DevOps Pushes Agile to IT's Limits
Software engineering is changing and DevOps is at the heart of it. An organization's ability to be responsive to the business requires better collaboration, communication, and integration across IT.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
UpGuard
Cyber Risk Product Update: May 2018
It's been a busy month for the CyberRisk product team! We're proud of this release, and can't wait to share the details with you. All these new features are immediately available to CyberRisk customers.
2 BitSight Alternatives for Managing Cyber Risk
If you’re involved in IT risk or security, you’ve probably encountered BitSight. It is one of a wave of promised solutions to a growing problem: how to manage the risks posed by your IT vendors in the cloud. The legacy approach to solving this problem is a combination of spreadsheet-based vendor assessments, sporadic penetration tests and vulnerability scans. If you combine this with subjective measurement and scoring of risk, you are probably taking on a lot more risk than you should.
The Best Way to Measure Cyber Risk
The specialized nature of cyber risk requires the translation of technical details into business terms. Security ratings and cyber risk assessments serve this purpose, much like a credit score does for assessing the risk of a loan. But the methodologies employed by solutions in this space vary greatly, as do their results.
Minimizing Cyber Risk in Microsoft Environments
Microsoft’s enterprise software powers the majority of large environments. Though often hybridized with open source solutions and third party offerings, the core components of Windows Server, Exchange, and SQL Server form the foundation of many organizations’ data centers. Despite their prevalence in the enterprise, Microsoft systems have also carried a perhaps unfair reputation for insecurity, compared to Linux and other enterprise options.
DevOps Lessons for CIOs
There is no doubt that the DevOps movement has gone mainstream. When even IBM and HP are dedicating sites to it there is no longer any question. If we were to place it on the Gartner Hype Cycle even the most devoted proponents would have to admit that it's rapidly approaching the "Peak of Inflated Expectations".
BreachSight: an Engine for Securing Data Leaks
When we began building a Cyber Risk Research team at UpGuard, we knew there were unavoidable risks. We would be finding and publishing reports on sensitive, exposed data in order to stanch the flow of such private information onto the public internet. It seemed likely the entities involved would not always be pleased, particularly as the majority of the exposures we discovered would be attributable to human error and/or internal process failures.
Vendor Risk: The Hidden Challenge of GDPR Compliance
The European Union’s GDPR regulations go into effect in May of this year. In essence, GDPR is a strict data privacy code that holds companies responsible for securing the data they store and process. Although GDPR was approved in April 2016, companies affected by the regulations are still struggling to reach compliance by the May 2018 deadline.
How UpGuard Monitors Linux Systems for Meltdown and Spectre
Meltdown and Spectre are critical vulnerabilities affecting a large swathe of processors: “effectively every [Intel] processor since 1995 (except Intel Itanium and Intel Atom before 2013),” as meltdownattack.com puts it. ARM and AMD processors are susceptible to portions of Meltdown, though much less at risk than the affected Intel hardware. Exploiting Meltdown allows attackers to access data from other programs, effectively allowing them to steal whatever data they want.
Securing GitHub Permissions with UpGuard
GitHub is a popular online code repository used by over 26 million people across the world for personal and enterprise uses. GitHub offers a way for people to collaborate on a distributed code base with powerful versioning, merging, and branching features. GitHub has become a common way to outsource the logistics of managing a code base repository so that teams can focus on the coding itself.