Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

OpenAI's GPT Store: What to Know

Many are speculating that at long last, OpenAI’s GPT store is set to go live this week. GPT builders and developers received an email on January 4th notifying them of the launch, which has been rumored for months, and likely only delayed due to the drama that has taken place at the company. This blog will summarize what this means for citizen development and how security teams should approach this new technological breakthrough from the AI giant.

Using Amazon SageMaker to Predict Risk Scores from Splunk

Splunk Enterprise and Splunk Cloud Platform, along with the premium products that are built upon them, are open platforms, which allow third party products to query data within Splunk for further use case development. In this blog, we will cover using Amazon SageMaker as the ISV product using the data within Splunk to further develop a fraud detection use case to predict future risk scores.

Secure AI System Development

Scientific progress in AI and downstream innovation to solve concrete real-world problems is part of a greater movement toward inventing Artificial General Intelligence (AGI). Broadly speaking, AGI is defined as an intelligent agent that can emulate and surpass human intelligence. Today, we are already familiar with incomplete forms of AGI: Despite these promising innovations moving from the scientific domain to consumer marketplaces, we are still far from achieving AGI.

How to use AWS and Vanta for identity and access management

This blog is part of a series about how to use Vanta and AWS to simplify your organization’s cloud security. To learn more about how to use Vanta and AWS, watch our Coffee and Compliance on-demand webinar. ‍ Amazon Web Services, or AWS, is one of the most popular cloud providers for organizations today — providing one of the most flexible and secure cloud environments available.

Trustwave Transfers ModSecurity Custodianship to the Open Worldwide Application Security Project (OWASP)

After serving as its steward for over a decade, Trustwave has agreed to transfer the reins of the renowned open-source web application firewall (WAF) engine, ModSecurity, to the Open Worldwide Application Security Project (OWASP). This landmark move promises to inject fresh energy and perspectives into the project, ensuring its continued evolution as a vital line of defense for countless websites worldwide.

Fuzzing and Bypassing the AWS WAF

The Sysdig Threat Research Team discovered techniques that allowed the AWS WAF to be bypassed using a specialized DOM event. Web Application Firewalls (WAFs) serve as the first line of defense for your web applications, acting as a filter between your application and incoming web traffic to protect against unauthorized or malicious activity. In this blog post, we will analyze one of the most commonly used Web Application Firewalls, the AWS WAF, and explain ways that allowed it to be bypassed.

Understanding Six Popular Azure Storage Types and Their Use Cases

The modern enterprise is all about the cloud. Digital transformation includes not only the adoption of cloud computing through application migration, but a transition from disk storage to cloud storage. Cloud storage has some key advantages over traditional disk storage, including the following: While there are multiple cloud storage options available today, including Amazon Web Services (AWS), Azure Storage is a logical choice for Microsoft Azure customers.

How to choose a security tool for your AI-generated code

“Not another AI tool!” Yes, we hear you. Nevertheless, AI is here to stay and generative AI coding tools, in particular, are causing a headache for security leaders. We discussed why recently in our Why you need a security companion for AI-generated code post. Purchasing a new security tool to secure generative AI code is a weighty consideration. It needs to serve both the needs of your security team and those of your developers, and it needs to have a roadmap to avoid obsolescence.

What is Data Residency? Importance, Regulations, Challenges, & How to Comply

The term “cloud” in the domain of IT infrastructure and computing conjures images of a rather abstract concept for storing data – most don’t know how it works and where it is located. A common misconception is that it lacks a physical location. This, however, is not true – cloud ecosystems operate from servers, and these servers always have a physical location.