Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The number of missing security patches in an OT system is typically very large—measured in the thousands, at least. It would be difficult and expensive for an asset owner to evaluate each missing security patch / cyber asset pair. This may be one reason we see a patch everything approach, but this is also difficult and expensive. In fact, assessments show this is rarely done even where required by policy.

If you’re a Tripwire® Whitelist Profiler customer, then you know that the software does an excellent job of executing its core functionalities. These include comparing the running state of a machine to the approved and expected configurations in your environment to stay in compliance with audit and internal policies. Although Whitelist Profiler is proficient in this regard, that doesn’t mean it can’t be improved in other capacities such as ease of use.

CISA issues ‘Shields Up’ alert to warn US companies about potential Russian hacking attempts to disrupt essential services and critical infrastructure as the Russia-Ukraine crisis escalates. Get ahead of the situation with essential information.

AIOps or Artificial Intelligence for IT Operations refers to a set of technologies that augment human decisions with autonomous decisions driven by AI and machine learning that learn patterns, relationships from data. AIOps is the term originally coined by Gartner, and pictorially illustrated in the following way.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week let’s zoom in on Privacy Enhancing Technologies (PETs), which deals with the common, yet pressing concern of data privacy and security. Illustrated by Balaji K R

Conversations about consumer data privacy grow louder each year, with the news headlines to match. Trust in the technology sector is now at an all-time low and customers are increasingly concerned about the privacy of their personal information. It’s become a serious topic that all business owners need to follow, not just security specialists and tech bloggers.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I think most of us will remember the big crypto heists, well here is a fascinating article where the criminals thought leaving the proceeds dormant for a few years would eventually lead to no one caring about recovery. Spoiler: They were wrong….

Industrial companies worldwide are adopting capabilities that allow for remote operations. The pandemic has led companies to consider how they can reduce an onsite workforce while continuing with normal operations. Likewise, the worker shortage is leading companies to think in terms of a flexible workforce that may include remote staffing and flexible resourcing.

There are essentially four ways you can implement passwordless SSH access. SSH certificate-based authentication, SSH key-based authentication, SSH host-based authentication, or using a custom PAM module that supports out-of-band authentication. If you want to live dangerously, there’s also a fifth method of passwordless access — disable authentication at all. But that’s not who you are!