Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

opsdemon

Latest posts

From Phishing to Malware: How to Defend Against a Modern Kill Chain

Every day, threat actors devise new plans for breaking into secure systems. The steps they take, from researching a target to carrying out the attack, are known as the cyber kill chain. Traditionally, that kill chain has targeted devices and networks that lie completely within your organization’s control. For better or worse, mobile and cloud-based work have upended that dynamic.

Enhancing Security Posture: What Is Threat Hunting?

Organizations that work in the cloud face an increasing number of potential threats every day. Fortunately, automated detection and response can block many of these lower-level threats before they even require human attention. Unfortunately, that means the threats that evade automated defenses may be perpetrated by driven and sophisticated attackers — the kinds of threat actors who can infiltrate a system and remain undetected for up to 280 days on average.

Setting Guardrails for AI Agents and Copilots

The rapid adoption of AI agents and copilots in enterprise environments has revolutionized how businesses operate, boosting productivity and innovation. We continue to see more and more innovation in this space, between Microsoft Copilot continuing its dominance, and with Salesforce Agentforce recently announced, business users of all technical backgrounds can now even build their own AI agents that act on our behalf.

The Rise of Cross-Domain Attacks Demands a Unified Defense

Modern adversaries are quiet. No longer reliant on clunky malware to breach their targets, they have adopted more subtle and effective methods to infiltrate businesses, move laterally and access critical applications, steal data, impersonate users and more. They are also gaining speed: The average eCrime breakout time, now just 62 minutes, has fallen in recent years as adversaries accelerate from initial intrusion to lateral movement.

Enhancing Security in Low-Code Development: Tools and Techniques

Low-code development platforms have revolutionized the way organizations build and deploy applications by enabling rapid innovation and empowering citizen developers. However, this democratization of app creation brings new security challenges that traditional security approaches struggle to address. As businesses increasingly rely on low-code solutions, automating security becomes crucial to maintain an adequate defense against evolving threats.

Data Detection and Response (DDR): Stopping an Attack in its Tracks

In this episode of Into the Breach, host James Purvis dives into the cutting-edge world of Data Detection and Response (DDR) with data security expert Drew Russell. Together, they explore how DDR can halt cyberattacks in their tracks by combining autonomous asset inventory, user activity insights, and data classification for a comprehensive defense strategy.

IoT/OT Security: From Past Lessons to a Secure Future

As we embrace a connected world where machines have literal and figurative voices, we stand at the confluence of opportunity and responsibility. The IoT and OT landscape continues to evolve rapidly, bridging the physical and digital worlds. However, as Miguel Morales aptly highlighted during the Device Authority Virtual Summit 2024, the promise of IoT hinges on one critical factor: trust.

Quick guide to ISO 42001 and NIST AI RMF | TrustTalks - Ep 2

As businesses increasingly turn to artificial intelligence (AI) to enhance innovation and operational efficiency, the need for ethical and safe implementation becomes more crucial than ever. While AI offers immense potential, it also introduces risks related to privacy, bias, and security, prompting organizations to seek robust frameworks to manage these concerns. In response to this surge in AI adoption, national and international bodies have been developing guidelines to help companies navigate these challenges. These frameworks not only aim to mitigate potential risks but also ensure compliance with evolving regulations.

Why Protecting Third-Party APIs is Essential for Enterprise Security

In today’s rapidly interconnected digital environment, third-party APIs have become fundamental for enhancing functionality and enriching user experiences. However, as seen in recent incidents like the Kaiser data breach, these third-party integrations carry risks that, if unaddressed, can lead to significant security and privacy violations.

Protecting Against Bot-Enabled API Abuse

APIs have become the backbone of modern digital ecosystems, powering everything from mobile apps to e-commerce platforms. However, as APIs grow in importance, they also become prime targets for malicious actors. Increasingly, bots are being weaponized to exploit vulnerabilities, overwhelm systems, and siphon sensitive data—all without triggering alarms until it’s too late.