Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A Complete Step-by-Step Guide to Achieve AI Compliance in Your Organization

AI compliance has become a pivotal concern for organizations in a rapidly evolving technological landscape. It is inconceivable to overlook the growing importance of AI compliance, particularly for entities deeply entrenched in AI operations. It involves an intricate intersection of legal, ethical, and regulatory dimensions, emphasizing the need for a cohesive approach to ensure comprehensive AI compliance.

Introducing the Salt Developer Portal: Unleash the Power of Automating API Security

AppSec leaders and security practitioners, rejoice! Automating your security practices using Salt Platform APIs is now easier than ever, empowering developers to integrate APIs quickly and efficiently while helping reduce risk. The newly launched Salt Developer Portal is your one-stop hub for all API security automation needs.

DevSecOps in an AI world requires disruptive log economics

We’ve been talking about digital transformation for years (or even decades?), but the pace of evolution is now being catapulted forward by AI. This rapid change and innovation creates and relies upon exponential data sets. And while technology is rapidly evolving to manage and maintain these massive data sets, legacy pricing models based on data ingest volume are lagging behind, making it economically unsustainable.

Protecting APIs with JWT Validation

Today, we are happy to announce that Cloudflare customers can protect their APIs from broken authentication attacks by validating incoming JSON Web Tokens (JWTs) with API Gateway. Developers and their security teams need to control who can communicate with their APIs. Using API Gateway’s JWT Validation, Cloudflare customers can ensure that their Identity Provider previously validated the user sending the request, and that the user’s authentication tokens have not expired or been tampered with.

Secure your unprotected assets with Security Center: quick view for CISOs

We understand that one of the significant hurdles faced by our customers, especially larger organizations, is obtaining a clear view of the deployment of Cloudflare services throughout their vast and complex infrastructures. The question isn't just whether Cloudflare is deployed, but whether it's fully optimized across every asset and service. Addressing this challenge head-on, we're rolling out a new feature set designed to provide better visibility and control over your security posture.

Securing Cloudflare with Cloudflare: a Zero Trust journey

Cloudflare is committed to providing our customers with industry-leading network security solutions. At the same time, we recognize that establishing robust security measures involves identifying potential threats by using processes that may involve scrutinizing sensitive or personal data, which in turn can pose a risk to privacy. As a result, we work hard to balance privacy and security by building privacy-first security solutions that we offer to our customers and use for our own network.

Why you should be concerned about the largest phishing attack on Azure so far, and what you can do about it

Azure customers are facing the biggest threat to their privileged accounts. A cybersecurity firm has identified the spread of a new phishing campaign aimed at privileged users like sales directors, account managers, finance managers, vice presidents, presidents, chief financial officers, and CEOs. The campaign’s first set of attacks started around November 2023 and is still a looming threat. The good thing is that you can safeguard against and mitigate this attack.

What is Privileged Identity Management?

Every organization has to assign privileges to its user accounts. Good security practice requires each account to have only the privileges necessary for the role it’s assigned to. Ideally, that means only a few accounts have wide-ranging privileges capable of significantly changing the organization’s security configuration. These typically include systems administrators, database administrators, and service accounts. These accounts are especially vulnerable to security and compliance risks.

Elastic introduces Elastic AI Assistant

Elastic® introduces Elastic AI Assistant, the open, generative AI sidekick powered by ESRE to democratize cybersecurity and enable users of every skill level. The recently released Elasticsearch Relevance Engine™ (ESRE™) delivers new capabilities for creating highly relevant AI search applications. ESRE builds on more than two years of focused machine learning research and development made possible through Elastic’s leadership role in search use cases.