and observations.
Monitoring for PCI DSS 4.0 Compliance
Any company that processes payments knows the pain of an audit under the Payment Card Industry Data Security Standard (PCI DSS). Although the original PCI DSS had gone through various updates, the Payment Card Industry Security Standards Council (PCI SSC) took feedback from the global payments industry to address evolving security needs.
Harness Data to Prevent Fraud with Splunk and AWSSPLUNK_AWS_FRAUD_11202024 (1)
In this webinar, you will learn about the influence of data-driven technology on fraud detection and prevention. You will discover how businesses can use AI, machine learning, and big data analytics to proactively identify hazards and monitor transactions in real time. The workshop will provide useful insights into cutting-edge solutions that improve customer security and protect sensitive information, as well as practical tactics and case studies for successfully combating fraud.
Why API Discovery Is Critical to Security
For Star Trek fans, space may be the final frontier, but in security, discovering Application Programming Interfaces (APIs) could be the technology equivalent. In the iconic episode “The Trouble with Tribbles,” the legendary starship Enterprise discovers a space station that becomes overwhelmed by little fluffy, purring, rapidly reproducing creatures called “tribbles.” In a modern IT department, APIs can be viewed as the digital tribble overwhelming security teams.
M-21-31 logging compliance: Where are we now?
How US federal agencies can better meet advanced event logging requirements For the past four years or so, US federal agencies have been working to comply with the requirements set out in OMB M-21-31. Released in 2021, the Office of Management and Budget (OMB)’s M-21-31 memorandum provided guidance and requirements for federal agencies in order to improve centralized visibility into logging data before, during, and after cybersecurity incidents.
FERC and NERC: Cyber Security Monitoring for The Energy Sector
As cyber threats targeting critical infrastructure continue to evolve, the energy sector remains a prime target for malicious actors. Protecting the electric grid requires a strong regulatory framework and robust cybersecurity monitoring practices. In the United States, the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) play key roles in safeguarding the power system against cyber risks.