Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Your company has decided to adopt the Cloud. Or maybe it was among the first ones that decided to rely on virtualized environments before it was even a thing. In either case, cloud security has to be managed. How do you go about that?

Machine learning (ML) technology has the potential to generate tremendous value for businesses. It is already proving itself in the market and powering a growing number of tools across virtually every industry. In order to discuss the current capabilities of ML, we must first examine how it relates to artificial intelligence (AI). Then, we can explore where ML software is today, its real-world applications, and how it’s transforming business.

Last week, along with thousands of attendees from across the globe, Devo descended on San Francisco for the annual RSA Conference. Like you, we’re still recovering, but after reflecting on the conversations and sessions, we think it could be the best RSA Conference yet.

The modern workforce looks a lot different than it did even a decade ago. If employees actually go to a physical office, their workplaces are often defined by open concepts, collaboration and frequent communication. None of this is by accident. Studies consistently show that happy employees are more productive employees, and autonomy and access are two factors that can make employees happy.

In October 2018, FICO (a consumer credit scoring specialist) began scoring the cybersecurity of companies based upon a scan of internet facing vulnerabilities. FICO grades companies using the same scoring that is familiar with consumer credit. These metrics are then used to compare security risks against competitors. This announcement has the potential to be a sea change event in cybersecurity.

In the previous steps, analysts have gathered enough data to answer their hypothesis. Two types of situations can occur. Either the real threat is found or the vulnerability is detected. In both cases, analysts action is necessary. The analysts must respond immediately when a real threat is identified. However, if there is any vulnerability, they should also resolve this before it becomes a really big nightmare.

Server architecture can differ in a lot of ways, but the three main categories would be on-prem, cloud and serverless. Some believe that cloud and serverless can be used interchangeably, which is not the case. To help clear up some confusion, this blog post will explain each of them and how it affects the security work.

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

In the new cloud-native world, ephemeral services like containers make security a challenging task. As enterprises start adopting containers in production, they suffer from a great deal of variance in the software, configuration, and other static artifacts that exist across their organization’s container image set.