Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cloud Threats Memo: Why Multi-Factor Authentication is a Must-Have

Despite the growing interest in cloud accounts by opportunistic and state-sponsored actors, too many organizations fail to implement basic security measures to protect their cloud apps, such as multi-factor authentication (MFA) for administrators and users. This is the concerning finding of a report recently released by Microsoft, according to which just 22% of Azure Active Directory customers implement strong authentication mechanisms such as MFA or passwordless authentication.

How federal agencies can revamp their mobile security posture

Cybersecurity is an increasing concern for the federal government, particularly with a larger remote workforce to manage than in the past. Changes in the distributed nature of IT networks make it even more critical to stay ahead of newer threats like ransomware and spyware. Lookout’s Vice President for Public Sector Tony D’Angelo, in a new CyberScoop interview, highlights the importance of reprioritizing mobile device security to establish a more secure network security posture. D’Angelo explains how mobile threat defense solutions help security leaders safeguard sensitive enterprise data from cyberthreats that exploit users, apps and devices. He also highlights endpoint detection and response strategies that elevate mobile security when implementing a zero-trust architecture. Watch the full interview with Tony D’Angelo and learn more about reprioritizing mobile device security to establish a more secure network security posture.

A Proof-of-Concept for API Caching at Egnyte

As Egnyte’s business and customer base grows, we have an engineering responsibility to provide data quickly and at high availability. In this blog I’ll recap one of those efforts—a proof-of-concept API caching project that serves our large folder listing capabilities and has future applications in other Egnyte services.

Open Source Cybersecurity: Towards a Democratized Framework

Today, anyone can contribute to some of the world’s most important software platforms and frameworks, such as Kubernetes, the Linux kernel or Python. They can do this because these platforms are open source, meaning they are collaboratively developed by global communities. What if we applied the same principles of democratization and free access to cybersecurity?

How to meet OMB's Zero Trust Strategy goals for IT, IoT and OT Devices

On Jan. 26, the Office of Management and Budget (OMB) published its widely anticipated final version of its zero trust architecture strategy, identifying top cybersecurity priorities for the federal government. This achievement raises the country’s cyber defense strategy to a level commensurate with the “increasingly sophisticated and persistent threat campaigns” it faces.

Five Critically Important Facts About npm Package Security

In 2021, the WhiteSource Diffend automated malware detection platform detected and reported more than 1,200 malicious npm packages that were responsible for stealing credentials and crypto, as well as for running botnets and collecting host information from machines on which they were installed.

Your Cell Phone and Your Identity: Keeping Your PII Safe

Have you considered how often your phone number has been shared? Most of us give out our cell phone numbers all the time – to friends, acquaintances, colleagues, and even big, monolithic, impersonal companies. We may even print them on business cards or list them on public forums. A cell phone is no longer just a way to contact someone to engage in conversation.

How to Protect Cloud Workloads from Zero-day Vulnerabilities

Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces. When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis, but even if they’re able to identify all impacted areas, the patching process can be cumbersome and time-consuming. As we saw with Log4Shell, this can become even more complicated when the vulnerability is nearly ubiquitous.