Cloud 101CircleEventsBlog

All Articles

All Articles
5 Security Risks of Collaboration Tools

Blog Published: 12/20/2023

Originally published by Abnormal Security. Written by Mick Britton. Today’s business tech ecosystems are rapidly evolving. Many employees take advantage of remote work, SaaS environments continue to expand, and collaboration tools increase in popularity. Common examples of these tools include Sla...

The Difference Between Securing Custom-Developed vs. Commercial Off-the-Shelf Software

Blog Published: 12/20/2023

Originally published by CrowdStrike. Modern applications are designed to process, use and store vast amounts of sensitive data. As adversaries seek to infiltrate these applications, IT and security teams must ensure the software they use has the strongest possible security. The first step to impl...

What Controls are Required for SOC 2 Reports?

Blog Published: 12/19/2023

Originally published by MJD.Written by Mike DeKock, CPA, Founder & CEO, MJD.Q: What controls are required for SOC 2®?A: MJD AnswerThere is nuance to this question, and other well-meaning and very smart people that I respect might give a different answer. But within the volumes of literature...

Identifying SaaS App Risks

Blog Published: 12/19/2023

Originally published by Suridata. Written by Haviv Ohayon. SaaS vendors tend not to enforce strong security settings by default. Rather, they leave the details up to the client’s discretion. They do this mostly to reduce their responsibility for security. They also want to make their services les...

When a Breach Isn't All Bad: Making the Most of Adverse Cyber Circumstances

Blog Published: 12/19/2023

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler.Would you do business with a company that’s recently been in the headlines for a data breach? I would. Let me tell you why.High-profile incidents are one of the most surefire ways to get companies to tak...

What’s Logs Got to Do With It?

Blog Published: 12/18/2023

Leveraging the cross-cutting capability of visibility and analytics for Zero Trust implementationWritten by Shruti Kulkarni, Cyber Security Architect at 6point6. Visibility and analytics is a cross-cutting capability for Zero Trust. In simple terms, visibility is achieved based on logging and mon...

Behind the Curtain with a CCZT Developer: Director Zenith Law

Blog Published: 12/18/2023

The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the cer...

eBPF Offensive Capabilities – Get Ready for Next-Gen Malware

Blog Published: 12/18/2023

Originally published by Sysdig. Written by Daniele Linguaglossa. It’s not a mystery that eBPF (Extended Berkeley Packet Filter) is a powerful technology, and given its nature, it can be used for good and bad purposes. In this article, we will explore some of the offensive capabilities that eBPF...

Unraveling CVE-2023-46214: A Deep Dive into Splunk RCE Vulnerability

Blog Published: 12/15/2023

Originally published by Uptycs. Written by Siddartha Malladi. Cybersecurity experts have uncovered a critical Remote Code Execution (RCE) vulnerability in Splunk, the data analytics platform that forms the backbone of many corporate IT infrastructures. Identified as CVE-2023-46214, this flaw coul...

Comments on Draft NIST Special Publication 800-92r1 “Cybersecurity Log Management Planning Guide”

Blog Published: 12/15/2023

Originally published by Gigamon. Written by Orlie Yaniv, Ian Farquhar, and Josh Perry. Editor’s note: the mechanisms by which organizations derive observability and visibility generally fall under the title of telemetry, and the most prevalent form of telemetry is logging. As we see increased thr...

AI: Both a Help and a Hindrance for the Public Sector

Blog Published: 12/15/2023

Originally published by Synack on October 27, 2023. Written by Luke Luckett. Last week, we hosted the Synack Security Symposium in Washington, D.C. In an open forum, Wade Lance, Synack’s Global Field CISO, facilitated a lively discussion on cybersecurity in the age of AI. Several themes c...

An Update on EU Cybersecurity: NIS2, EU Cybersecurity Schemes, and the Cyber Resilience Act

Blog Published: 12/14/2023

Originally published by Schellman.The European Union (EU) has made significant strides lately in shaping cybersecurity regulation—new developments include those related to the NIS2 Directive, the EU Cybersecurity Act, the EU Cloud Services Cybersecurity Scheme (EUCS), and the EU Cyber Resilience ...

How to Integrate CSA STAR Level 2 Into Your Compliance Strategy

Blog Published: 12/14/2023

Originally published by BARR Advisory. Written by Kyle Cohlmia. According to the Cloud Security Alliance (CSA), the Security, Trust, Assurance, and Risk (STAR) program encompasses “key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Mat...

IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations

Blog Published: 12/14/2023

Originally published by CrowdStrike.CrowdStrike Counter Adversary Operations has been investigating a series of cyberattacks and strategic web compromise (SWC) operations targeting organizations in the transportation, logistics and technology sectors that occurred in October 2023. Based on a deta...

Resilient Container Security: Why You Need a Preventive Approach

Blog Published: 12/13/2023

Written by Christina DePinto, Product Marketing Manager, Tenable Cloud Security. As organizations move to the cloud, container adoption is skyrocketing. A recent study conducted by Forrester Consulting on behalf of Tenable surveyed 825 IT and cybersecurity pros worldwide1 and found that 32% of o...

The Perils and Protections of Privileged Accounts

Blog Published: 12/13/2023

Written by Alex Vakulov. Privileged users are the Achilles heel of any company. There are specialized IT systems on the market for managing privileged access - PAM (Privileged Access Management). Nowadays, PAM is no longer just about account management; it is a cybersecurity strategy for regulati...

AI at Work: Three Steps to Prepare and Protect Your Business

Blog Published: 12/12/2023

Originally published by Forbes.Written by Yaki Faitelson, Co-Founder and CEO of Varonis. In terms of hype, nothing is hotter than AI right now; blockchain has some weak links, the metaverse isn't singing in this part of the multiverse, and even big data seems small. As the CEO of a leading cybers...

Why Your Public Partners Care About Your Cybersecurity Approach

Blog Published: 12/12/2023

Originally published by CXO REvolutionaries. Written by Kavitha Mariappan, EVP, Customer Experience and Transformation, Zscaler. While the connection between cybersecurity, environmental, social, and governance (ESG) issues, and private companies may not be immediately obvious, they influence one...

Artificial Intelligence Leaders Partner with Cloud Security Alliance to Launch the AI Safety Initiative

Press Release Published: 12/12/2023

Program for responsible, safe and forward-looking research, best practices, education, professional credentialing and organizational certification for generative AI is underwaySEATTLE – Dec. 12, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining stand...

Embed Security from Code to Cloud with Unified CNAPPs

Blog Published: 12/12/2023

Originally published by CSO Online. Written by Giulio Astori, Principal Program Manager, Microsoft Security. A decade ago, most companies relied on individual point solutions to secure specific aspects of their cloud environment. They might have one solution for vulnerability management, another ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.