Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

splunk

SOC Metrics: Security Metrics & KPIs for Measuring SOC Success

May 18, 2023 By Shanika Wickramasinghe In Splunk
The Security Operations Center (SOC) is the central unit that manages the overall security posture of any organization. Knowing how your SOC is performing is crucial, so security teams can measure the strength of their operations. This article describes SOC metrics, including their importance, common SOC metrics, and the steps SOC teams can take to improve them.
Read Post
Trustwave

When User Impersonation Features In Applications Go Bad

May 18, 2023 By Tom Neaves In Trustwave

A user impersonation feature typically allows a privileged user, such as an administrator, but typically these days, support teams, to sign into an application as a specific user without needing to know the user’s password. This feature allows support teams to see the application as the user would see it, often in relation to following a user journey in the context of that user, in order to see the same error message a user is receiving with a view to resolving the issue.

Read Post
tigera

Case study: Calico Enterprise empowers Aldagi to achieve EU GDPR compliance

May 18, 2023 By Suki Lam In Tigera

Founded in 1990, Aldagi is Georgia’s first and biggest private insurance firm. With a 32% market share in Georgia’s insurance sector, Aldagi provides a broad range of services to corporate and retail clients. With the onset of the pandemic in 2019, Aldagi wanted to make its services available to customers online. To this end, the company adopted an Agile methodology for software development and re-architected its traditional VM-based applications into cloud-native applications.

Read Post

Trusting your Software Supply Chain Security with DevOps Agility

May 18, 2023 By JFrog In JFrog
At RSA 2023, JFrog spoke with security experts about their current challenges and focus areas. With increasing scrutiny on the vulnerability of open-source, and blindspots in their Software Supply Chain (SSC) it was no surprise to hear that SSC attacks have become a top concern. But with so many vulnerabilities to fix, the need for heavy manual efforts, and a plethora of complex AST security tools to navigate, security experts say that securing the SSC can feel like an overwhelming task.
View Video
tripwire

Risk Tolerance: Understanding the Risks to your Organization

May 18, 2023 By Rita Nygren In Tripwire

‘A ship in port is safe, but that's not what ships are built for,’ said Dr. Grace Hopper, Rear Admiral of the US Navy and a computer pioneer. As soon as the ship leaves the harbor, or even the dock, there are risks. Depending on conditions and purposes, the ship's crew might decide they are negligible, that they can be recovered from, or that the potential rewards are worth the risk. The same ideas can be applied to computers.

Read Post
vanta

Fitting incident management into the SOC 2 puzzle

May 18, 2023 By Vanta In Vanta

In today’s business landscape, security and compliance mean everything. ‍ Because of this, many modern businesses look towards solutions that will provide customers and prospects with the most confidence and trust. One of these is SOC 2 compliance and attestation. SOC 2 is a marker of solid and consumer-minded companies that want to protect customer data.

Read Post

Stopping API attacks with Salt Security and AWS WAF

May 18, 2023 By Salt Security In Salt Security
Every company’s APIs are unique and so are its security gaps. Bad actors will poke and prod to learn your APIs and find mistakes in business logic they can exploit. Catching these attacks requires context and deep behavioral analysis over time. With its recent AWS WAF Ready designation, Salt Security makes it easier and faster for businesses to protect the APIs running in their AWS environments. Salt provides the visibility, intelligence, and context over time to identify and block attacks using tools you already rely on such as Amazon API Gateway, AWS WAF, and other inline enforcement points.
View Video
knowbe4

Phishing Tops the List Globally as Both Initial Attack Vector and as part of Cyberattacks

May 18, 2023 By Stu Sjouwerman In KnowBe4

A new report covering 13 global markets highlights phishing prevalence and its role in cyber attacks when compared to other types of attacks. It’s difficult for me not to stand on my “phishing is a problem” soapbox when there exists stories and reports demonstrating that phishing continues to dominate as a security problem that isn’t being properly addressed.

Read Post
knowbe4

New "Greatness" Phishing-as-a-Service Tool Aids in Attacks Against Microsoft 365 Customers

May 18, 2023 By Stu Sjouwerman In KnowBe4

This new phishing toolkit is rising in popularity for its effective realism in impersonating not just Microsoft 365, but the victim organization as well. Security researchers at Cisco Talos have identified a new Microsoft 365 toolkit that actually creates a realistic login experience for the victim user, making it more dangerous to organizations.

Read Post
Arctic Wolf

Phishing Threat From New .zip Top-Level Domain

May 18, 2023 By James Liolios In Arctic Wolf
On Wednesday, May 3, 2023, Google introduced eight new top-level domains (TLD) available for purchase and that could be used with websites and/or email addresses. From these eight new TLD’s, one that stands out as a potential security risk is.zip. The.zip TLD is concerning since it is also used as an extension of files commonly shared over the internet. With the inclusion of.zip as a domain, email clients and web platforms will now accept URLs disguised as filenames with.zip extensions.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.